ec21bc5f665662e4492b99aaae389f5a132619ef73631118b6e2d3a3a231e275

Resubmissions

29/01/2025, 20:35 UTC

250129-zc5awaxngm 4

06/11/2024, 03:37 UTC

241106-d6jqdatjhv 10

Analysis

max time kernel
233s
max time network
349s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/11/2024, 03:37 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dyv.png
Size

1.8MB
MD5

11b7bbb67f673539b5a2c0f2962e3a80
SHA1

7049f78608ddf8fcfedbf24724bcaf92794866f3
SHA256

ec21bc5f665662e4492b99aaae389f5a132619ef73631118b6e2d3a3a231e275
SHA512

c21d38a50fd8e4bec8027c6bd103d81b354afd2c1e1fdc581d016a40eaf9ffa879d50a39361dd36a8bf0197685161173b154c7902e8e861bb835bbbd79ba0b87
SSDEEP

49152:oJkPBnd7Ez7fqZxqjbfb66iezYy/0eSOYseXW58n5:oJEEz7QxqjbOnezYy/ZVYXW58n5

Score

8^/10

bootkit discovery motw persistence phishing spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Control Panel\International\Geo\Nation	avg_secure_browser_setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Control Panel\International\Geo\Nation	aj915A.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Control Panel\International\Geo\Nation	avg_secure_browser_setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Control Panel\International\Geo\Nation	ajE3FC.exe

Executes dropped EXE 4 IoCs

pid	Process
3920	avg_secure_browser_setup.exe
4708	aj915A.exe
4632	avg_secure_browser_setup.exe
3440	ajE3FC.exe

Loads dropped DLL 28 IoCs

pid	Process
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
4708	aj915A.exe
4708	aj915A.exe
4708	aj915A.exe
4708	aj915A.exe
4708	aj915A.exe
4708	aj915A.exe
4708	aj915A.exe
4632	avg_secure_browser_setup.exe
4632	avg_secure_browser_setup.exe
4632	avg_secure_browser_setup.exe
4632	avg_secure_browser_setup.exe
4632	avg_secure_browser_setup.exe
4632	avg_secure_browser_setup.exe
4632	avg_secure_browser_setup.exe
3440	ajE3FC.exe
3440	ajE3FC.exe
3440	ajE3FC.exe
3440	ajE3FC.exe
3440	ajE3FC.exe
3440	ajE3FC.exe
3440	ajE3FC.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Checks for any installed AV software in registry 1 TTPs 8 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\SOFTWARE\AVAST Software\Avast	avg_secure_browser_setup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast	ajE3FC.exe
Key opened	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\SOFTWARE\AVAST Software\Avast	ajE3FC.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast	avg_secure_browser_setup.exe
Key opened	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\SOFTWARE\AVAST Software\Avast	avg_secure_browser_setup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast	aj915A.exe
Key opened	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\SOFTWARE\AVAST Software\Avast	aj915A.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast	avg_secure_browser_setup.exe

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
306	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	aj915A.exe
File opened for modification	\??\PhysicalDrive0	ajE3FC.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	avg_secure_browser_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aj915A.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	avg_secure_browser_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ajE3FC.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2760	chrome.exe
2760	chrome.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe
3920	avg_secure_browser_setup.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2684	rundll32.exe
2684	rundll32.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3920	avg_secure_browser_setup.exe
4632	avg_secure_browser_setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 2248	2760	chrome.exe	32
PID 2760 wrote to memory of 2248	2760	chrome.exe	32
PID 2760 wrote to memory of 2248	2760	chrome.exe	32
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1020	2760	chrome.exe	34
PID 2760 wrote to memory of 1952	2760	chrome.exe	35
PID 2760 wrote to memory of 1952	2760	chrome.exe	35
PID 2760 wrote to memory of 1952	2760	chrome.exe	35
PID 2760 wrote to memory of 2036	2760	chrome.exe	36
PID 2760 wrote to memory of 2036	2760	chrome.exe	36
PID 2760 wrote to memory of 2036	2760	chrome.exe	36
PID 2760 wrote to memory of 2036	2760	chrome.exe	36
PID 2760 wrote to memory of 2036	2760	chrome.exe	36
PID 2760 wrote to memory of 2036	2760	chrome.exe	36
PID 2760 wrote to memory of 2036	2760	chrome.exe	36
PID 2760 wrote to memory of 2036	2760	chrome.exe	36
PID 2760 wrote to memory of 2036	2760	chrome.exe	36
PID 2760 wrote to memory of 2036	2760	chrome.exe	36
PID 2760 wrote to memory of 2036	2760	chrome.exe	36
PID 2760 wrote to memory of 2036	2760	chrome.exe	36
PID 2760 wrote to memory of 2036	2760	chrome.exe	36
PID 2760 wrote to memory of 2036	2760	chrome.exe	36
PID 2760 wrote to memory of 2036	2760	chrome.exe	36
PID 2760 wrote to memory of 2036	2760	chrome.exe	36
PID 2760 wrote to memory of 2036	2760	chrome.exe	36
PID 2760 wrote to memory of 2036	2760	chrome.exe	36
PID 2760 wrote to memory of 2036	2760	chrome.exe	36

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\dyv.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:2684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef76a9758,0x7fef76a9768,0x7fef76a9778
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:2
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1580 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1608 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2216 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1368 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:2
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2924 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3484 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3604 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3520 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3736 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3600 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1140 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:8
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2256 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2116 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2924 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2244 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2644 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4056 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4444 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4284 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4620 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4780 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4896 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5076 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5028 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5488 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5276 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4976 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5748 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5764 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5780 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6396 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6460 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6296 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6520 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6064 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7040 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7044 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7064 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7128 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7812 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7972 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7308 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7680 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5420 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7040 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7312 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7296 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7256 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=6952 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=8144 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=6404 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=6116 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=5440 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=3980 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=6652 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=5000 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=6712 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=5984 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=6832 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=6908 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=7136 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=6620 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=5692 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=4476 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=4460 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=4652 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=2668 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=6228 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=4996 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=4672 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=7240 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=7408 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=6368 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=6712 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=4108 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=5268 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=6844 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=7700 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=804 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3940
- C:\Users\Admin\Downloads\avg_secure_browser_setup.exe
  "C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks for any installed AV software in registry
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3920
- - C:\Users\Admin\AppData\Local\Temp\aj915A.exe
    "C:\Users\Admin\AppData\Local\Temp\aj915A.exe" /relaunch=8 /was_elevated=1 /tagdata
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks for any installed AV software in registry
    - Writes to the Master Boot Record (MBR)
    - System Location Discovery: System Language Discovery
    PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=5272 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=6492 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6648 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:8
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=4352 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=7720 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=5760 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=2656 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=7776 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=5632 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4576 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:8
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7920 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7896 --field-trial-handle=1220,i,7129326583585405433,14244002171006452787,131072 /prefetch:8
  2⤵
  PID:4028

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2284

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2560

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x5b0
1⤵
PID:2860

C:\Users\Admin\Downloads\avg_secure_browser_setup.exe
"C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4632
- C:\Users\Admin\AppData\Local\Temp\ajE3FC.exe
  "C:\Users\Admin\AppData\Local\Temp\ajE3FC.exe" /relaunch=8 /was_elevated=1 /tagdata
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks for any installed AV software in registry
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  PID:3440

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:3164

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" pnidui.dll,NwCategoryWiz {53015660-b044-4b07-bcdc-b159a29e69c3} 0
1⤵
PID:3288

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:3124

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" pnidui.dll,NwCategoryWiz {53015660-b044-4b07-bcdc-b159a29e69c3} 1
1⤵
PID:3396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef76a9758,0x7fef76a9768,0x7fef76a9778
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1256,i,12119462184477285008,13092244391657171155,131072 /prefetch:2
  2⤵
  PID:620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1576 --field-trial-handle=1256,i,12119462184477285008,13092244391657171155,131072 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1660 --field-trial-handle=1256,i,12119462184477285008,13092244391657171155,131072 /prefetch:8
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2116 --field-trial-handle=1256,i,12119462184477285008,13092244391657171155,131072 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2196 --field-trial-handle=1256,i,12119462184477285008,13092244391657171155,131072 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1336 --field-trial-handle=1256,i,12119462184477285008,13092244391657171155,131072 /prefetch:2
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1460 --field-trial-handle=1256,i,12119462184477285008,13092244391657171155,131072 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3472 --field-trial-handle=1256,i,12119462184477285008,13092244391657171155,131072 /prefetch:8
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3600 --field-trial-handle=1256,i,12119462184477285008,13092244391657171155,131072 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3724 --field-trial-handle=1256,i,12119462184477285008,13092244391657171155,131072 /prefetch:1
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3940 --field-trial-handle=1256,i,12119462184477285008,13092244391657171155,131072 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4180 --field-trial-handle=1256,i,12119462184477285008,13092244391657171155,131072 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=1256,i,12119462184477285008,13092244391657171155,131072 /prefetch:8
  2⤵
  PID:3020

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3948

C:\Users\Admin\Downloads\Mandela_Invasion_v1.4.2\Mandela Invasion v1.4.2\Mandela Invasion.exe
"C:\Users\Admin\Downloads\Mandela_Invasion_v1.4.2\Mandela Invasion v1.4.2\Mandela Invasion.exe"
1⤵
PID:3868
- C:\Users\Admin\Downloads\Mandela_Invasion_v1.4.2\Mandela Invasion v1.4.2\UnityCrashHandler32.exe
  "C:\Users\Admin\Downloads\Mandela_Invasion_v1.4.2\Mandela Invasion v1.4.2\UnityCrashHandler32.exe" --attach 3868 1380352
  2⤵
  PID:4132

Network

DNS

www.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

216.58.201.100
GET

https://www.google.com/async/ddljson?async=ntp:2

chrome.exe

Remote address:

216.58.201.100:443

Request

GET /async/ddljson?async=ntp:2 HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_promos

chrome.exe

Remote address:

216.58.201.100:443

Request

GET /async/newtab_promos HTTP/2.0
host: www.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

chrome.exe

Remote address:

216.58.201.100:443

Request

GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/2.0
host: www.google.com
x-client-data: CJKMywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

ogads-pa.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ogads-pa.googleapis.com

IN A

Response

ogads-pa.googleapis.com

IN A

142.250.178.10

ogads-pa.googleapis.com

IN A

142.250.187.234

ogads-pa.googleapis.com

IN A

142.250.180.10

ogads-pa.googleapis.com

IN A

172.217.169.10

ogads-pa.googleapis.com

IN A

216.58.212.202

ogads-pa.googleapis.com

IN A

216.58.212.234

ogads-pa.googleapis.com

IN A

172.217.169.42

ogads-pa.googleapis.com

IN A

142.250.200.42

ogads-pa.googleapis.com

IN A

142.250.187.202

ogads-pa.googleapis.com

IN A

142.250.179.234

ogads-pa.googleapis.com

IN A

216.58.204.74

ogads-pa.googleapis.com

IN A

142.250.200.10

ogads-pa.googleapis.com

IN A

172.217.169.74

ogads-pa.googleapis.com

IN A

216.58.213.10

ogads-pa.googleapis.com

IN A

172.217.16.234

ogads-pa.googleapis.com

IN A

216.58.201.106
DNS

apis.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

216.58.201.110
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0

chrome.exe

Remote address:

216.58.201.110:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0 HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

play.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

172.217.16.238
POST

https://play.google.com/log?format=json&hasfast=true

chrome.exe

Remote address:

172.217.16.238:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
content-length: 1417
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: application/x-www-form-urlencoded;charset=UTF-8
accept: */*
origin: chrome-untrusted://new-tab-page
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://consent.google.com/save?continue=https://www.google.com/search?q%3Dmandela%2Bvirus%2Bdownload%2Bfree%26oq%3Dmandela%2Bvirus%2Bdownload%2Bfree%2B%26aqs%3Dchrome..69i57.7211j0j15%26sourceid%3Dchrome%26ie%3DUTF-8&gl=UK&m=0&pc=srp&x=5&src=2&hl=en&bl=gws_20241029-0_RC2&uxe=none&cm=2&set_eom=true

chrome.exe

Remote address:

172.217.16.238:443

Request

POST /save?continue=https://www.google.com/search?q%3Dmandela%2Bvirus%2Bdownload%2Bfree%26oq%3Dmandela%2Bvirus%2Bdownload%2Bfree%2B%26aqs%3Dchrome..69i57.7211j0j15%26sourceid%3Dchrome%26ie%3DUTF-8&gl=UK&m=0&pc=srp&x=5&src=2&hl=en&bl=gws_20241029-0_RC2&uxe=none&cm=2&set_eom=true HTTP/2.0
host: consent.google.com
content-length: 0
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.google.com
x-client-data: CJKMywE=
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: AEC=AVYB7cplzdJ7DsEO67ZY4dTqupmIWFKAb527KBClkiZxaIoY8F6uKMWLLg
cookie: __Secure-ENID=23.SE=M7af6sPh8oBlSOznH5pcHStjRIDw4LEY_o23NuH_C0Jecqnc_f2Dh8WpPzdzOGoxkOscaHGOiQ9dJGUoHadLJa85hzQ4DbhCrnFy9UhLIYFIeT4vVEawt_lMMJ8hNuUuN4qqvFjzUAkOnAZueFo9wlhurfNT0bIJlKik2wPCFTm-OC_M8sBBWqDo8t9LS0Cev7JKgqcskc_lSuDM
cookie: SOCS=CAESHAgCEhJnd3NfMjAyNDEwMjktMF9SQzIaAmVuIAEaBgiA46q5Bg
DNS

consent.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

consent.google.com

IN A

Response

consent.google.com

IN A

172.217.16.238
DNS

archive.org

chrome.exe

Remote address:

8.8.8.8:53

Request

archive.org

IN A

Response

archive.org

IN A

207.241.224.2
GET

https://archive.org/details/mandela-1.0.0-alpha

chrome.exe

Remote address:

207.241.224.2:443

Request

GET /details/mandela-1.0.0-alpha HTTP/2.0
host: archive.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:38:53 GMT
content-type: text/html; charset=UTF-8
set-cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6; expires=Thu, 06-Nov-2025 03:38:53 GMT; Max-Age=31536000; path=/; domain=.archive.org
set-cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093; expires=Thu, 06-Nov-2025 03:38:53 GMT; Max-Age=31536000; path=/; domain=.archive.org
set-cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt; path=/; domain=.archive.org
strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
content-encoding: gzip
GET

https://archive.org/includes/athena.js?v=ce75ede4

chrome.exe

Remote address:

207.241.224.2:443

Request

GET /includes/athena.js?v=ce75ede4 HTTP/2.0
host: archive.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://archive.org/details/mandela-1.0.0-alpha
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6
cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093
cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:38:53 GMT
content-type: application/x-javascript
last-modified: Fri, 18 Oct 2024 23:28:16 GMT
etag: W/"6712ef10-3b17"
strict-transport-security: max-age=15724800
expires: Wed, 06 Nov 2024 09:38:53 GMT
cache-control: max-age=21600
referrer-policy: no-referrer-when-downgrade
content-encoding: gzip
GET

https://archive.org/components/npm/lit/polyfill-support.js?v=ce75ede4

chrome.exe

Remote address:

207.241.224.2:443

Request

GET /components/npm/lit/polyfill-support.js?v=ce75ede4 HTTP/2.0
host: archive.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://archive.org/details/mandela-1.0.0-alpha
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6
cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093
cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:38:53 GMT
content-type: application/x-javascript
last-modified: Fri, 18 Oct 2024 23:28:14 GMT
etag: W/"6712ef0e-edd"
strict-transport-security: max-age=15724800
expires: Wed, 06 Nov 2024 09:38:53 GMT
cache-control: max-age=21600
access-control-allow-origin: *
content-encoding: gzip
GET

https://archive.org/components/npm/@webcomponents/webcomponentsjs/webcomponents-bundle.js?v=ce75ede4

chrome.exe

Remote address:

207.241.224.2:443

Request

GET /components/npm/@webcomponents/webcomponentsjs/webcomponents-bundle.js?v=ce75ede4 HTTP/2.0
host: archive.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://archive.org/details/mandela-1.0.0-alpha
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6
cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093
cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:38:53 GMT
content-type: application/x-javascript
last-modified: Fri, 18 Oct 2024 23:28:14 GMT
etag: W/"6712ef0e-1c67c"
strict-transport-security: max-age=15724800
expires: Wed, 06 Nov 2024 09:38:53 GMT
cache-control: max-age=21600
access-control-allow-origin: *
content-encoding: gzip
GET

https://archive.org/includes/build/js/ia-topnav.min.js?v=ce75ede4

chrome.exe

Remote address:

207.241.224.2:443

Request

GET /includes/build/js/ia-topnav.min.js?v=ce75ede4 HTTP/2.0
host: archive.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://archive.org/details/mandela-1.0.0-alpha
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6
cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093
cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:38:53 GMT
content-type: application/x-javascript
last-modified: Tue, 05 Nov 2024 23:14:15 GMT
etag: W/"672aa6c7-95fb"
strict-transport-security: max-age=15724800
expires: Wed, 06 Nov 2024 09:38:53 GMT
cache-control: max-age=21600
referrer-policy: no-referrer-when-downgrade
content-encoding: gzip
GET

https://archive.org/includes/build/css/archive.min.css?v=ce75ede4

chrome.exe

Remote address:

207.241.224.2:443

Request

GET /includes/build/css/archive.min.css?v=ce75ede4 HTTP/2.0
host: archive.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://archive.org/details/mandela-1.0.0-alpha
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6
cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093
cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:38:53 GMT
content-type: text/css
last-modified: Tue, 05 Nov 2024 23:14:23 GMT
etag: W/"672aa6cf-4d3f6"
strict-transport-security: max-age=15724800
expires: Wed, 06 Nov 2024 09:38:53 GMT
cache-control: max-age=21600
referrer-policy: no-referrer-when-downgrade
content-encoding: gzip
GET

https://archive.org/includes/build/js/details-carousel.min.js?v=ce75ede4

chrome.exe

Remote address:

207.241.224.2:443

Request

GET /includes/build/js/details-carousel.min.js?v=ce75ede4 HTTP/2.0
host: archive.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://archive.org/details/mandela-1.0.0-alpha
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6
cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093
cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:38:53 GMT
content-type: application/x-javascript
last-modified: Tue, 05 Nov 2024 23:14:17 GMT
etag: W/"672aa6c9-100eea"
strict-transport-security: max-age=15724800
expires: Wed, 06 Nov 2024 09:38:53 GMT
cache-control: max-age=21600
referrer-policy: no-referrer-when-downgrade
content-encoding: gzip
GET

https://archive.org/services/img/itch-io-backups

chrome.exe

Remote address:

207.241.224.2:443

Request

GET /services/img/itch-io-backups HTTP/2.0
host: archive.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://archive.org/details/mandela-1.0.0-alpha
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6
cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093
cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:38:56 GMT
content-type: application/octet-stream
content-length: 27960
last-modified: Fri, 18 Oct 2024 23:28:16 GMT
etag: "6712ef10-6d38"
strict-transport-security: max-age=15724800
expires: Wed, 06 Nov 2024 09:38:56 GMT
cache-control: max-age=21600
access-control-allow-origin: *
accept-ranges: bytes
GET

https://archive.org/includes/fonts/Iconochive-Regular.woff?-ccsheb

chrome.exe

Remote address:

207.241.224.2:443

Request

GET /includes/fonts/Iconochive-Regular.woff?-ccsheb HTTP/2.0
host: archive.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://archive.org
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://archive.org/includes/build/css/archive.min.css?v=ce75ede4
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6
cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093
cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:38:56 GMT
content-type: image/jpeg; charset=UTF-8
content-length: 10883
cache-control: max-age=300
expires: Wed, 06 Nov 2024 03:43:56 GMT
last-modified: Mon, 29 May 2023 18:44:33 GMT
etag: "6474f291-2a83"
strict-transport-security: max-age=15724800
expires: Wed, 06 Nov 2024 03:43:56 GMT
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
GET

https://archive.org/services/img/itchiocollection

chrome.exe

Remote address:

207.241.224.2:443

Request

GET /services/img/itchiocollection HTTP/2.0
host: archive.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://archive.org/details/mandela-1.0.0-alpha
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6
cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093
cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:38:56 GMT
content-type: image/jpeg; charset=UTF-8
content-length: 201
cache-control: max-age=300
expires: Wed, 06 Nov 2024 03:43:56 GMT
last-modified: Fri, 19 Apr 2024 03:15:57 GMT
etag: "6621e1ed-c9"
strict-transport-security: max-age=15724800
expires: Wed, 06 Nov 2024 03:43:56 GMT
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
GET

https://archive.org/images/glogo.jpg

chrome.exe

Remote address:

207.241.224.2:443

Request

GET /images/glogo.jpg HTTP/2.0
host: archive.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://archive.org/details/mandela-1.0.0-alpha
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6
cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093
cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:38:56 GMT
content-type: image/jpeg
content-length: 3213
last-modified: Fri, 18 Oct 2024 23:28:16 GMT
etag: "6712ef10-c8d"
strict-transport-security: max-age=15724800
expires: Wed, 06 Nov 2024 09:38:56 GMT
cache-control: max-age=21600
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
GET

https://archive.org/download/mandela-1.0.0-alpha

chrome.exe

Remote address:

207.241.224.2:443

Request

GET /download/mandela-1.0.0-alpha HTTP/2.0
host: archive.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://archive.org/details/mandela-1.0.0-alpha
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6
cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093
cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:39:04 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
content-encoding: gzip
GET

https://archive.org/includes/build/js/archive.min.js?v=ce75ede4

chrome.exe

Remote address:

207.241.224.2:443

Request

GET /includes/build/js/archive.min.js?v=ce75ede4 HTTP/2.0
host: archive.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://archive.org/download/mandela-1.0.0-alpha
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6
cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093
cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:39:04 GMT
content-type: application/x-javascript
last-modified: Tue, 05 Nov 2024 23:14:16 GMT
etag: W/"672aa6c8-b8178"
strict-transport-security: max-age=15724800
expires: Wed, 06 Nov 2024 09:39:04 GMT
cache-control: max-age=21600
referrer-policy: no-referrer-when-downgrade
content-encoding: gzip
GET

https://archive.org/download/mandela-1.0.0-alpha/mandela/

chrome.exe

Remote address:

207.241.224.2:443

Request

GET /download/mandela-1.0.0-alpha/mandela/ HTTP/2.0
host: archive.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://archive.org/download/mandela-1.0.0-alpha
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6
cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093
cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:39:10 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15724800
referrer-policy: no-referrer-when-downgrade
content-encoding: gzip
DNS

athena.archive.org

chrome.exe

Remote address:

8.8.8.8:53

Request

athena.archive.org

IN A

Response

athena.archive.org

IN CNAME

analytics.archive.org

analytics.archive.org

IN CNAME

analytics2.us.archive.org

analytics2.us.archive.org

IN A

207.241.225.195
GET

https://athena.archive.org/0.gif?kind=track_js&track_js_case=control&cache_bust=2134802236

chrome.exe

Remote address:

207.241.225.195:443

Request

GET /0.gif?kind=track_js&track_js_case=control&cache_bust=2134802236 HTTP/2.0
host: athena.archive.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://archive.org/details/mandela-1.0.0-alpha
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6
cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093
cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:38:55 GMT
content-type: image/gif
content-length: 35
last-modified: Wed, 31 May 2023 20:54:53 GMT
etag: "6477b41d-23"
strict-transport-security: max-age=15724800
expires: Wed, 06 Nov 2024 09:38:55 GMT
cache-control: max-age=21600
accept-ranges: bytes
GET

https://athena.archive.org/0.gif?cache_bust=0.7632288259489204&kind=track_js&track_js_case=in_page_executes&service=ao_2&version=2&count=6

chrome.exe

Remote address:

207.241.225.195:443

Request

GET /0.gif?cache_bust=0.7632288259489204&kind=track_js&track_js_case=in_page_executes&service=ao_2&version=2&count=6 HTTP/2.0
host: athena.archive.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://archive.org/details/mandela-1.0.0-alpha
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6
cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093
cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:38:56 GMT
content-type: image/gif
content-length: 35
last-modified: Wed, 31 May 2023 20:54:53 GMT
etag: "6477b41d-23"
strict-transport-security: max-age=15724800
expires: Wed, 06 Nov 2024 09:38:56 GMT
cache-control: max-age=21600
accept-ranges: bytes
GET

https://athena.archive.org/0.gif?cache_bust=0.706157981798603&kind=track_js&track_js_case=external_executes&service=ao_2&version=2&count=6

chrome.exe

Remote address:

207.241.225.195:443

Request

GET /0.gif?cache_bust=0.706157981798603&kind=track_js&track_js_case=external_executes&service=ao_2&version=2&count=6 HTTP/2.0
host: athena.archive.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://archive.org/details/mandela-1.0.0-alpha
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6
cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093
cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:38:56 GMT
content-type: image/gif
content-length: 35
last-modified: Wed, 31 May 2023 20:54:53 GMT
etag: "6477b41d-23"
strict-transport-security: max-age=15724800
expires: Wed, 06 Nov 2024 09:38:56 GMT
cache-control: max-age=21600
accept-ranges: bytes
POST

https://athena.archive.org/0.gif?cache_bust=0.03694759618374355&server_ms=161&server_name=www14.us.archive.org&kind=pageview&timediff=0&locale=en-US&referrer=https%3A%2F%2Fwww.google.com%2F&loadtime=2971&nav_to_done_ms=3780&iaprop_fontSize=16px&iaprop_devicePixelRatio=1&iaprop_mediaType=software&iaprop_primaryCollection=itch-io-backups&service=ao_2&version=2&count=16

chrome.exe

Remote address:

207.241.225.195:443

Request

POST /0.gif?cache_bust=0.03694759618374355&server_ms=161&server_name=www14.us.archive.org&kind=pageview&timediff=0&locale=en-US&referrer=https%3A%2F%2Fwww.google.com%2F&loadtime=2971&nav_to_done_ms=3780&iaprop_fontSize=16px&iaprop_devicePixelRatio=1&iaprop_mediaType=software&iaprop_primaryCollection=itch-io-backups&service=ao_2&version=2&count=16 HTTP/2.0
host: athena.archive.org
content-length: 0
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://archive.org
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://archive.org/details/mandela-1.0.0-alpha
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6
cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093
cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:38:56 GMT
content-type: image/gif
content-length: 35
last-modified: Wed, 31 May 2023 20:54:53 GMT
etag: "6477b41d-23"
strict-transport-security: max-age=15724800
expires: Wed, 06 Nov 2024 09:38:56 GMT
cache-control: max-age=21600
accept-ranges: bytes
GET

https://athena.archive.org/0.gif?kind=track_js&track_js_case=control&cache_bust=125704818

chrome.exe

Remote address:

207.241.225.195:443

Request

GET /0.gif?kind=track_js&track_js_case=control&cache_bust=125704818 HTTP/2.0
host: athena.archive.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://archive.org/download/mandela-1.0.0-alpha
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6
cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093
cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:39:04 GMT
content-type: image/gif
content-length: 35
last-modified: Wed, 31 May 2023 20:54:53 GMT
etag: "6477b41d-23"
strict-transport-security: max-age=15724800
expires: Wed, 06 Nov 2024 09:39:04 GMT
cache-control: max-age=21600
accept-ranges: bytes
GET

https://athena.archive.org/0.gif?cache_bust=0.08739403171123494&kind=track_js&track_js_case=in_page_executes&service=ao_2&version=2&count=6

chrome.exe

Remote address:

207.241.225.195:443

Request

GET /0.gif?cache_bust=0.08739403171123494&kind=track_js&track_js_case=in_page_executes&service=ao_2&version=2&count=6 HTTP/2.0
host: athena.archive.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://archive.org/download/mandela-1.0.0-alpha
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6
cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093
cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:39:05 GMT
content-type: image/gif
content-length: 35
last-modified: Wed, 31 May 2023 20:54:53 GMT
etag: "6477b41d-23"
strict-transport-security: max-age=15724800
expires: Wed, 06 Nov 2024 09:39:05 GMT
cache-control: max-age=21600
accept-ranges: bytes
GET

https://athena.archive.org/0.gif?cache_bust=0.5309890222637119&kind=track_js&track_js_case=external_executes&service=ao_2&version=2&count=6

chrome.exe

Remote address:

207.241.225.195:443

Request

GET /0.gif?cache_bust=0.5309890222637119&kind=track_js&track_js_case=external_executes&service=ao_2&version=2&count=6 HTTP/2.0
host: athena.archive.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://archive.org/download/mandela-1.0.0-alpha
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6
cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093
cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:39:05 GMT
content-type: image/gif
content-length: 35
last-modified: Wed, 31 May 2023 20:54:53 GMT
etag: "6477b41d-23"
strict-transport-security: max-age=15724800
expires: Wed, 06 Nov 2024 09:39:05 GMT
cache-control: max-age=21600
accept-ranges: bytes
POST

https://athena.archive.org/0.gif?cache_bust=0.32479271981077296&server_ms=100&server_name=www14.us.archive.org&kind=pageview&timediff=0&locale=en-US&referrer=https%3A%2F%2Farchive.org%2Fdetails%2Fmandela-1.0.0-alpha&loadtime=1292&nav_to_done_ms=1776&iaprop_fontSize=16px&iaprop_devicePixelRatio=1&iaprop_mediaType=software&service=ao_2&version=2&count=15

chrome.exe

Remote address:

207.241.225.195:443

Request

POST /0.gif?cache_bust=0.32479271981077296&server_ms=100&server_name=www14.us.archive.org&kind=pageview&timediff=0&locale=en-US&referrer=https%3A%2F%2Farchive.org%2Fdetails%2Fmandela-1.0.0-alpha&loadtime=1292&nav_to_done_ms=1776&iaprop_fontSize=16px&iaprop_devicePixelRatio=1&iaprop_mediaType=software&service=ao_2&version=2&count=15 HTTP/2.0
host: athena.archive.org
content-length: 0
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://archive.org
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://archive.org/download/mandela-1.0.0-alpha
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6
cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093
cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:39:05 GMT
content-type: image/gif
content-length: 35
last-modified: Wed, 31 May 2023 20:54:53 GMT
etag: "6477b41d-23"
strict-transport-security: max-age=15724800
expires: Wed, 06 Nov 2024 09:39:05 GMT
cache-control: max-age=21600
accept-ranges: bytes
GET

https://athena.archive.org/0.gif?kind=track_js&track_js_case=control&cache_bust=1115683924

chrome.exe

Remote address:

207.241.225.195:443

Request

GET /0.gif?kind=track_js&track_js_case=control&cache_bust=1115683924 HTTP/2.0
host: athena.archive.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://archive.org/download/mandela-1.0.0-alpha/mandela/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6
cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093
cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:39:10 GMT
content-type: image/gif
content-length: 35
last-modified: Wed, 31 May 2023 20:54:53 GMT
etag: "6477b41d-23"
strict-transport-security: max-age=15724800
expires: Wed, 06 Nov 2024 09:39:10 GMT
cache-control: max-age=21600
accept-ranges: bytes
GET

https://athena.archive.org/0.gif?cache_bust=0.40099354432092094&kind=track_js&track_js_case=in_page_executes&service=ao_2&version=2&count=6

chrome.exe

Remote address:

207.241.225.195:443

Request

GET /0.gif?cache_bust=0.40099354432092094&kind=track_js&track_js_case=in_page_executes&service=ao_2&version=2&count=6 HTTP/2.0
host: athena.archive.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://archive.org/download/mandela-1.0.0-alpha/mandela/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6
cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093
cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:39:10 GMT
content-type: image/gif
content-length: 35
last-modified: Wed, 31 May 2023 20:54:53 GMT
etag: "6477b41d-23"
strict-transport-security: max-age=15724800
expires: Wed, 06 Nov 2024 09:39:10 GMT
cache-control: max-age=21600
accept-ranges: bytes
GET

https://athena.archive.org/0.gif?cache_bust=0.49006518429814805&kind=track_js&track_js_case=external_executes&service=ao_2&version=2&count=6

chrome.exe

Remote address:

207.241.225.195:443

Request

GET /0.gif?cache_bust=0.49006518429814805&kind=track_js&track_js_case=external_executes&service=ao_2&version=2&count=6 HTTP/2.0
host: athena.archive.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://archive.org/download/mandela-1.0.0-alpha/mandela/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6
cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093
cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:39:10 GMT
content-type: image/gif
content-length: 35
last-modified: Wed, 31 May 2023 20:54:53 GMT
etag: "6477b41d-23"
strict-transport-security: max-age=15724800
expires: Wed, 06 Nov 2024 09:39:10 GMT
cache-control: max-age=21600
accept-ranges: bytes
POST

https://athena.archive.org/0.gif?cache_bust=0.6345067043030617&server_ms=123&server_name=www14.us.archive.org&kind=pageview&timediff=0&locale=en-US&referrer=https%3A%2F%2Farchive.org%2Fdownload%2Fmandela-1.0.0-alpha&loadtime=180&nav_to_done_ms=2778&iaprop_fontSize=16px&iaprop_devicePixelRatio=1&iaprop_mediaType=software&service=ao_2&version=2&count=15

chrome.exe

Remote address:

207.241.225.195:443

Request

POST /0.gif?cache_bust=0.6345067043030617&server_ms=123&server_name=www14.us.archive.org&kind=pageview&timediff=0&locale=en-US&referrer=https%3A%2F%2Farchive.org%2Fdownload%2Fmandela-1.0.0-alpha&loadtime=180&nav_to_done_ms=2778&iaprop_fontSize=16px&iaprop_devicePixelRatio=1&iaprop_mediaType=software&service=ao_2&version=2&count=15 HTTP/2.0
host: athena.archive.org
content-length: 0
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://archive.org
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://archive.org/download/mandela-1.0.0-alpha/mandela/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: donation-identifier=4acb657ebfe122ea18ac2c7c5f8cdfe6
cookie: abtest-identifier=c92c7c42c6d67c0c966f8a5f0cadb093
cookie: PHPSESSID=nrksptt6vrtqs9e71hiadvvflt

Response

HTTP/2.0 200

server: nginx/1.24.0
date: Wed, 06 Nov 2024 03:39:10 GMT
content-type: image/gif
content-length: 35
last-modified: Wed, 31 May 2023 20:54:53 GMT
etag: "6477b41d-23"
strict-transport-security: max-age=15724800
expires: Wed, 06 Nov 2024 09:39:10 GMT
cache-control: max-age=21600
accept-ranges: bytes
DNS

content-autofill.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

216.58.201.106

content-autofill.googleapis.com

IN A

172.217.169.74

content-autofill.googleapis.com

IN A

142.250.178.10

content-autofill.googleapis.com

IN A

142.250.179.234

content-autofill.googleapis.com

IN A

172.217.169.10

content-autofill.googleapis.com

IN A

142.250.187.202

content-autofill.googleapis.com

IN A

142.250.180.10

content-autofill.googleapis.com

IN A

142.250.187.234

content-autofill.googleapis.com

IN A

172.217.16.234

content-autofill.googleapis.com

IN A

216.58.212.234

content-autofill.googleapis.com

IN A

142.250.200.42

content-autofill.googleapis.com

IN A

172.217.169.42

content-autofill.googleapis.com

IN A

216.58.212.202

content-autofill.googleapis.com

IN A

142.250.200.10

content-autofill.googleapis.com

IN A

216.58.204.74
DNS

mandela-invasion.en.softonic.com

chrome.exe

Remote address:

8.8.8.8:53

Request

mandela-invasion.en.softonic.com

IN A

Response

mandela-invasion.en.softonic.com

IN CNAME

swls.map.fastly.net

swls.map.fastly.net

IN A

151.101.1.91

swls.map.fastly.net

IN A

151.101.193.91

swls.map.fastly.net

IN A

151.101.129.91

swls.map.fastly.net

IN A

151.101.65.91
GET

https://mandela-invasion.en.softonic.com/

chrome.exe

Remote address:

151.101.1.91:443

Request

GET / HTTP/2.0
host: mandela-invasion.en.softonic.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

referrer-policy: strict-origin-when-cross-origin
content-encoding: br
x-frame-options: sameorigin
permissions-policy: accelerometer=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=()
content-security-policy: upgrade-insecure-requests
x-request-id: 84891808
set-cookie: _usr_orgn=www.google.com; Domain=en.softonic.com; Path=/
set-cookie: _swo_pos=675; Max-Age=1296000; Expires=Thu, 21 Nov 2024 03:39:43 GMT; Secure; Domain=en.softonic.com; Path=/
x-page-id: app
x-detected-as: desktop
x-content-type-options: nosniff
x-rendered-as: desktop
content-type: text/html; charset=utf-8
x-xss-protection: 1
content-language: en-US
x-is-bot: false
x-version: 1.6394.0
cache-control: no-cache,no-store,max-age=0,must-revalidate
accept-ranges: bytes
date: Wed, 06 Nov 2024 03:39:43 GMT
vary: user-agent,accept-encoding, Accept-Encoding
strict-transport-security: max-age=300
access-control-expose-headers: x-country-code,x-region
x-country-code: GB
x-region: LND
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
DNS

sdk.privacy-center.org

chrome.exe

Remote address:

8.8.8.8:53

Request

sdk.privacy-center.org

IN A

Response

sdk.privacy-center.org

IN A

18.245.175.44

sdk.privacy-center.org

IN A

18.245.175.80

sdk.privacy-center.org

IN A

18.245.175.23

sdk.privacy-center.org

IN A

18.245.175.74
DNS

sc.sftcdn.net

chrome.exe

Remote address:

8.8.8.8:53

Request

sc.sftcdn.net

IN A

Response

sc.sftcdn.net

IN CNAME

swls.map.fastly.net

swls.map.fastly.net

IN A

151.101.129.91

swls.map.fastly.net

IN A

151.101.193.91

swls.map.fastly.net

IN A

151.101.1.91

swls.map.fastly.net

IN A

151.101.65.91
DNS

images.sftcdn.net

chrome.exe

Remote address:

8.8.8.8:53

Request

images.sftcdn.net

IN A

Response

images.sftcdn.net

IN CNAME

swls.map.fastly.net

swls.map.fastly.net

IN A

151.101.65.91

swls.map.fastly.net

IN A

151.101.193.91

swls.map.fastly.net

IN A

151.101.1.91

swls.map.fastly.net

IN A

151.101.129.91
DNS

rv-assets.softonic.com

chrome.exe

Remote address:

8.8.8.8:53

Request

rv-assets.softonic.com

IN A

Response

rv-assets.softonic.com

IN CNAME

swls.map.fastly.net

swls.map.fastly.net

IN A

151.101.193.91

swls.map.fastly.net

IN A

151.101.129.91

swls.map.fastly.net

IN A

151.101.1.91

swls.map.fastly.net

IN A

151.101.65.91
DNS

bat.bing.com

chrome.exe

Remote address:

8.8.8.8:53

Request

bat.bing.com

IN A

Response

bat.bing.com

IN CNAME

bat-bing-com.ax-0001.ax-msedge.net

bat-bing-com.ax-0001.ax-msedge.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
DNS

securepubads.g.doubleclick.net

chrome.exe

Remote address:

8.8.8.8:53

Request

securepubads.g.doubleclick.net

IN A

Response

securepubads.g.doubleclick.net

IN A

142.250.178.2
DNS

www.clarity.ms

chrome.exe

Remote address:

8.8.8.8:53

Request

www.clarity.ms

IN A

Response

www.clarity.ms

IN CNAME

clarity.azurefd.net

clarity.azurefd.net

IN CNAME

azurefd-t-prod.trafficmanager.net

azurefd-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0037.t-0009.t-msedge.net

shed.dual-low.s-part-0037.t-0009.t-msedge.net

IN CNAME

s-part-0037.t-0009.t-msedge.net

s-part-0037.t-0009.t-msedge.net

IN A

13.107.246.65
GET

https://images.sftcdn.net/images/t_app-icon-s/p/9a8d84f2-99bf-4a32-ae54-a4c6a4c22b40/4178280428/mandela-invasion-icona.jpg

chrome.exe

Remote address:

151.101.65.91:443

Request

GET /images/t_app-icon-s/p/9a8d84f2-99bf-4a32-ae54-a4c6a4c22b40/4178280428/mandela-invasion-icona.jpg HTTP/2.0
host: images.sftcdn.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public,max-age=31536000
content-type: image/avif
etag: "nXrYvGzXeCW/sLytHE84tWfgqOM7CG75pVoXBKFxLUE"
expires: Wed, 05 Nov 2025 10:08:09 GMT
fastly-io-info: ifsz=1725672 idim=1920x1080 ifmt=png ofsz=4534 odim=340x191 ofmt=avif
fastly-io-served-by: vpop-etou8240195
fastly-stats: io=1
server: UploadServer
x-amz-checksum-crc32c: 5GzGgQ==
x-goog-generation: 1722373727786941
x-goog-hash: crc32c=5GzGgQ==
x-goog-hash: md5=3SLQZ70CKpzYELvwkfcKog==
x-goog-metageneration: 3
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1725672
x-guploader-uploadid: AHmUCY1a2_YGQ3-xMCkuKMi-AyETQMyuk34Ku7ZC7CYawL4yJLKJ-8cBFM1iW-n2WMbNnCeSzEk
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 63094
date: Wed, 06 Nov 2024 03:39:44 GMT
x-served-by: cache-ams2100109-AMS, cache-lon420117-LON
x-cache: HIT, MISS
x-cache-hits: 1, 0
vary: Accept
strict-transport-security: max-age=300
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 4534
GET

https://images.sftcdn.net/images/t_app-cover-s,f_auto/p/9a8d84f2-99bf-4a32-ae54-a4c6a4c22b40/38336615/mandela-invasion-iePhN_.png

chrome.exe

Remote address:

151.101.65.91:443

Request

GET /images/t_app-cover-s,f_auto/p/9a8d84f2-99bf-4a32-ae54-a4c6a4c22b40/38336615/mandela-invasion-iePhN_.png HTTP/2.0
host: images.sftcdn.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public,max-age=31536000
content-type: image/avif
etag: "GBK/XxuJmF+iKNXm0sYArr8LVEQ1Py37sk6nYiVSytI"
expires: Sat, 27 Sep 2025 04:02:33 GMT
fastly-io-info: ifsz=54592 idim=1200x1200 ifmt=jpeg ofsz=2395 odim=112x112 ofmt=avif
fastly-io-served-by: vpop-etou8240196
fastly-stats: io=1
server: UploadServer
x-amz-checksum-crc32c: +Fi0ZA==
x-goog-generation: 1722373726675060
x-goog-hash: crc32c=+Fi0ZA==
x-goog-hash: md5=Qnt24dC/lglJEdUAS8nz1Q==
x-goog-metageneration: 3
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 54592
x-guploader-uploadid: AD-8ljvefBOJ8oIpYw9bAIG6OyFv8QWzYHTLPAk8V7TXQUOxHSt7MlyQRMkY5835L7PYOf7HOGM
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 1269514
date: Wed, 06 Nov 2024 03:39:44 GMT
x-served-by: cache-ams21050-AMS, cache-lon420117-LON
x-cache: HIT, HIT
x-cache-hits: 82, 0
vary: Accept
strict-transport-security: max-age=300
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2395
GET

https://di-images.sftcdn.net/t_auto/download_intent/templates/avast-software-sro/avg-secure-browser/AVG_Secure_Browser

chrome.exe

Remote address:

151.101.65.91:443

Request

GET /t_auto/download_intent/templates/avast-software-sro/avg-secure-browser/AVG_Secure_Browser HTTP/2.0
host: di-images.sftcdn.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public,max-age=31536000
content-type: image/avif
etag: "kqjrAlPVj1zhs0LiZ7ljLP6Cyz5CEap+OsQ7PFRkAS4"
expires: Wed, 15 Oct 2025 04:27:30 GMT
fastly-io-info: ifsz=9157 idim=300x140 ifmt=png ofsz=2698 odim=300x140 ofmt=avif
fastly-io-served-by: vpop-etou8240196
fastly-stats: io=1
server: UploadServer
x-amz-checksum-crc32c: nK6JsQ==
x-goog-generation: 1722424715254008
x-goog-hash: crc32c=nK6JsQ==
x-goog-hash: md5=SnKZP2z66t7aI3U9OizzMg==
x-goog-metageneration: 3
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 9157
x-guploader-uploadid: AHmUCY1Fnq5-ckvScPv0WFxG_gfZ6A81OApNufHv0nRif4ZjuaW8WcWuMpMsSsW9c4PvhIBS5jDLo6wwxg
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 1897934
date: Wed, 06 Nov 2024 03:39:44 GMT
x-served-by: cache-ams21059-AMS, cache-lon420117-LON
x-cache: HIT, HIT
x-cache-hits: 1768, 0
vary: Accept
strict-transport-security: max-age=300
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2698
GET

https://di-images.sftcdn.net/t_auto/download_intent/softonic/avg-secure-browser/2

chrome.exe

Remote address:

151.101.65.91:443

Request

GET /t_auto/download_intent/softonic/avg-secure-browser/2 HTTP/2.0
host: di-images.sftcdn.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000
content-type: image/avif
etag: "gyDhy+rxETI335DSytC5DrXH9Hh1+CnemQ85omw+aD8"
expires: Fri, 19 Sep 2025 08:37:50 GMT
fastly-io-info: ifsz=2905 idim=80x80 ifmt=png ofsz=1863 odim=80x80 ofmt=avif
fastly-io-served-by: vpop-etou8240198
fastly-stats: io=1
server: UploadServer
x-amz-checksum-crc32c: fzKKBg==
x-goog-generation: 1722424559082616
x-goog-hash: crc32c=fzKKBg==
x-goog-hash: md5=UabeA3MNZpV8mUyaxbtFUg==
x-goog-metageneration: 2
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 2905
x-guploader-uploadid: AD-8ljtH6L-M6LCi6hhRc4gqIKp2yVXvONtTT1CHVOz01fZl1I2v11GYyURM-Eqgbw1TZON2Q_zgzPhnHg
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 3106266
date: Wed, 06 Nov 2024 03:39:44 GMT
x-served-by: cache-ams21074-AMS, cache-lon420117-LON
x-cache: HIT, HIT
x-cache-hits: 7, 0
vary: Accept
strict-transport-security: max-age=300
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1863
GET

https://di-images.sftcdn.net/t_auto/download_intent/softonic/avg-secure-browser/1

chrome.exe

Remote address:

151.101.65.91:443

Request

GET /t_auto/download_intent/softonic/avg-secure-browser/1 HTTP/2.0
host: di-images.sftcdn.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000
content-type: image/png
etag: "WM2h1tee+lBkVoLecGfLf23BY+F62nbTCK+xDgg2if0"
expires: Fri, 19 Sep 2025 08:37:46 GMT
fastly-io-info: ifsz=1270 idim=80x80 ifmt=png ofsz=1270 odim=80x80 ofmt=png
fastly-io-served-by: vpop-etou8240199
fastly-io-warning: Failed to shrink image
fastly-stats: io=1
server: UploadServer
x-amz-checksum-crc32c: 3PCpgw==
x-goog-generation: 1722424560031665
x-goog-hash: crc32c=3PCpgw==
x-goog-hash: md5=/N2po/0S7bOzMofi88WZsw==
x-goog-metageneration: 2
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1270
x-guploader-uploadid: AD-8ljuEtCcJt4hDlP5aTUXaB2iQPAvogxMezqj9JlsG_Fnh7wYR55yhpXPz6yFeWysd9rRiITOM7duwoQ
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 4129318
date: Wed, 06 Nov 2024 03:39:44 GMT
x-served-by: cache-ams2100126-AMS, cache-lon420117-LON
x-cache: HIT, HIT
x-cache-hits: 13, 0
vary: Accept
strict-transport-security: max-age=300
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1270
GET

https://di-images.sftcdn.net/t_auto/download_intent/softonic/avg-secure-browser/3

chrome.exe

Remote address:

151.101.65.91:443

Request

GET /t_auto/download_intent/softonic/avg-secure-browser/3 HTTP/2.0
host: di-images.sftcdn.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000
content-type: image/avif
etag: "klmc/jjKK3IK1y779q6dwqgtY8meXGkYEM26TLMJfOw"
expires: Fri, 19 Sep 2025 08:37:50 GMT
fastly-io-info: ifsz=2463 idim=80x80 ifmt=png ofsz=1703 odim=80x80 ofmt=avif
fastly-io-served-by: img02-europe-west3
fastly-stats: io=1
server: UploadServer
x-amz-checksum-crc32c: 3/2i1Q==
x-goog-generation: 1722424560999004
x-goog-hash: crc32c=3/2i1Q==
x-goog-hash: md5=X1mq/8jIerYTv82pARpfTA==
x-goog-metageneration: 2
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 2463
x-guploader-uploadid: AD-8ljsRyoNnhkXPmKadAuwfpgxodufpKwqQGP9d3Bvo_Ob265JNqnRBkwNKhUKZBl23yF-bB6bbPPD-2w
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 4129314
date: Wed, 06 Nov 2024 03:39:44 GMT
x-served-by: cache-ams21056-AMS, cache-lon420117-LON
x-cache: HIT, HIT
x-cache-hits: 10, 0
vary: Accept
strict-transport-security: max-age=300
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1703
GET

https://sc.sftcdn.net/fonts/5bba3-e5711.woff2

chrome.exe

Remote address:

151.101.129.91:443

Request

GET /fonts/5bba3-e5711.woff2 HTTP/2.0
host: sc.sftcdn.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://mandela-invasion.en.softonic.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: istio-envoy
content-type: font/woff2
last-modified: Mon, 21 Oct 2024 09:13:47 GMT
etag: W/"67161b4b-319c"
expires: Wed, 22 Oct 2025 10:07:04 GMT
cache-control: max-age=31536000,public
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Accept, Content-Type, If-None-Match
access-control-allow-methods: GET, OPTIONS
content-encoding: br
x-envoy-upstream-service-time: 1
x-envoy-decorator-operation: noodle-statics-statics-server.noodle-v1.svc.cluster.local:80/*
via: 1.1 google, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 06 Nov 2024 03:39:44 GMT
age: 1272759
x-served-by: cache-ams21064-AMS, cache-lcy-eglc8600093-LCY
x-cache: HIT, HIT
x-cache-hits: 580, 2187
x-timer: S1730864384.089586,VS0,VE0
vary: Accept-Encoding
x-device-type: common
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 12698
GET

https://sc.sftcdn.net/fonts/585ea-68c47.woff2

chrome.exe

Remote address:

151.101.129.91:443

Request

GET /fonts/585ea-68c47.woff2 HTTP/2.0
host: sc.sftcdn.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://mandela-invasion.en.softonic.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: istio-envoy
content-type: application/javascript
last-modified: Tue, 05 Nov 2024 14:30:15 GMT
etag: W/"672a2bf7-18132"
expires: Wed, 05 Nov 2025 14:40:04 GMT
cache-control: max-age=31536000,public
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Accept, Content-Type, If-None-Match
access-control-allow-methods: GET, OPTIONS
content-encoding: br
x-envoy-upstream-service-time: 6
x-envoy-decorator-operation: noodle-statics-statics-server.noodle-v1.svc.cluster.local:80/*
via: 1.1 google, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 06 Nov 2024 03:39:44 GMT
age: 46780
x-served-by: cache-ams21051-AMS, cache-lcy-eglc8600093-LCY
x-cache: HIT, HIT
x-cache-hits: 7, 354
x-timer: S1730864384.089768,VS0,VE0
vary: Accept-Encoding
x-device-type: common
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 20338
GET

https://sc.sftcdn.net/fonts/cb75f-83e1c.woff2

chrome.exe

Remote address:

151.101.129.91:443

Request

GET /fonts/cb75f-83e1c.woff2 HTTP/2.0
host: sc.sftcdn.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://mandela-invasion.en.softonic.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: istio-envoy
content-type: font/woff2
last-modified: Thu, 26 Sep 2024 13:53:18 GMT
etag: W/"66f5674e-aa40"
expires: Wed, 01 Oct 2025 01:54:51 GMT
cache-control: max-age=31536000,public
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Accept, Content-Type, If-None-Match
access-control-allow-methods: GET, OPTIONS
content-encoding: br
x-envoy-upstream-service-time: 2
x-envoy-decorator-operation: noodle-statics-statics-server.noodle-v1.svc.cluster.local:80/*
via: 1.1 google, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 06 Nov 2024 03:39:44 GMT
age: 3116691
x-served-by: cache-ams2100130-AMS, cache-lcy-eglc8600093-LCY
x-cache: HIT, HIT
x-cache-hits: 16577, 2110
x-timer: S1730864384.089780,VS0,VE0
vary: Accept-Encoding
x-device-type: common
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 43588
GET

https://sc.sftcdn.net/scripts/72c3f-d506e.mjs

chrome.exe

Remote address:

151.101.129.91:443

Request

GET /scripts/72c3f-d506e.mjs HTTP/2.0
host: sc.sftcdn.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://mandela-invasion.en.softonic.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: istio-envoy
content-type: application/javascript
last-modified: Thu, 24 Oct 2024 13:50:42 GMT
etag: W/"671a50b2-fae2"
expires: Mon, 27 Oct 2025 02:37:25 GMT
cache-control: max-age=31536000,public
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Accept, Content-Type, If-None-Match
access-control-allow-methods: GET, OPTIONS
content-encoding: br
x-envoy-upstream-service-time: 3
x-envoy-decorator-operation: noodle-statics-statics-server.noodle-v1.svc.cluster.local:80/*
via: 1.1 google, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 06 Nov 2024 03:39:44 GMT
age: 867739
x-served-by: cache-ams21067-AMS, cache-lcy-eglc8600093-LCY
x-cache: HIT, HIT
x-cache-hits: 4397, 2148
x-timer: S1730864384.090052,VS0,VE0
vary: Accept-Encoding
x-device-type: common
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 18229
GET

https://sc.sftcdn.net/scripts/23986-a9436.mjs

chrome.exe

Remote address:

151.101.129.91:443

Request

GET /scripts/23986-a9436.mjs HTTP/2.0
host: sc.sftcdn.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://mandela-invasion.en.softonic.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: istio-envoy
content-type: font/woff2
last-modified: Mon, 21 Oct 2024 09:13:47 GMT
etag: W/"67161b4b-4144"
expires: Wed, 22 Oct 2025 07:08:48 GMT
cache-control: max-age=31536000,public
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Accept, Content-Type, If-None-Match
access-control-allow-methods: GET, OPTIONS
content-encoding: br
x-envoy-upstream-service-time: 0
x-envoy-decorator-operation: noodle-statics-statics-server.noodle-v1.svc.cluster.local:80/*
via: 1.1 google, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 06 Nov 2024 03:39:44 GMT
age: 1283455
x-served-by: cache-ams21069-AMS, cache-lcy-eglc8600093-LCY
x-cache: HIT, HIT
x-cache-hits: 678, 2189
x-timer: S1730864384.090196,VS0,VE0
vary: Accept-Encoding
x-device-type: common
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 16706
GET

https://sc.sftcdn.net/styles/e1d66-e11a1.css

chrome.exe

Remote address:

151.101.129.91:443

Request

GET /styles/e1d66-e11a1.css HTTP/2.0
host: sc.sftcdn.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: istio-envoy
content-type: text/css
last-modified: Tue, 05 Nov 2024 14:30:15 GMT
etag: W/"672a2bf7-19fa0"
expires: Wed, 05 Nov 2025 14:40:04 GMT
cache-control: max-age=31536000,public
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Accept, Content-Type, If-None-Match
access-control-allow-methods: GET, OPTIONS
content-encoding: br
x-envoy-upstream-service-time: 7
x-envoy-decorator-operation: noodle-statics-statics-server.noodle-v1.svc.cluster.local:80/*
via: 1.1 google, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 06 Nov 2024 03:39:44 GMT
age: 46779
x-served-by: cache-ams21031-AMS, cache-lcy-eglc8600062-LCY
x-cache: HIT, HIT
x-cache-hits: 7, 349
x-timer: S1730864384.123399,VS0,VE0
vary: Accept-Encoding
x-device-type: common
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 16382
GET

https://sc.sftcdn.net/styles/40150-755d3.css

chrome.exe

Remote address:

151.101.129.91:443

Request

GET /styles/40150-755d3.css HTTP/2.0
host: sc.sftcdn.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: istio-envoy
content-type: text/css
last-modified: Mon, 28 Oct 2024 09:04:11 GMT
etag: W/"671f538b-4773"
expires: Tue, 28 Oct 2025 09:10:38 GMT
cache-control: max-age=31536000,public
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Accept, Content-Type, If-None-Match
access-control-allow-methods: GET, OPTIONS
content-encoding: br
x-envoy-upstream-service-time: 0
x-envoy-decorator-operation: noodle-statics-statics-server.noodle-v1.svc.cluster.local:80/*
via: 1.1 google, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 06 Nov 2024 03:39:44 GMT
age: 757746
x-served-by: cache-ams2100114-AMS, cache-lcy-eglc8600062-LCY
x-cache: HIT, HIT
x-cache-hits: 14, 4793
x-timer: S1730864384.123513,VS0,VE0
vary: Accept-Encoding
x-device-type: common
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 4336
GET

https://rv-assets.softonic.com/publishers/softonic.js?modern=1

chrome.exe

Remote address:

151.101.193.91:443

Request

GET /publishers/softonic.js?modern=1 HTTP/2.0
host: rv-assets.softonic.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://mandela-invasion.en.softonic.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: istio-envoy
content-type: application/javascript; charset=utf-8
cache-control: max-age=172500, public, s-maxage=172800, stale-if-error=31536000, stale-while-revalidate=864000
x-publisher-id: softonic
etag: W/"02a8a2a67169b7fd6965756e3336e72b"
x-version: 1.1479.0
x-request-id: f4f998f8-f8c2-4071-8f6e-d19ce2e2d50e
content-encoding: br
x-envoy-upstream-service-time: 5123
x-envoy-decorator-operation: svc-revamp-api-cms.revamp-api-v2.svc.cluster.local:80/*
via: 1.1 google, 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 06 Nov 2024 03:39:44 GMT
age: 44780
x-served-by: cache-ams21042-AMS, cache-lcy-eglc8600097-LCY
x-cache: HIT, HIT
x-cache-hits: 18, 114
x-timer: S1730864384.128938,VS0,VE0
vary: Accept-Encoding,x-device-platform,x-platform-id
access-control-expose-headers: x-country-code, x-region, x-browser-name, x-browser-version, x-platform-id, x-platform-version, x-device-platform
access-control-allow-origin: *
x-country-code: GB
x-region: LND
x-device-platform: Desktop
x-browser-name: Chrome
x-browser-version: 106.0.0.0
x-platform-id: Windows 7
x-platform-version: NT 6.1
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 96794
GET

https://rv-assets.softonic.com/prebid/softonic/prebid-client.js

chrome.exe

Remote address:

151.101.193.91:443

Request

GET /prebid/softonic/prebid-client.js HTTP/2.0
host: rv-assets.softonic.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://mandela-invasion.en.softonic.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: istio-envoy
content-type: application/javascript; charset=utf-8
cache-control: max-age=172500, public, s-maxage=172800, stale-if-error=31536000, stale-while-revalidate=864000
x-publisher-id: softonic
etag: W/"ff5275a09264fba7f2c0c5dc0e5e4c31"
x-version: 1.1479.0
x-request-id: 2f0290db-8596-484f-a94c-2fe3c6fa845c
content-encoding: br
x-envoy-upstream-service-time: 6189
x-envoy-decorator-operation: svc-revamp-api-cms.revamp-api-v2.svc.cluster.local:80/*
via: 1.1 google, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 06 Nov 2024 03:39:44 GMT
age: 44776
x-served-by: cache-ams21034-AMS, cache-lcy-eglc8600097-LCY
x-cache: HIT, HIT
x-cache-hits: 1, 69
x-timer: S1730864384.129300,VS0,VE0
vary: Accept-Encoding,x-country-code,x-device-platform
access-control-expose-headers: x-country-code, x-region, x-browser-name, x-browser-version, x-platform-id, x-platform-version, x-device-platform
access-control-allow-origin: *
x-country-code: GB
x-region: LND
x-device-platform: Desktop
x-browser-name: Chrome
x-browser-version: 106.0.0.0
x-platform-id: Windows 7
x-platform-version: NT 6.1
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 105550
GET

https://en.softonic.com/ads-download-url?appId=2d9f9134-96d0-11e6-bf8f-00163ec9f5fa&appUrl=https://www.avast.com/en-gb/lp-ppc-free-av%3Ffull_trSrc%3Dmmm_sft_dlp_000_119_h%26utm_source%3Dsoftonic%26utm_medium%3Dcpc%26utm_campaign%3Den-us_ava_dis_gen_pro_sft_dtp

chrome.exe

Remote address:

151.101.193.91:443

Request

GET /ads-download-url?appId=2d9f9134-96d0-11e6-bf8f-00163ec9f5fa&appUrl=https://www.avast.com/en-gb/lp-ppc-free-av%3Ffull_trSrc%3Dmmm_sft_dlp_000_119_h%26utm_source%3Dsoftonic%26utm_medium%3Dcpc%26utm_campaign%3Den-us_ava_dis_gen_pro_sft_dtp HTTP/2.0
host: en.softonic.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://ccef6d972b1c35c2366959a06ee4e8d8.safeframe.googlesyndication.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://ccef6d972b1c35c2366959a06ee4e8d8.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: https://ccef6d972b1c35c2366959a06ee4e8d8.safeframe.googlesyndication.com
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
permissions-policy: accelerometer=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=()
content-security-policy: upgrade-insecure-requests
access-control-expose-headers: WWW-Authenticate,Server-Authorization
x-request-id: 3802869862
x-page-id: app_ads_download_url
x-detected-as: desktop
x-content-type-options: nosniff
content-type: text/html; charset=utf-8
x-xss-protection: 1
content-language: en-US
x-is-bot: false
x-version: 1.6394.0
cache-control: no-cache,no-store,max-age=0,must-revalidate
accept-ranges: bytes
date: Wed, 06 Nov 2024 03:39:49 GMT
vary: origin, Accept-Encoding
strict-transport-security: max-age=300
x-country-code: GB
x-region: LND
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 513
GET

https://sdk.privacy-center.org/a8ff32f4-78c7-4428-825d-0badb488b68b/loader.js?target=en.softonic.com

chrome.exe

Remote address:

18.245.175.44:443

Request

GET /a8ff32f4-78c7-4428-825d-0badb488b68b/loader.js?target=en.softonic.com HTTP/2.0
host: sdk.privacy-center.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript; charset=utf-8
x-amzn-requestid: 93b33022-bebc-4f93-a0fb-c569fafef475
x-didomi-configs-version: 112
x-amzn-trace-id: Root=1-672a14a1-3c6b01622dfa568a68515e44;Parent=45656b431bdfc627;Sampled=0;Lineage=1:eaae1266:0
x-didomi-remote-config-metadata: multiReg:true;legacyGlobalGdpr:false
content-encoding: br
date: Wed, 06 Nov 2024 02:52:48 GMT
cache-control: max-age=7200, public
etag: W/"2fbd4efe83766a9baee068b6767dac8e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 28ce6a88a6e62c635eba40b2135f479c.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG55-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: C1noEEh0GcL43WyhoKRkwj-0sq_rqUY0T34Y7UncpBwW4Fy9T49fgQ==
age: 2941
DNS

c.amazon-adsystem.com

chrome.exe

Remote address:

8.8.8.8:53

Request

c.amazon-adsystem.com

IN A

Response

c.amazon-adsystem.com

IN CNAME

d1ykf07e75w7ss.cloudfront.net

d1ykf07e75w7ss.cloudfront.net

IN A

108.157.7.75
GET

https://www.clarity.ms/tag/n22abp4c18

chrome.exe

Remote address:

13.107.246.65:443

Request

GET /tag/n22abp4c18 HTTP/2.0
host: www.clarity.ms
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:39:44 GMT
content-type: application/x-javascript
content-length: 701
cache-control: no-cache, no-store
expires: -1
set-cookie: CLID=c8802170a4914d16b9dc460d332019fe.20241106.20251106; expires=Thu, 06 Nov 2025 03:39:44 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78
x-azure-ref: 20241106T033944Z-r1559f78f6b2kn98hC1LONxfun00000002cg00000000ndwv
x-cache: CONFIG_NOCACHE
accept-ranges: bytes
GET

https://www.clarity.ms/s/0.7.53/clarity.js

chrome.exe

Remote address:

13.107.246.65:443

Request

GET /s/0.7.53/clarity.js HTTP/2.0
host: www.clarity.ms
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: CLID=c8802170a4914d16b9dc460d332019fe.20241106.20251106

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:39:44 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
last-modified: Mon, 04 Nov 2024 16:45:38 GMT
etag: W/"0x8DCFCF01CE35FFD"
x-ms-request-id: 6f17b27c-001e-0079-55d9-2ed2ff000000
x-ms-version: 2018-03-28
access-control-allow-origin: *
x-azure-ref: 20241106T033944Z-r1559f78f6b2kn98hC1LONxfun00000002cg00000000ndxe
cache-control: public, max-age=86400
x-fd-int-roxy-purgeid: 51562430
x-cache: TCP_HIT
content-encoding: br
GET

https://c.amazon-adsystem.com/aax2/apstag.js

chrome.exe

Remote address:

108.157.7.75:443

Request

GET /aax2/apstag.js HTTP/2.0
host: c.amazon-adsystem.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
date: Wed, 06 Nov 2024 03:20:31 GMT
last-modified: Fri, 01 Nov 2024 20:18:44 GMT
etag: W/"b3da0d59872bd7a86984a426ca256adc"
x-amz-server-side-encryption: AES256
cache-control: max-age=3600
server: AmazonS3
content-encoding: gzip
via: 1.1 adc51edbb4dc468fb382e40b115a2f62.cloudfront.net (CloudFront), 1.1 3b5a3bc53642845f1ba1a839609aac0e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: G0M4q8nVGM8tZ7CQrh0TJf0SPlFjfL9QeLVdMJP-Bpf9iHk52858iA==
age: 1155
GET

https://c.amazon-adsystem.com/cdn/prod/config?src=3177&u=https%3A%2F%2Fmandela-invasion.en.softonic.com

chrome.exe

Remote address:

108.157.7.75:443

Request

GET /cdn/prod/config?src=3177&u=https%3A%2F%2Fmandela-invasion.en.softonic.com HTTP/2.0
host: c.amazon-adsystem.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json;charset=UTF-8
content-length: 487
access-control-allow-origin: https://mandela-invasion.en.softonic.com
access-control-allow-credentials: true
cache-control: max-age=21550, s-maxage=21600
date: Wed, 06 Nov 2024 03:39:45 GMT
server: Server
x-cache: Miss from cloudfront
via: 1.1 3b5a3bc53642845f1ba1a839609aac0e.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: 7YuAicH7lmQToHtFQU_oB8Qxi0pZtLxtJVtB4o-64wGYb5ebQ2hi0w==
DNS

syndicatedsearch.goog

chrome.exe

Remote address:

8.8.8.8:53

Request

syndicatedsearch.goog

IN A

Response

syndicatedsearch.goog

IN A

216.58.212.206
GET

https://syndicatedsearch.goog/afs/ads/i/iframe.html

chrome.exe

Remote address:

216.58.212.206:443

Request

GET /afs/ads/i/iframe.html HTTP/2.0
host: syndicatedsearch.goog
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://syndicatedsearch.goog/afs/ads?adsafe=medium&psid=7097078552&channel=dsk_afs_en_pp&iab_gdprApplies=true&client=softonic&q=Mandela%20Invasion&r=m&iab_tcString=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&max_radlink_len=400&type=0&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301432%2C17301436%2C17301542%2C17301266%2C72717107%2C49280903%2C72771954&format=p2&ad=p2&nocache=8211730864386260&num=0&output=uds_ads_only&v=3&bsl=8&pac=2&u_his=3&u_tz=0&dt=1730864386261&u_w=1280&u_h=720&biw=1263&bih=592&psw=1263&psh=6060&frm=0&uio=-wi600&cont=middle-contextual-list-desktop&drt=0&jsid=csa&jsv=691096265&rurl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&referer=https%3A%2F%2Fwww.google.com%2F

chrome.exe

Remote address:

216.58.212.206:443

Request

GET /afs/ads?adsafe=medium&psid=7097078552&channel=dsk_afs_en_pp&iab_gdprApplies=true&client=softonic&q=Mandela%20Invasion&r=m&iab_tcString=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&max_radlink_len=400&type=0&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301432%2C17301436%2C17301542%2C17301266%2C72717107%2C49280903%2C72771954&format=p2&ad=p2&nocache=8211730864386260&num=0&output=uds_ads_only&v=3&bsl=8&pac=2&u_his=3&u_tz=0&dt=1730864386261&u_w=1280&u_h=720&biw=1263&bih=592&psw=1263&psh=6060&frm=0&uio=-wi600&cont=middle-contextual-list-desktop&drt=0&jsid=csa&jsv=691096265&rurl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&referer=https%3A%2F%2Fwww.google.com%2F HTTP/2.0
host: syndicatedsearch.goog
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://syndicatedsearch.goog/afs/ads?psid=5593628202&channel=dsk_rscp_en_pp&iab_gdprApplies=true&client=softonic&r=m&iab_tcString=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&hl=en&rpbu=https%3A%2F%2Fen.softonic.com%2Fs%3Frscp%3D12345678%26platformId%3Dwindows%26styleId%3D5593628202&rpqp=q&type=3&rs_tt=c&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301432%2C17301436%2C17301542%2C17301266%2C72717107%2C49280903%2C72771954&format=r4&nocache=8311730864386269&num=0&output=afd_ads&domain_name=mandela-invasion.en.softonic.com&v=3&bsl=8&pac=2&u_his=3&u_tz=0&dt=1730864386271&u_w=1280&u_h=720&biw=1263&bih=592&psw=1263&psh=6072&frm=0&uio=-wi290&cont=rscontainer&drt=0&jsid=csa&jsv=691096265&rurl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&referer=https%3A%2F%2Fwww.google.com%2F

chrome.exe

Remote address:

216.58.212.206:443

Request

GET /afs/ads?psid=5593628202&channel=dsk_rscp_en_pp&iab_gdprApplies=true&client=softonic&r=m&iab_tcString=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&hl=en&rpbu=https%3A%2F%2Fen.softonic.com%2Fs%3Frscp%3D12345678%26platformId%3Dwindows%26styleId%3D5593628202&rpqp=q&type=3&rs_tt=c&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301432%2C17301436%2C17301542%2C17301266%2C72717107%2C49280903%2C72771954&format=r4&nocache=8311730864386269&num=0&output=afd_ads&domain_name=mandela-invasion.en.softonic.com&v=3&bsl=8&pac=2&u_his=3&u_tz=0&dt=1730864386271&u_w=1280&u_h=720&biw=1263&bih=592&psw=1263&psh=6072&frm=0&uio=-wi290&cont=rscontainer&drt=0&jsid=csa&jsv=691096265&rurl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&referer=https%3A%2F%2Fwww.google.com%2F HTTP/2.0
host: syndicatedsearch.goog
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

btloader.com

chrome.exe

Remote address:

8.8.8.8:53

Request

btloader.com

IN A

Response

btloader.com

IN A

104.22.75.216

btloader.com

IN A

104.22.74.216

btloader.com

IN A

172.67.41.60
GET

https://btloader.com/tag?o=5633429348548608&upapi=true

chrome.exe

Remote address:

104.22.75.216:443

Request

GET /tag?o=5633429348548608&upapi=true HTTP/2.0
host: btloader.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:39:44 GMT
content-type: application/javascript
content-length: 21310
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
content-encoding: gzip
etag: "ac26a6b901db30402db9ea05b3198682"
last-modified: Wed, 06 Nov 2024 02:46:45 GMT
vary: Origin, Accept-Encoding
x-robots-tag: noindex, nofollow
via: 1.1 google
cf-cache-status: HIT
age: 2994
accept-ranges: bytes
server: cloudflare
cf-ray: 8de20ee2fcba4913-LHR
DNS

ad-delivery.net

chrome.exe

Remote address:

8.8.8.8:53

Request

ad-delivery.net

IN A

Response

ad-delivery.net

IN A

104.26.2.70

ad-delivery.net

IN A

104.26.3.70

ad-delivery.net

IN A

172.67.69.19
DNS

di-images.sftcdn.net

chrome.exe

Remote address:

8.8.8.8:53

Request

di-images.sftcdn.net

IN A

Response

di-images.sftcdn.net

IN CNAME

swls.map.fastly.net

swls.map.fastly.net

IN A

151.101.65.91

swls.map.fastly.net

IN A

151.101.1.91

swls.map.fastly.net

IN A

151.101.129.91

swls.map.fastly.net

IN A

151.101.193.91
DNS

storage.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

storage.googleapis.com

IN A

Response

storage.googleapis.com

IN A

142.250.200.27

storage.googleapis.com

IN A

216.58.212.219

storage.googleapis.com

IN A

216.58.212.251

storage.googleapis.com

IN A

172.217.169.59

storage.googleapis.com

IN A

142.250.187.251

storage.googleapis.com

IN A

172.217.169.27

storage.googleapis.com

IN A

216.58.201.123

storage.googleapis.com

IN A

172.217.16.251

storage.googleapis.com

IN A

142.250.200.59

storage.googleapis.com

IN A

142.250.178.27

storage.googleapis.com

IN A

216.58.213.27

storage.googleapis.com

IN A

142.250.187.219

storage.googleapis.com

IN A

142.250.179.251

storage.googleapis.com

IN A

216.58.204.91

storage.googleapis.com

IN A

172.217.169.91

storage.googleapis.com

IN A

142.250.180.27
GET

https://storage.googleapis.com/storage-proxy-assets/revamp-di-sft/corporate-logo-nb.svg

chrome.exe

Remote address:

142.250.200.27:443

Request

GET /storage-proxy-assets/revamp-di-sft/corporate-logo-nb.svg HTTP/2.0
host: storage.googleapis.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

b.clarity.ms

chrome.exe

Remote address:

8.8.8.8:53

Request

b.clarity.ms

IN A

Response

b.clarity.ms

IN CNAME

vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com

vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com

IN A

4.153.129.168
GET

https://ad-delivery.net/px.gif?ch=2

chrome.exe

Remote address:

104.26.2.70:443

Request

GET /px.gif?ch=2 HTTP/2.0
host: ad-delivery.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:39:44 GMT
content-type: image/gif
content-length: 43
x-goog-generation: 1620242732037093
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 43
x-goog-hash: crc32c=cpEfJQ==
x-goog-hash: md5=rUsPYG4PhGW8TEwXCzfhow==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-guploader-uploadid: AHmUCY0SjdtusLMzFKMkspdUwAKfn_DgVEhZVoXasmb7ADosrIZ6RkcNIfICFfm_vURLtB353nVE4ZdaAQ
expires: Wed, 23 Oct 2024 19:57:54 GMT
cache-control: public, max-age=86400
age: 1152943
last-modified: Wed, 05 May 2021 19:25:32 GMT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7jyQVBJgEBvpbYkmelDKpXaXnFr%2BduJjAmJoBF5ch42%2FSLlQKW4D3V%2BlxgHlIikzvKg3nAh31mIDLSmQG%2FbLwZYvJLHAcRp%2FpDZvAn38pHpXRXlxUk70hC9gJqdXJrro8g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8de20ee5bf834071-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=21186&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2832&recv_bytes=1177&delivery_rate=134502&cwnd=251&unsent_bytes=0&cid=543f7d2684aa1e75&ts=48&x=0"
GET

https://ad-delivery.net/px.gif?ch=1&e=0.8281441677203303

chrome.exe

Remote address:

104.26.2.70:443

Request

GET /px.gif?ch=1&e=0.8281441677203303 HTTP/2.0
host: ad-delivery.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:39:44 GMT
content-type: image/gif
content-length: 43
x-goog-generation: 1620242732037093
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 43
x-goog-hash: crc32c=cpEfJQ==
x-goog-hash: md5=rUsPYG4PhGW8TEwXCzfhow==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-guploader-uploadid: AHmUCY0SjdtusLMzFKMkspdUwAKfn_DgVEhZVoXasmb7ADosrIZ6RkcNIfICFfm_vURLtB353nVE4ZdaAQ
expires: Wed, 23 Oct 2024 19:57:54 GMT
cache-control: public, max-age=86400
age: 1152943
last-modified: Wed, 05 May 2021 19:25:32 GMT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qoNdiSYFAcSCZJ8oCeIp0xQl7oIpgnWN1qO%2BPUkFwum5WB9%2BICglheX1%2FKr42VuLlNuqyhyKaSuWdc2gCMBRQPf7HpZweBYBBKonLxCy1F%2BeQm9Ky176LjlD8PheeB8tOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8de20ee5bf824071-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=21186&sent=9&recv=8&lost=0&retrans=0&sent_bytes=3950&recv_bytes=1177&delivery_rate=134502&cwnd=251&unsent_bytes=0&cid=543f7d2684aa1e75&ts=48&x=0"
DNS

api.btloader.com

chrome.exe

Remote address:

8.8.8.8:53

Request

api.btloader.com

IN A

Response

api.btloader.com

IN A

130.211.23.194
DNS

cdn.btmessage.com

chrome.exe

Remote address:

8.8.8.8:53

Request

cdn.btmessage.com

IN A

Response

cdn.btmessage.com

IN A

104.26.7.141

cdn.btmessage.com

IN A

172.67.74.232

cdn.btmessage.com

IN A

104.26.6.141
GET

https://api.btloader.com/country?o=5633429348548608

chrome.exe

Remote address:

130.211.23.194:443

Request

GET /country?o=5633429348548608 HTTP/2.0
host: api.btloader.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cdn.btmessage.com/script/rlink.js?o=5633429348548608&bt_env=prod

chrome.exe

Remote address:

104.26.7.141:443

Request

GET /script/rlink.js?o=5633429348548608&bt_env=prod HTTP/2.0
host: cdn.btmessage.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://mandela-invasion.en.softonic.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:39:45 GMT
content-type: application/javascript
content-length: 44048
x-goog-generation: 1729874829678505
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 44048
x-goog-hash: crc32c=CEI05g==
x-goog-hash: md5=IP6kKUQKx1NEoVeIK1UB2A==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-guploader-uploadid: AHmUCY3RGeearsXSgZagal6JL1qeLnW5Gq6iQMHu8xdheIsAeC_53yW2w-5KEQ43ijfcESC49Xis6rSu-A
expires: Wed, 06 Nov 2024 03:39:54 GMT
cache-control: public, max-age=300, must-revalidate
last-modified: Fri, 25 Oct 2024 16:47:09 GMT
etag: "20fea429440ac75344a157882b5501d8"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K2piqH1lJCHBNvtiG9rQzCWjipK%2FYd3MJPwWQQBhO5yEaESxbylzsVolGd8c2PEqqEBbgDGeE6Y6S17EnlicsKW%2F243jdChlce%2FfkHepHLJsx4kEU%2BVlQUekDPUR07YkXJSm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8de20ee6cc06cd12-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=23685&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=1114&delivery_rate=115602&cwnd=251&unsent_bytes=0&cid=c57540942152c382&ts=57&x=0"
GET

https://api.btmessage.com/websiteconfig?bt_env=prod&o=5633429348548608&w=mandela-invasion.en.softonic.com&l=EN

chrome.exe

Remote address:

104.26.7.141:443

Request

GET /websiteconfig?bt_env=prod&o=5633429348548608&w=mandela-invasion.en.softonic.com&l=EN HTTP/2.0
host: api.btmessage.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Wed, 06 Nov 2024 03:39:45 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, must-revalidate
location: /websiteconfig?bt_env=prod&o=5633429348548608&w=en.softonic.com&l=EN
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BDk%2B%2B%2BQFwTqJ2qN7erU1zOxeRHu%2B8iECkVAafGOpWGLyxVbhk1aLJnKb%2FKkqIHgvcAJXvlJepfEkRypM29%2F3Xjg8bcdKmCHv9cVHVDX%2F9yjVAAYQ1u6POvMJZ8N1S4EHwWqC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8de20ee77c81cd12-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=24447&sent=49&recv=32&lost=0&retrans=0&sent_bytes=48735&recv_bytes=1279&delivery_rate=1385285&cwnd=256&unsent_bytes=0&cid=c57540942152c382&ts=267&x=0"
GET

https://api.btmessage.com/websiteconfig?bt_env=prod&o=5633429348548608&w=en.softonic.com&l=EN

chrome.exe

Remote address:

104.26.7.141:443

Request

GET /websiteconfig?bt_env=prod&o=5633429348548608&w=en.softonic.com&l=EN HTTP/2.0
host: api.btmessage.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Wed, 06 Nov 2024 03:39:45 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, must-revalidate
location: /websiteconfig?bt_env=prod&o=5633429348548608&w=softonic.com&l=EN
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=szG1hr%2Fu%2BeHUk3b1kUjKRLeAdRvNNH9BkMgxE0L6jRMAltf2d1SXpMj9HhAvX7irh5IMmAODA9XxLKAMOtIRyEtcvt2qUnYVvlZOURPG9u7CzzDWL5sjhHLLy2dYuSTUqb2Q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8de20ee88d53cd12-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=26793&sent=53&recv=34&lost=0&retrans=0&sent_bytes=49436&recv_bytes=1382&delivery_rate=1385285&cwnd=256&unsent_bytes=0&cid=c57540942152c382&ts=419&x=0"
GET

https://api.btmessage.com/websiteconfig?bt_env=prod&o=5633429348548608&w=softonic.com&l=EN

chrome.exe

Remote address:

104.26.7.141:443

Request

GET /websiteconfig?bt_env=prod&o=5633429348548608&w=softonic.com&l=EN HTTP/2.0
host: api.btmessage.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:39:45 GMT
content-type: application/json
content-length: 582
access-control-allow-origin: *
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
content-encoding: gzip
etag: "b4ef508b5c59ab62e5af44ec7f73277e"
last-modified: Wed, 06 Nov 2024 03:36:26 GMT
vary: Origin
vary: accept-encoding
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wmz6yHHCI1EnIHZ4EiJXGCgFt%2FMtUIOnrI42fQf9WbJNv0JCAE54h90nM%2BGUSo9kJ8OUvY8BwyRpkCiNtGtJL%2BrYxNv7GsYpRD9S70tMyzK7fin0uVhy5sBRRNnSNJnFG0uZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8de20eea0e3dcd12-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=39651&sent=57&recv=36&lost=0&retrans=0&sent_bytes=50052&recv_bytes=1483&delivery_rate=1385285&cwnd=256&unsent_bytes=0&cid=c57540942152c382&ts=659&x=0"
GET

https://api.btmessage.com/mw/state?bt_env=prod

chrome.exe

Remote address:

104.26.7.141:443

Request

GET /mw/state?bt_env=prod HTTP/2.0
host: api.btmessage.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Wed, 06 Nov 2024 03:39:45 GMT
access-control-allow-origin: *
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c1ffCRw4Qhchr4fx1hoqOhfMUBSUr0utyqVZ3bsbQp%2FNrBITOLIsmxhRLfD1YZG5dwqVqdfeF7BBi4aZy%2B%2FXXRzKYOEJ5Sqbu2g0IbjyIBGtqne1%2BdPOR1vKwyukCMHmrFfJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8de20eeaeef2cd12-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=36644&sent=62&recv=39&lost=0&retrans=0&sent_bytes=51249&recv_bytes=1638&delivery_rate=1385285&cwnd=256&unsent_bytes=0&cid=c57540942152c382&ts=797&x=0"
GET

https://api.btmessage.com/mw/sign_pbm?w=5299385968099328&bt_env=prod

chrome.exe

Remote address:

104.26.7.141:443

Request

GET /mw/sign_pbm?w=5299385968099328&bt_env=prod HTTP/2.0
host: api.btmessage.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:39:45 GMT
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600, must-revalidate
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bUtqVz400KAdXQnNQJtuwSlhG0Kpp4tGivKCdi8v3mVZ93fYMQtS5laXhDeU6XQIaeE8OFLkSX1H4zqVf8e%2Few7kf6AUqaj7meew9UXq9Wk3f94UXrVkYQ6MDheMT8IJparK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8de20eeaeef4cd12-LHR
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=36644&sent=63&recv=39&lost=0&retrans=0&sent_bytes=51678&recv_bytes=1638&delivery_rate=1385285&cwnd=256&unsent_bytes=0&cid=c57540942152c382&ts=826&x=0"
GET

https://cdn.btmessage.com/webfonts43j533.js

chrome.exe

Remote address:

104.26.7.141:443

Request

GET /webfonts43j533.js HTTP/2.0
host: cdn.btmessage.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:39:46 GMT
content-type: text/javascript
content-length: 9
x-goog-generation: 1722960019169879
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 9
x-goog-hash: crc32c=xM8wXg==
x-goog-hash: md5=ZFYTTmNc32kMQ/0FYsbamg==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-guploader-uploadid: AHmUCY3X4Znl8AvaLaYQINs-farbbOecayOaWNFswgTX_wS3MuQpYYYBsSXCZB3pC5_Maf8FhOaxNmlv4Q
expires: Wed, 06 Nov 2024 04:17:50 GMT
cache-control: public, max-age=3600
last-modified: Tue, 06 Aug 2024 16:00:19 GMT
etag: "6456134e635cdf690c43fd0562c6da9a"
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s8QGtQRyAUPurEZ5QFj0Uhyu%2BCsHITwZTTHlqmaUh5aiIBCyHyTq5WcLaQjnplx8YS2OJD%2FGAz4jx%2Fxp7PGfLuVMuaFP7qSv0p2NiFrfuI6fg0%2FcN1l74nagcnAMuva2VV7m"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8de20ef23ba5cd12-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=36145&sent=67&recv=42&lost=0&retrans=0&sent_bytes=52825&recv_bytes=1705&delivery_rate=1385285&cwnd=256&unsent_bytes=0&cid=c57540942152c382&ts=1892&x=0"
POST

https://api.btmessage.com/events/mw

chrome.exe

Remote address:

104.26.7.141:443

Request

POST /events/mw HTTP/2.0
host: api.btmessage.com
content-length: 473
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Wed, 06 Nov 2024 03:39:47 GMT
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=be%2Bgawuim%2BmREZEHx%2FwfqKK9atyyoT9BL2kMDLZMZtoeA8lnijJ2WKSm%2FAraKNmdLyOB0MY9krfZtldSHAAW0L3pqo8%2BkYklEqgPsihFdlqIKCwQ4sSYbXKXdKosyscieDri"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8de20ef50d9ecd12-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=59065&sent=71&recv=46&lost=0&retrans=0&sent_bytes=53815&recv_bytes=2302&delivery_rate=1385285&cwnd=256&unsent_bytes=0&cid=c57540942152c382&ts=2420&x=0"
GET

https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js

chrome.exe

Remote address:

108.157.7.75:443

Request

GET /bao-csm/aps-comm/aps_csm.js HTTP/2.0
host: c.amazon-adsystem.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
date: Wed, 06 Nov 2024 03:39:46 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Thu, 29 Feb 2024 02:13:08 GMT
server: AmazonS3
x-amz-server-side-encryption: AES256
cache-control: public, max-age=86400
x-amz-version-id: r5.lR.LJ66XEXzxUUVo7iMemjL_F_GoE
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
vary: Origin,accept-encoding
x-cache: Miss from cloudfront
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: is2dj_7tKz8flFdC9vUx-dMvLFhdpnR4fmXApflkLW21taPDrUOG2A==
DNS

config.aps.amazon-adsystem.com

chrome.exe

Remote address:

8.8.8.8:53

Request

config.aps.amazon-adsystem.com

IN A

Response

config.aps.amazon-adsystem.com

IN A

108.157.4.57

config.aps.amazon-adsystem.com

IN A

108.157.4.96

config.aps.amazon-adsystem.com

IN A

108.157.4.51

config.aps.amazon-adsystem.com

IN A

108.157.4.88
DNS

api.btmessage.com

chrome.exe

Remote address:

8.8.8.8:53

Request

api.btmessage.com

IN A

Response

api.btmessage.com

IN A

172.67.74.232

api.btmessage.com

IN A

104.26.7.141

api.btmessage.com

IN A

104.26.6.141
GET

https://config.aps.amazon-adsystem.com/configs/3177

chrome.exe

Remote address:

108.157.4.57:443

Request

GET /configs/3177 HTTP/2.0
host: config.aps.amazon-adsystem.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
content-length: 531
server: CloudFront
date: Wed, 06 Nov 2024 03:14:52 GMT
cache-control: max-age=3600
x-cache: Hit from cloudfront
via: 1.1 271c2e1e305f31b0f14837cad3c843b0.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: Q0WGboplg7BUi5BOngVRdoTv-EeoNRedCy2fVXnkIj77Utsz2tyj4g==
age: 1493
DNS

googleads.g.doubleclick.net

chrome.exe

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.250.200.34
DNS

cdn.id5-sync.com

chrome.exe

Remote address:

8.8.8.8:53

Request

cdn.id5-sync.com

IN A

Response

cdn.id5-sync.com

IN A

172.67.38.106

cdn.id5-sync.com

IN A

104.22.52.86

cdn.id5-sync.com

IN A

104.22.53.86
GET

https://cdn.id5-sync.com/api/1.0/id5-api.js

chrome.exe

Remote address:

172.67.38.106:443

Request

GET /api/1.0/id5-api.js HTTP/2.0
host: cdn.id5-sync.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:39:45 GMT
content-type: text/javascript;charset=utf-8
x-amz-id-2: m0t81lRXXU3UwkTJxgvAfTvVPPF05sOt87JbGfKf86m8vQPkJcyS116WbQTViWD/XJmK/ktOFwc=
x-amz-request-id: W2C6Y163Z991SBD9
last-modified: Wed, 02 Oct 2024 12:26:13 GMT
etag: W/"f24286e1b73c01841e789906d50ce23f"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600
cf-cache-status: HIT
age: 1647
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
server: cloudflare
cf-ray: 8de20ee919be9562-LHR
content-encoding: br
DNS

www.google.co.uk

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.co.uk

IN A

Response

www.google.co.uk

IN A

172.217.169.3
GET

https://www.google.co.uk/pagead/1p-user-list/631321069/?random=1730864383908&cv=11&fst=1730862000000&bg=ffffff&guid=ON&async=1&gtm=45be4au0za200zb6335967&gcd=13l3l3l3l1l1&dma=0&tcfd=1000g&tag_exp=101823848~101878899~101878944~101925629&u_w=1280&u_h=720&url=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&hn=www.googleadservices.com&frm=0&tiba=Mandela%20Invasion%20-%20Download&npa=0&pscdl=noapi&auid=1883251844.1730864384&uaa=x86&uab=64&uafvl=Chromium%3B106.0.5249.119%7CGoogle%2520Chrome%3B106.0.5249.119%7CNot%253BA%253DBrand%3B99.0.0.0&uamb=0&uam=&uap=Windows&uapv=0.1.0&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7d2L1QRPwRGK309tmrUfilgssTDVqQ0w&random=1838632606&rmt_tld=1&ipr=y

chrome.exe

Remote address:

172.217.169.3:443

Request

GET /pagead/1p-user-list/631321069/?random=1730864383908&cv=11&fst=1730862000000&bg=ffffff&guid=ON&async=1&gtm=45be4au0za200zb6335967&gcd=13l3l3l3l1l1&dma=0&tcfd=1000g&tag_exp=101823848~101878899~101878944~101925629&u_w=1280&u_h=720&url=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&hn=www.googleadservices.com&frm=0&tiba=Mandela%20Invasion%20-%20Download&npa=0&pscdl=noapi&auid=1883251844.1730864384&uaa=x86&uab=64&uafvl=Chromium%3B106.0.5249.119%7CGoogle%2520Chrome%3B106.0.5249.119%7CNot%253BA%253DBrand%3B99.0.0.0&uamb=0&uam=&uap=Windows&uapv=0.1.0&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7d2L1QRPwRGK309tmrUfilgssTDVqQ0w&random=1838632606&rmt_tld=1&ipr=y HTTP/2.0
host: www.google.co.uk
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

c.clarity.ms

chrome.exe

Remote address:

8.8.8.8:53

Request

c.clarity.ms

IN A

Response

c.clarity.ms

IN CNAME

c.msn.com

c.msn.com

IN CNAME

c-msn-com-nsatc.trafficmanager.net

c-msn-com-nsatc.trafficmanager.net

IN A

13.74.129.1
DNS

notix.io

chrome.exe

Remote address:

8.8.8.8:53

Request

notix.io

IN A

Response

notix.io

IN A

139.45.197.253

notix.io

IN A

139.45.197.227
GET

https://ad-delivery.net/px.gif?ch=2

chrome.exe

Remote address:

104.26.2.70:443

Request

GET /px.gif?ch=2 HTTP/2.0
host: ad-delivery.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
if-none-match: "ad4b0f606e0f8465bc4c4c170b37e1a3"
if-modified-since: Wed, 05 May 2021 19:25:32 GMT

Response

HTTP/2.0 304

date: Wed, 06 Nov 2024 03:39:46 GMT
x-goog-generation: 1620242732037093
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 43
x-goog-hash: crc32c=cpEfJQ==
x-goog-hash: md5=rUsPYG4PhGW8TEwXCzfhow==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-guploader-uploadid: AHmUCY2fryjOeUXKS1d2NiUnYfSyS144qDd8N3QVM7m6DlptEUQD85ermpj6BxRf7gi4tWGhM_GtW9hRWg
expires: Sun, 03 Nov 2024 19:45:09 GMT
cache-control: public, max-age=86400
age: 201535
last-modified: Wed, 05 May 2021 19:25:32 GMT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=66zmXHi1Vs2nv8wyod47IEzq8Nt4hZDVKIRrKJV4X0kuauXFQ7CuTOd6UGKcA96rOl6C%2BM3cy8LVYxm5KT0tR245KcN1jqsKxVstw72BHYJKUryfoHZLcitnIaLv%2Fl6dCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8de20ef28909cd4b-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=20787&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2833&recv_bytes=1139&delivery_rate=134416&cwnd=251&unsent_bytes=0&cid=cfe070d50305f199&ts=36&x=0"
GET

https://ad-delivery.net/px.gif?ch=1&e=0.7880864706028838

chrome.exe

Remote address:

104.26.2.70:443

Request

GET /px.gif?ch=1&e=0.7880864706028838 HTTP/2.0
host: ad-delivery.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:39:47 GMT
content-type: image/gif
content-length: 43
x-goog-generation: 1620242732037093
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 43
x-goog-hash: crc32c=cpEfJQ==
x-goog-hash: md5=rUsPYG4PhGW8TEwXCzfhow==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-guploader-uploadid: AHmUCY2fryjOeUXKS1d2NiUnYfSyS144qDd8N3QVM7m6DlptEUQD85ermpj6BxRf7gi4tWGhM_GtW9hRWg
expires: Sun, 03 Nov 2024 19:45:09 GMT
cache-control: public, max-age=86400
age: 201536
last-modified: Wed, 05 May 2021 19:25:32 GMT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uKv%2BuvVgn6nxd1IQJydCNQaDxFJMIavx7Th%2FHL8luLnqXt%2BQE3TtiYhgFrUVMbaNbMaIv0x1b1Zexcxqt1ofwiH09U9djNZ8rVFdXnWDTHM6mLGcng5F9tQYyH5I68BPUA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8de20ef3c9f0cd4b-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=41986&sent=8&recv=9&lost=0&retrans=0&sent_bytes=3822&recv_bytes=1248&delivery_rate=134416&cwnd=253&unsent_bytes=0&cid=cfe070d50305f199&ts=234&x=0"
DNS

api.privacy-center.org

chrome.exe

Remote address:

8.8.8.8:53

Request

api.privacy-center.org

IN A

Response

api.privacy-center.org

IN A

13.32.145.66

api.privacy-center.org

IN A

13.32.145.94

api.privacy-center.org

IN A

13.32.145.80

api.privacy-center.org

IN A

13.32.145.62
OPTIONS

https://api.privacy-center.org/v1/events

chrome.exe

Remote address:

13.32.145.66:443

Request

OPTIONS /v1/events HTTP/2.0
host: api.privacy-center.org
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-requested-with
origin: https://mandela-invasion.en.softonic.com
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-headers: content-type,x-requested-with
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 86400
date: Wed, 06 Nov 2024 03:39:47 GMT
vary: Access-Control-Request-Headers
x-powered-by: Express
x-cache: Miss from cloudfront
via: 1.1 35fb5634bb95f448906ffae36e04b158.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-C2
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: MdRwQp04VAgb6oQy25FjxJH3hUFIAWkiNhvWzpO3VeS8j_UuV0v3AA==
DNS

aax.amazon-adsystem.com

chrome.exe

Remote address:

8.8.8.8:53

Request

aax.amazon-adsystem.com

IN A

Response

aax.amazon-adsystem.com

IN CNAME

aax-dtb-cf.amazon-adsystem.com

aax-dtb-cf.amazon-adsystem.com

IN CNAME

aax-dtb-cf.amazon-adsystem.amazon.com

aax-dtb-cf.amazon-adsystem.amazon.com

IN CNAME

d1jvc9b8z3vcjs.cloudfront.net

d1jvc9b8z3vcjs.cloudfront.net

IN A

108.156.255.231
GET

https://aax.amazon-adsystem.com/e/dtb/bid?src=3177&u=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=8I2RjkVm6NN9p&cb=0&ws=1280x609&v=24.910.1025&t=1000&slots=%5B%7B%22sd%22%3A%22top-mpu-1__ad%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%2C%22300x180%22%2C%22300x150%22%2C%22250x250%22%2C%22200x200%22%2C%22180x150%22%2C%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FProgrampage%2FATF_MPU_First%22%7D%2C%7B%22sd%22%3A%22top-leaderboard-1__ad%22%2C%22s%22%3A%5B%221x1%22%2C%22970x250%22%2C%22970x90%22%2C%22960x90%22%2C%22950x90%22%2C%22728x90%22%2C%22500x90%22%2C%22468x90%22%2C%22468x60%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FProgrampage%2FATF_Leaderboard_First%22%7D%2C%7B%22sd%22%3A%22td-top-mpu-bf__ad%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x180%22%2C%22250x250%22%2C%22200x200%22%2C%22180x150%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FProgrampage%2FATF_MPU%22%7D%5D&gdpre=1&gdprc=CQHqu8AQHqu8AAHABBENBOFgAAAAAAAgAAiQAAADugBADLAHcAKSgAwABBUQpABgACCog6ADAAEFRCEAGAAIKiBIAMAAQVEA.YAAAAAQAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

chrome.exe

Remote address:

108.156.255.231:443

Request

GET /e/dtb/bid?src=3177&u=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=8I2RjkVm6NN9p&cb=0&ws=1280x609&v=24.910.1025&t=1000&slots=%5B%7B%22sd%22%3A%22top-mpu-1__ad%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%2C%22300x180%22%2C%22300x150%22%2C%22250x250%22%2C%22200x200%22%2C%22180x150%22%2C%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FProgrampage%2FATF_MPU_First%22%7D%2C%7B%22sd%22%3A%22top-leaderboard-1__ad%22%2C%22s%22%3A%5B%221x1%22%2C%22970x250%22%2C%22970x90%22%2C%22960x90%22%2C%22950x90%22%2C%22728x90%22%2C%22500x90%22%2C%22468x90%22%2C%22468x60%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FProgrampage%2FATF_Leaderboard_First%22%7D%2C%7B%22sd%22%3A%22td-top-mpu-bf__ad%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x180%22%2C%22250x250%22%2C%22200x200%22%2C%22180x150%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FProgrampage%2FATF_MPU%22%7D%5D&gdpre=1&gdprc=CQHqu8AQHqu8AAHABBENBOFgAAAAAAAgAAiQAAADugBADLAHcAKSgAwABBUQpABgACCog6ADAAEFRCEAGAAIKiBIAMAAQVEA.YAAAAAQAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D HTTP/2.0
host: aax.amazon-adsystem.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/javascript;charset=UTF-8
content-length: 43
content-encoding: gzip
access-control-allow-origin: https://mandela-invasion.en.softonic.com
access-control-allow-credentials: true
date: Wed, 06 Nov 2024 03:39:46 GMT
server: Server
x-cache: Miss from cloudfront
via: 1.1 b6b3463eedbd4b446fd969736178bf98.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: VE9Ki9ZR1L994cvBfcVIjokco_x2V-2bFsiv4rVp7IqoyeLkhxfyJQ==
GET

https://aax.amazon-adsystem.com/e/dtb/bid?src=3177&u=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=8I2RjkVm6NN9p&cb=1&ws=1280x609&v=24.910.1025&t=1000&slots=%5B%7B%22sd%22%3A%22bottom-leaderboard-1__ad%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%2C%22468x60%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FProgrampage%2FBTF_Leaderboard_First%22%7D%2C%7B%22sd%22%3A%22bottom-mpu-2__ad%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%2C%22300x180%22%2C%22300x150%22%2C%22250x250%22%2C%22200x200%22%2C%22180x150%22%2C%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FProgrampage%2FBTF_MPU_Second%22%7D%5D&sm=4added60-a844-42c5-a4d9-a874909f5060&gdpre=1&gdprc=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

chrome.exe

Remote address:

108.156.255.231:443

Request

GET /e/dtb/bid?src=3177&u=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=8I2RjkVm6NN9p&cb=1&ws=1280x609&v=24.910.1025&t=1000&slots=%5B%7B%22sd%22%3A%22bottom-leaderboard-1__ad%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%2C%22468x60%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FProgrampage%2FBTF_Leaderboard_First%22%7D%2C%7B%22sd%22%3A%22bottom-mpu-2__ad%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%2C%22300x180%22%2C%22300x150%22%2C%22250x250%22%2C%22200x200%22%2C%22180x150%22%2C%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FProgrampage%2FBTF_MPU_Second%22%7D%5D&sm=4added60-a844-42c5-a4d9-a874909f5060&gdpre=1&gdprc=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D HTTP/2.0
host: aax.amazon-adsystem.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/javascript;charset=UTF-8
content-length: 321
content-encoding: gzip
access-control-allow-origin: https://mandela-invasion.en.softonic.com
access-control-allow-credentials: true
date: Wed, 06 Nov 2024 03:39:48 GMT
server: Server
x-cache: Miss from cloudfront
via: 1.1 b6b3463eedbd4b446fd969736178bf98.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: mw5C3bcLV_4hYJw2IjWinv5_0xK6DW-R-Qc8Qc4w3O4x6n4k87CkLw==
DNS

id.crwdcntrl.net

chrome.exe

Remote address:

8.8.8.8:53

Request

id.crwdcntrl.net

IN A

Response

id.crwdcntrl.net

IN A

34.248.111.137

id.crwdcntrl.net

IN A

34.255.252.80

id.crwdcntrl.net

IN A

79.125.104.96

id.crwdcntrl.net

IN A

52.30.238.153

id.crwdcntrl.net

IN A

63.34.182.190

id.crwdcntrl.net

IN A

52.16.238.77

id.crwdcntrl.net

IN A

54.74.74.210

id.crwdcntrl.net

IN A

52.31.95.82
DNS

id5-sync.com

chrome.exe

Remote address:

8.8.8.8:53

Request

id5-sync.com

IN A

Response

id5-sync.com

IN A

141.95.33.120

id5-sync.com

IN A

162.19.138.120

id5-sync.com

IN A

162.19.138.117

id5-sync.com

IN A

162.19.138.83

id5-sync.com

IN A

141.95.98.64

id5-sync.com

IN A

162.19.138.116

id5-sync.com

IN A

162.19.138.118

id5-sync.com

IN A

162.19.138.119

id5-sync.com

IN A

141.95.98.65

id5-sync.com

IN A

162.19.138.82
DNS

shb.richaudience.com

chrome.exe

Remote address:

8.8.8.8:53

Request

shb.richaudience.com

IN A

Response

shb.richaudience.com

IN A

148.251.40.213
DNS

ap.lijit.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ap.lijit.com

IN A

Response

ap.lijit.com

IN CNAME

vap.lijit.com

vap.lijit.com

IN CNAME

emeas.vap.lijit.com

emeas.vap.lijit.com

IN CNAME

eu.vap.lijit.com

eu.vap.lijit.com

IN CNAME

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

3.251.12.140

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

34.248.60.30

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

54.72.109.97

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

52.208.38.213

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

54.229.5.123

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

54.154.104.195

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

54.77.26.93

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

54.194.86.99
DNS

prebid.media.net

chrome.exe

Remote address:

8.8.8.8:53

Request

prebid.media.net

IN A

Response

prebid.media.net

IN A

34.120.63.153
DNS

ad.360yield.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ad.360yield.com

IN A

Response

ad.360yield.com

IN CNAME

ice.360yield.com

ice.360yield.com

IN CNAME

euw-ice.360yield.com

euw-ice.360yield.com

IN A

63.34.96.164

euw-ice.360yield.com

IN A

34.240.65.73

euw-ice.360yield.com

IN A

52.213.90.221

euw-ice.360yield.com

IN A

52.211.200.66

euw-ice.360yield.com

IN A

63.32.237.175

euw-ice.360yield.com

IN A

52.210.107.17

euw-ice.360yield.com

IN A

34.243.135.213

euw-ice.360yield.com

IN A

52.215.71.87
DNS

htlb.casalemedia.com

chrome.exe

Remote address:

8.8.8.8:53

Request

htlb.casalemedia.com

IN A

Response

htlb.casalemedia.com

IN A

104.18.36.155

htlb.casalemedia.com

IN A

172.64.151.101
DNS

hbopenbid.pubmatic.com

chrome.exe

Remote address:

8.8.8.8:53

Request

hbopenbid.pubmatic.com

IN A

Response

hbopenbid.pubmatic.com

IN CNAME

hbprebid-v3.pubmnet.com

hbprebid-v3.pubmnet.com

IN CNAME

hbopenbid-ams.pubmnet.com

hbopenbid-ams.pubmnet.com

IN A

185.64.189.112
DNS

hb-api.omnitagjs.com

chrome.exe

Remote address:

8.8.8.8:53

Request

hb-api.omnitagjs.com

IN A

Response

hb-api.omnitagjs.com

IN CNAME

hb-api-fra02.omnitagjs.com

hb-api-fra02.omnitagjs.com

IN A

185.255.84.150

hb-api-fra02.omnitagjs.com

IN A

185.255.84.151
DNS

partner.googleadservices.com

chrome.exe

Remote address:

8.8.8.8:53

Request

partner.googleadservices.com

IN A

Response

partner.googleadservices.com

IN A

172.217.16.226
POST

https://htlb.casalemedia.com/openrtb/pbjs?s=805152

chrome.exe

Remote address:

104.18.36.155:443

Request

POST /openrtb/pbjs?s=805152 HTTP/2.0
host: htlb.casalemedia.com
content-length: 3639
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:39:47 GMT
content-type: application/json
content-length: 37
cf-ray: 8de20ef3bed76352-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: https://mandela-invasion.en.softonic.com
cache-control: no-cache
expires: 0
set-cookie: receive-cookie-deprecation=1; Path=/; Domain=casalemedia.com; Expires=Thu, 06 Nov 2025 03:39:47 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None; Partitioned
pragma: no-cache
access-control-allow-credentials: true
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9e%2BrqET7QmsN8rMyUqguxuvLeSpZyPc%2Fmmak9gUBNk70PjtNAhwh4b23k%2BATDgXqscykjExT%2Bvk%2BY3xXcDerXwTQ2wvPC8Xt%2FOW9cmCel50a9%2BRRNvAgxTLnQRDwgXkHPG2TEaIg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400
GET

https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

chrome.exe

Remote address:

104.18.36.155:443

Request

GET /usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1 HTTP/2.0
host: ssum-sec.casalemedia.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: receive-cookie-deprecation=1

Response

HTTP/2.0 302

date: Wed, 06 Nov 2024 03:39:49 GMT
content-length: 0
location: /usermatch?cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fgdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA%26ex%3Dindex.com%26id%3D%24UID&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&s=192259&C=1
cf-ray: 8de20f047fed6352-LHR
cf-cache-status: DYNAMIC
cache-control: no-cache
expires: 0
set-cookie: CMID=ZyrlBbmqPkgAAGCeAgrT.wAA; Path=/; Domain=casalemedia.com; Expires=Thu, 06 Nov 2025 03:39:49 GMT; Max-Age=31536000; Secure; SameSite=None
pragma: no-cache
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
set-cookie: CMPS=5050; Path=/; Domain=casalemedia.com; Expires=Tue, 04 Feb 2025 03:39:49 GMT; Max-Age=7776000; Secure; SameSite=None
set-cookie: CMPRO=5050; Path=/; Domain=casalemedia.com; Expires=Tue, 04 Feb 2025 03:39:49 GMT; Max-Age=7776000; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ybRhBpRJph4ytIqgTkXI2BbXx8L2hDOaWHvQOCfIfdHy8WOdITXeWI9BX2TZXL%2FgEp6gIVwyVRhFy%2Bmjt6aj4wJJiHyYVb6QCxaiQiNp4u%2BJRWMzvxFzZYZvMjqMxK4WJoAl7pLR2QdaOg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400
GET

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

104.18.36.155:443

Request

GET /rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: dsum-sec.casalemedia.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ssum-sec.casalemedia.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: receive-cookie-deprecation=1
cookie: CMPS=5050
cookie: CMID=ZyrlBbmqPkgAAGCeAgrT.wAA
cookie: CMPRO=5050

Response

HTTP/2.0 302

date: Wed, 06 Nov 2024 03:39:50 GMT
content-length: 0
location: https://cm.g.doubleclick.net/pixel?gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZyrlBbmqPkgAAGCeAgrT.wAA
cf-ray: 8de20f0598726352-LHR
cf-cache-status: DYNAMIC
cache-control: no-cache
expires: 0
set-cookie: CMID=ZyrlBbmqPkgAAGCeAgrT.wAA; Path=/; Domain=casalemedia.com; Expires=Thu, 06 Nov 2025 03:39:50 GMT; Max-Age=31536000; Secure; SameSite=None
pragma: no-cache
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
set-cookie: CMPRO=5050; Path=/; Domain=casalemedia.com; Expires=Tue, 04 Feb 2025 03:39:50 GMT; Max-Age=7776000; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XQJJjDRGT3e5z%2F%2BLn%2Bx5V4280o8WC8M4U33be6oeAxJbJC1A6zlD%2BqJVvaSR2nIttPCki9xC5M9E5Aeu1P8XtqO7oZ5j7gcYpp%2F2SurOB1eQfp1ilqcMj7%2FIpJgh%2BfEiF3so0ybr24Q1jA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400
POST

https://prebid.media.net/rtb/prebid?cid=8CUQ9KO7A

chrome.exe

Remote address:

34.120.63.153:443

Request

POST /rtb/prebid?cid=8CUQ9KO7A HTTP/2.0
host: prebid.media.net
content-length: 3692
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://ad.360yield.com/pb

chrome.exe

Remote address:

63.34.96.164:443

Request

POST /pb HTTP/2.0
host: ad.360yield.com
content-length: 2319
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Wed, 06 Nov 2024 03:39:47 GMT
access-control-allow-origin: https://mandela-invasion.en.softonic.com
access-control-allow-credentials: true
POST

https://ad.360yield.com/pb

chrome.exe

Remote address:

63.34.96.164:443

Request

POST /pb HTTP/2.0
host: ad.360yield.com
content-length: 2793
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Wed, 06 Nov 2024 03:39:48 GMT
access-control-allow-origin: https://mandela-invasion.en.softonic.com
access-control-allow-credentials: true
DNS

lb.eu-1-id5-sync.com

chrome.exe

Remote address:

8.8.8.8:53

Request

lb.eu-1-id5-sync.com

IN A

Response

lb.eu-1-id5-sync.com

IN A

141.95.33.120

lb.eu-1-id5-sync.com

IN A

141.95.98.64

lb.eu-1-id5-sync.com

IN A

162.19.138.119

lb.eu-1-id5-sync.com

IN A

162.19.138.120

lb.eu-1-id5-sync.com

IN A

162.19.138.118

lb.eu-1-id5-sync.com

IN A

141.95.98.65

lb.eu-1-id5-sync.com

IN A

162.19.138.83

lb.eu-1-id5-sync.com

IN A

162.19.138.117

lb.eu-1-id5-sync.com

IN A

162.19.138.82

lb.eu-1-id5-sync.com

IN A

162.19.138.116
DNS

cdn-ima.33across.com

chrome.exe

Remote address:

8.8.8.8:53

Request

cdn-ima.33across.com

IN A

Response

cdn-ima.33across.com

IN CNAME

cdn-ima.33across.com.cdn.cloudflare.net

cdn-ima.33across.com.cdn.cloudflare.net

IN A

104.18.35.167

cdn-ima.33across.com.cdn.cloudflare.net

IN A

172.64.152.89
DNS

tags.crwdcntrl.net

chrome.exe

Remote address:

8.8.8.8:53

Request

tags.crwdcntrl.net

IN A

Response

tags.crwdcntrl.net

IN A

18.173.233.95

tags.crwdcntrl.net

IN A

18.173.233.47

tags.crwdcntrl.net

IN A

18.173.233.119

tags.crwdcntrl.net

IN A

18.173.233.10
POST

https://ap.lijit.com/rtb/bid?src=prebid_prebid_8.39.0

chrome.exe

Remote address:

3.251.12.140:443

Request

POST /rtb/bid?src=prebid_prebid_8.39.0 HTTP/2.0
host: ap.lijit.com
content-length: 2096
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:39:47 GMT
content-type: application/json
content-length: 24
vary: Accept-Encoding
set-cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y;Version=1;Domain=.lijit.com;Path=/;Max-Age=31536000;Secure; SameSite=None;
access-control-allow-origin: https://mandela-invasion.en.softonic.com
access-control-allow-methods: GET, POST, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
POST

https://ap.lijit.com/rtb/bid?src=prebid_prebid_8.39.0

chrome.exe

Remote address:

3.251.12.140:443

Request

POST /rtb/bid?src=prebid_prebid_8.39.0 HTTP/2.0
host: ap.lijit.com
content-length: 3124
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:39:48 GMT
content-type: application/json
content-length: 24
vary: Accept-Encoding
set-cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y;Version=1;Domain=.lijit.com;Path=/;Max-Age=31536000;Secure; SameSite=None;
access-control-allow-origin: https://mandela-invasion.en.softonic.com
access-control-allow-methods: GET, POST, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
GET

https://ap.lijit.com/beacon/amazon?url=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

chrome.exe

Remote address:

3.251.12.140:443

Request

GET /beacon/amazon?url=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1 HTTP/2.0
host: ap.lijit.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y

Response

HTTP/2.0 302

server: awselb/2.0
date: Wed, 06 Nov 2024 03:39:50 GMT
content-type: text/html
content-length: 110
location: https://ce.lijit.com:443/beacon/amazon?url=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1
GET

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3DSOVRN%26ttl%3D720%26uid%3D4b30a0b1f289a261ab592e1e53c126eb%26visitor%3D%24UID%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

3.251.12.140:443

Request

GET /pixel?redir=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3DSOVRN%26ttl%3D720%26uid%3D4b30a0b1f289a261ab592e1e53c126eb%26visitor%3D%24UID%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: ap.lijit.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y
cookie: ljtrtbexp=eJyrVrIwVrIyNDc2MjA3trQ00FGyMEHjm6HyjSB8A0sDc1MQ3wRFfy0AnGQQYA%3D%3D

Response

HTTP/2.0 307

date: Wed, 06 Nov 2024 03:39:52 GMT
content-length: 0
location: https://visitor.omnitagjs.com/visitor/sync?name=SOVRN&ttl=720&uid=4b30a0b1f289a261ab592e1e53c126eb&visitor=Jno7ABZHcfCkY9miSFGVuR2Y&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA
vary: Accept-Encoding
set-cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y;Version=1;Domain=.lijit.com;Path=/;Max-Age=31536000;Secure; SameSite=None;
access-control-allow-origin: *
access-control-allow-methods: GET, POST, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
POST

https://id5-sync.com/api/config/prebid

chrome.exe

Remote address:

141.95.33.120:443

Request

POST /api/config/prebid HTTP/2.0
host: id5-sync.com
content-length: 172
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://mandela-invasion.en.softonic.com
vary: Origin
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
date: Wed, 06 Nov 2024 03:39:46 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://id5-sync.com/bounce

chrome.exe

Remote address:

141.95.33.120:443

Request

GET /bounce HTTP/2.0
host: id5-sync.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:39:47 GMT
access-control-allow-origin: https://mandela-invasion.en.softonic.com
vary: Origin
access-control-allow-credentials: true
p3p: CP="CAO PSA OUR"
set-cookie: id5=b1deb64a-8c9e-791c-a947-543182303f20#1730864387199#1; Path=/; Domain=id5-sync.com; Expires=Tue, 4 Feb 2025 03:39:47 GMT; Max-Age=7776000; SameSite=None; Secure
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-type: text/plain;charset=utf-8
strict-transport-security: max-age=63072000; includeSubDomains; preload
POST

https://id5-sync.com/gm/v3

chrome.exe

Remote address:

141.95.33.120:443

Request

POST /gm/v3 HTTP/2.0
host: id5-sync.com
content-length: 1378
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: id5=b1deb64a-8c9e-791c-a947-543182303f20#1730864387199#1

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:39:47 GMT
p3p: CP="CAO PSA OUR"
set-cookie: id5=b1deb64a-8c9e-791c-a947-543182303f20#1730864387199#2; Path=/; Domain=id5-sync.com; Expires=Tue, 4 Feb 2025 03:39:47 GMT; Max-Age=7776000; SameSite=None; Secure
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin: https://mandela-invasion.en.softonic.com
vary: Origin
access-control-allow-credentials: true
content-type: application/json
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://id5-sync.com/i/691/8.gif?o=api&id5id=ID5*rQ--ILpTWKZDAjheu8ulP7cu1PIRLHfz_IreTPL1xwzWA_cHfYKnGlwzsWbGlw4Q1gLoLyDS0mChWgoby3FF1tYGm8yEHpaY3k4MD3ZGaBXWCQVB6ml7dumui2xu1lQk1hS5UGxYZBOggu2_A_cC2tYcs9eH5-cixpk7nuvfyGrWIET81WZbmbLdcpLylmQ41jBt3aHFTT7pBZrySC5fZNY-FonvBfoKgiNWU4ygcUvWQNQsoUUTucFrrqKyvlAc1koqxRBmIueGi3U-4sYpyNZM8KUEyxSuMl1G9qqgL3o&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=true

chrome.exe

Remote address:

141.95.33.120:443

Request

GET /i/691/8.gif?o=api&id5id=ID5*rQ--ILpTWKZDAjheu8ulP7cu1PIRLHfz_IreTPL1xwzWA_cHfYKnGlwzsWbGlw4Q1gLoLyDS0mChWgoby3FF1tYGm8yEHpaY3k4MD3ZGaBXWCQVB6ml7dumui2xu1lQk1hS5UGxYZBOggu2_A_cC2tYcs9eH5-cixpk7nuvfyGrWIET81WZbmbLdcpLylmQ41jBt3aHFTT7pBZrySC5fZNY-FonvBfoKgiNWU4ygcUvWQNQsoUUTucFrrqKyvlAc1koqxRBmIueGi3U-4sYpyNZM8KUEyxSuMl1G9qqgL3o&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=true HTTP/2.0
host: id5-sync.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: id5=b1deb64a-8c9e-791c-a947-543182303f20#1730864387199#2

Response

HTTP/2.0 302

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: id5=b1deb64a-8c9e-791c-a947-543182303f20#1730864387199#3; Max-Age=7776000; Expires=Tue, 04-Feb-2025 03:39:47 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: 3pi=; Max-Age=7776000; Expires=Tue, 04-Feb-2025 03:39:47 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cf=gif; Max-Age=300; Expires=Wed, 06-Nov-2024 03:44:47 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cip=691; Max-Age=300; Expires=Wed, 06-Nov-2024 03:44:47 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cnac=7; Max-Age=300; Expires=Wed, 06-Nov-2024 03:44:47 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: car=2; Max-Age=300; Expires=Wed, 06-Nov-2024 03:44:47 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gdpr=1|CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA; Max-Age=300; Expires=Wed, 06-Nov-2024 03:44:47 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gpp=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: callback=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA
date: Wed, 06 Nov 2024 03:39:47 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
POST

https://id5-sync.com/g/v2/691.json

chrome.exe

Remote address:

141.95.33.120:443

Request

POST /g/v2/691.json HTTP/2.0
host: id5-sync.com
content-length: 793
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: id5=b1deb64a-8c9e-791c-a947-543182303f20#1730864387199#2

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:39:47 GMT
p3p: CP="CAO PSA OUR"
set-cookie: id5=b1deb64a-8c9e-791c-a947-543182303f20#1730864387199#3; Path=/; Domain=id5-sync.com; Expires=Tue, 4 Feb 2025 03:39:47 GMT; Max-Age=7776000; SameSite=None; Secure
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin: https://mandela-invasion.en.softonic.com
vary: Origin
access-control-allow-credentials: true
content-type: application/json
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://partner.googleadservices.com/gampad/cookie.js?domain=mandela-invasion.en.softonic.com&client=softonic&product=SAS&callback=__sasCookie&cookie_types=v1%2Cv2

chrome.exe

Remote address:

172.217.16.226:443

Request

GET /gampad/cookie.js?domain=mandela-invasion.en.softonic.com&client=softonic&product=SAS&callback=__sasCookie&cookie_types=v1%2Cv2 HTTP/2.0
host: partner.googleadservices.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&PageUrl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&PageReferrer=https%3A%2F%2Fwww.google.com%2F&CanonicalUrl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F

chrome.exe

Remote address:

185.255.84.150:443

Request

POST /hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&PageUrl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&PageReferrer=https%3A%2F%2Fwww.google.com%2F&CanonicalUrl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F HTTP/2.0
host: hb-api.omnitagjs.com
content-length: 2171
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-credentials: true
access-control-allow-headers: Accept-Encoding, Content-Type
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://mandela-invasion.en.softonic.com
access-control-max-age: 3600
cache-control: no-cache, no-store, must-revalidate
content-type: application/json; charset=utf-8
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:39:46 GMT
content-length: 358
x-envoy-upstream-service-time: 15
server: ayl-lb-fra02
DNS

ccef6d972b1c35c2366959a06ee4e8d8.safeframe.googlesyndication.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ccef6d972b1c35c2366959a06ee4e8d8.safeframe.googlesyndication.com

IN A

Response

ccef6d972b1c35c2366959a06ee4e8d8.safeframe.googlesyndication.com

IN CNAME

pagead-googlehosted.l.google.com

pagead-googlehosted.l.google.com

IN A

216.58.213.1
GET

https://lb.eu-1-id5-sync.com/lb/v1

chrome.exe

Remote address:

141.95.33.120:443

Request

GET /lb/v1 HTTP/2.0
host: lb.eu-1-id5-sync.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://mandela-invasion.en.softonic.com
vary: Origin
content-type: application/json;charset=UTF-8
date: Wed, 06 Nov 2024 03:39:46 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://lb.eu-1-id5-sync.com/lb/v1

chrome.exe

Remote address:

141.95.33.120:443

Request

GET /lb/v1 HTTP/2.0
host: lb.eu-1-id5-sync.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://mandela-invasion.en.softonic.com
vary: Origin
content-type: application/json;charset=UTF-8
date: Wed, 06 Nov 2024 03:39:46 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://tags.crwdcntrl.net/lt/c/16589/sync.min.js

chrome.exe

Remote address:

18.173.233.95:443

Request

GET /lt/c/16589/sync.min.js HTTP/2.0
host: tags.crwdcntrl.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/javascript
last-modified: Tue, 20 Aug 2024 18:47:43 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Wed, 06 Nov 2024 01:39:30 GMT
cache-control: public, max-age=86400
etag: W/"4a385df4045c9db00ad295e7c0ca65d1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a7922bb75420f6c3485eed5adcb99ce2.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P3
x-amz-cf-id: mSlQnKhGyssPXFVjlRTKGJ66ol4b-22mE9qzY66Eim-_swk_7ZlV6Q==
age: 7222
GET

https://ccef6d972b1c35c2366959a06ee4e8d8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

chrome.exe

Remote address:

216.58.213.1:443

Request

GET /safeframe/1-0-40/html/container.html HTTP/2.0
host: ccef6d972b1c35c2366959a06ee4e8d8.safeframe.googlesyndication.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://tpc.googlesyndication.com/sodar/sodar2.js

chrome.exe

Remote address:

216.58.213.1:443

Request

GET /sodar/sodar2.js HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

crt.rootg2.amazontrust.com

chrome.exe

Remote address:

8.8.8.8:53

Request

crt.rootg2.amazontrust.com

IN A

Response

crt.rootg2.amazontrust.com

IN A

18.154.63.35

crt.rootg2.amazontrust.com

IN A

18.154.63.76

crt.rootg2.amazontrust.com

IN A

18.154.63.114

crt.rootg2.amazontrust.com

IN A

18.154.63.32
DNS

crt.rootg2.amazontrust.com

chrome.exe

Remote address:

8.8.8.8:53

Request

crt.rootg2.amazontrust.com

IN A

Response

crt.rootg2.amazontrust.com

IN A

18.154.63.35

crt.rootg2.amazontrust.com

IN A

18.154.63.114

crt.rootg2.amazontrust.com

IN A

18.154.63.76

crt.rootg2.amazontrust.com

IN A

18.154.63.32
GET

http://crt.rootg2.amazontrust.com/rootg2.cer

chrome.exe

Remote address:

18.154.63.35:80

Request

GET /rootg2.cer HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crt.rootg2.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: binary/octet-stream
Content-Length: 1145
Connection: keep-alive
Last-Modified: Tue, 29 Oct 2024 12:38:50 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: kmqyBSuWi1Eafk0We9bPNrWWNK_VcsgL
Accept-Ranges: bytes
Server: AmazonS3
Date: Wed, 06 Nov 2024 00:17:49 GMT
ETag: "c6150925cfea5941ddc7ff2a0a506692"
X-Cache: Hit from cloudfront
Via: 1.1 1c1da110e73f69e5d3de5209268db5b6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: DUS51-P4
X-Amz-Cf-Id: ec8Bfjy9kFR54T4PzdrTq_EWj5TxdccsBE2p8NEpv_iZqJDSpulHuQ==
Age: 12122
GET

https://cdn.btmessage.com/assets/bt-rlink-storage-DJolxq7O.html

chrome.exe

Remote address:

104.26.7.141:443

Request

GET /assets/bt-rlink-storage-DJolxq7O.html HTTP/2.0
host: cdn.btmessage.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:39:47 GMT
content-type: text/html
expires: Fri, 01 Nov 2024 17:50:28 GMT
cache-control: public, max-age=604800
last-modified: Fri, 25 Oct 2024 16:45:17 GMT
x-goog-generation: 1729874717533671
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1640
x-goog-meta-goog-reserved-file-mtime: 1729874693
x-goog-hash: crc32c=ODDrsg==
x-goog-hash: md5=RYQLrtolUtWHrZio5V5s1g==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *
x-guploader-uploadid: AHmUCY1otnENFQjmnzETygSX2C38gDho8kPIs6R-1nSK7XPPmgt1CPVjQyjim2A0AXVQc7otPOtevLOrSg
cf-cache-status: HIT
age: 384559
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gXrW46lMArApmtp3pY84Vg9PM1ffH821Y67oyqEn1XlA1GitHmrYILJfct7FXj4x4FWcPlUXXmrYaDCotopnxswrj84LJCMEPy7Zm95NL8s90%2FRduAxr8zwRoGyRcTGEJWj8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8de20ef56e15653e-LHR
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=20618&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2851&recv_bytes=1195&delivery_rate=133451&cwnd=251&unsent_bytes=0&cid=a8f9565124021bef&ts=56&x=0"
GET

http://crt.rootg2.amazontrust.com/rootg2.cer

chrome.exe

Remote address:

18.154.63.35:80

Request

GET /rootg2.cer HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crt.rootg2.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: binary/octet-stream
Content-Length: 1145
Connection: keep-alive
Last-Modified: Tue, 29 Oct 2024 12:38:50 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: kmqyBSuWi1Eafk0We9bPNrWWNK_VcsgL
Accept-Ranges: bytes
Server: AmazonS3
Date: Wed, 06 Nov 2024 00:17:49 GMT
ETag: "c6150925cfea5941ddc7ff2a0a506692"
X-Cache: Hit from cloudfront
Via: 1.1 1c1da110e73f69e5d3de5209268db5b6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: DUS51-P4
X-Amz-Cf-Id: S2anAYyGiDqnhmyY9o0ocxIjcM1mWDCmMXBNZRBacQF69DWpJzQPdg==
Age: 12122
GET

http://crt.rootg2.amazontrust.com/rootg2.cer

chrome.exe

Remote address:

18.154.63.35:80

Request

GET /rootg2.cer HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crt.rootg2.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: binary/octet-stream
Content-Length: 1145
Connection: keep-alive
Last-Modified: Tue, 29 Oct 2024 12:38:50 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: kmqyBSuWi1Eafk0We9bPNrWWNK_VcsgL
Accept-Ranges: bytes
Server: AmazonS3
Date: Wed, 06 Nov 2024 00:17:49 GMT
ETag: "c6150925cfea5941ddc7ff2a0a506692"
X-Cache: Hit from cloudfront
Via: 1.1 48af51fc0ab96ff6ac89553afdfdf17a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: DUS51-P4
X-Amz-Cf-Id: L0yFcPxda1b1oeEKX1UYVrcAIsk1JYX4265huJjU6zJSDj6gJB4w5g==
Age: 12122
DNS

ampcid.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ampcid.google.com

IN A

Response

ampcid.google.com

IN A

172.217.169.46
DNS

tpc.googlesyndication.com

chrome.exe

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

216.58.213.1
POST

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

chrome.exe

Remote address:

172.217.169.46:443

Request

POST /v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM HTTP/2.0
host: ampcid.google.com
content-length: 33
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

stats.g.doubleclick.net

chrome.exe

Remote address:

8.8.8.8:53

Request

stats.g.doubleclick.net

IN A

Response

stats.g.doubleclick.net

IN A

66.102.1.154

stats.g.doubleclick.net

IN A

66.102.1.156

stats.g.doubleclick.net

IN A

66.102.1.157

stats.g.doubleclick.net

IN A

66.102.1.155
DNS

region1.analytics.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

region1.analytics.google.com

IN A

Response

region1.analytics.google.com

IN A

216.239.34.36

region1.analytics.google.com

IN A

216.239.32.36
DNS

match.adsrvr.org

chrome.exe

Remote address:

8.8.8.8:53

Request

match.adsrvr.org

IN A

Response

match.adsrvr.org

IN A

35.71.131.137

match.adsrvr.org

IN A

15.197.193.217

match.adsrvr.org

IN A

52.223.40.198

match.adsrvr.org

IN A

3.33.220.150
POST

https://region1.analytics.google.com/g/collect?v=2&tid=G-R5K71YRXMV&gtm=45je4au0v877889940z86335967za200zb6335967&_p=1730864383161&_gaz=1&gcs=G111&gcd=13v3r3r3r5l1&npa=0&dma=0&tcfd=1000g&tag_exp=101823848~101878899~101878944~101925629&gdid=dMTc4Zm&cid=1213229484.1730864387&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Chromium%3B106.0.5249.119%7CGoogle%2520Chrome%3B106.0.5249.119%7CNot%253BA%253DBrand%3B99.0.0.0&uamb=0&uam=&uap=Windows&uapv=0.1.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1730864386&sct=1&seg=0&dl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&dr=https%3A%2F%2Fwww.google.com%2F&dt=Mandela%20Invasion%20-%20Download&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_type=program_page&ep.site_language=en&ep.google_click_id=&ep.test_variant=&ep.pv=1&ep.program_id=9a8d84f2-99bf-4a32-ae54-a4c6a4c22b40&ep.program_platform=windows&ep.program_category=games&ep.program_subcategory=strategy&ep.program_sources=&ep.program_review_source=kdci-new-review&ep.program_download_type=internal_download&ep.program_licence=free&ep.program_review_modification_date=2022-05-30&ep.program_opinions=yes&ep.program_review_publication_date=2022-02-08&ep.program_has_button_buy=no&ep.program_has_button_download=yes&ep.program_has_gallery=yes&ep.program_has_offer=no&epn.program_user_score=8.857142857142858&ep.google_compliant=yes&ep.program_name=Mandela%20Invasion&ep.vertical_id=&ep.ecosystem_id=&ep.ad_session_id=88d12145-64c4-4cdf-8dc4-1d33a1ebfa13&ep.program_review_vecna=false&ep.w_signal=unknown%2CTOO.MNY.REQ&tfd=4095

chrome.exe

Remote address:

216.239.34.36:443

Request

POST /g/collect?v=2&tid=G-R5K71YRXMV&gtm=45je4au0v877889940z86335967za200zb6335967&_p=1730864383161&_gaz=1&gcs=G111&gcd=13v3r3r3r5l1&npa=0&dma=0&tcfd=1000g&tag_exp=101823848~101878899~101878944~101925629&gdid=dMTc4Zm&cid=1213229484.1730864387&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Chromium%3B106.0.5249.119%7CGoogle%2520Chrome%3B106.0.5249.119%7CNot%253BA%253DBrand%3B99.0.0.0&uamb=0&uam=&uap=Windows&uapv=0.1.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1730864386&sct=1&seg=0&dl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&dr=https%3A%2F%2Fwww.google.com%2F&dt=Mandela%20Invasion%20-%20Download&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_type=program_page&ep.site_language=en&ep.google_click_id=&ep.test_variant=&ep.pv=1&ep.program_id=9a8d84f2-99bf-4a32-ae54-a4c6a4c22b40&ep.program_platform=windows&ep.program_category=games&ep.program_subcategory=strategy&ep.program_sources=&ep.program_review_source=kdci-new-review&ep.program_download_type=internal_download&ep.program_licence=free&ep.program_review_modification_date=2022-05-30&ep.program_opinions=yes&ep.program_review_publication_date=2022-02-08&ep.program_has_button_buy=no&ep.program_has_button_download=yes&ep.program_has_gallery=yes&ep.program_has_offer=no&epn.program_user_score=8.857142857142858&ep.google_compliant=yes&ep.program_name=Mandela%20Invasion&ep.vertical_id=&ep.ecosystem_id=&ep.ad_session_id=88d12145-64c4-4cdf-8dc4-1d33a1ebfa13&ep.program_review_vecna=false&ep.w_signal=unknown%2CTOO.MNY.REQ&tfd=4095 HTTP/2.0
host: region1.analytics.google.com
content-length: 0
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-152357-1&cid=1213229484.1730864387&jid=33771198&gjid=1505923489&_gid=937552829.1730864387&_u=YCHAgEABAAQCAGAAI~&z=1005793472

chrome.exe

Remote address:

66.102.1.154:443

Request

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-152357-1&cid=1213229484.1730864387&jid=33771198&gjid=1505923489&_gid=937552829.1730864387&_u=YCHAgEABAAQCAGAAI~&z=1005793472 HTTP/2.0
host: stats.g.doubleclick.net
content-length: 0
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: test_cookie=CheckForPermission
POST

https://stats.g.doubleclick.net/g/collect?v=2&tid=G-R5K71YRXMV&cid=1213229484.1730864387&gtm=45je4au0v877889940z86335967za200zb6335967&aip=1&dma=0&gcs=G111&gcd=13v3r3r3r5l1&npa=0&frm=0&tag_exp=101823848~101878899~101878944~101925629

chrome.exe

Remote address:

66.102.1.154:443

Request

POST /g/collect?v=2&tid=G-R5K71YRXMV&cid=1213229484.1730864387&gtm=45je4au0v877889940z86335967za200zb6335967&aip=1&dma=0&gcs=G111&gcd=13v3r3r3r5l1&npa=0&frm=0&tag_exp=101823848~101878899~101878944~101925629 HTTP/2.0
host: stats.g.doubleclick.net
content-length: 0
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: test_cookie=CheckForPermission
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

172.217.169.67
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

172.217.169.67:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 1238
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

cdn.ampproject.org

chrome.exe

Remote address:

8.8.8.8:53

Request

cdn.ampproject.org

IN A

Response

cdn.ampproject.org

IN CNAME

cdn-content.ampproject.org

cdn-content.ampproject.org

IN A

142.250.180.1
GET

https://cdn.ampproject.org/rtv/012406241625000/amp4ads-v0.mjs

chrome.exe

Remote address:

142.250.180.1:443

Request

GET /rtv/012406241625000/amp4ads-v0.mjs HTTP/2.0
host: cdn.ampproject.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cdn.ampproject.org/rtv/012406241625000/v0/amp-ad-exit-0.1.mjs

chrome.exe

Remote address:

142.250.180.1:443

Request

GET /rtv/012406241625000/v0/amp-ad-exit-0.1.mjs HTTP/2.0
host: cdn.ampproject.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cdn.ampproject.org/rtv/012406241625000/v0/amp-analytics-0.1.mjs

chrome.exe

Remote address:

142.250.180.1:443

Request

GET /rtv/012406241625000/v0/amp-analytics-0.1.mjs HTTP/2.0
host: cdn.ampproject.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cdn.ampproject.org/rtv/012406241625000/v0/amp-fit-text-0.1.mjs

chrome.exe

Remote address:

142.250.180.1:443

Request

GET /rtv/012406241625000/v0/amp-fit-text-0.1.mjs HTTP/2.0
host: cdn.ampproject.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cdn.ampproject.org/rtv/012406241625000/v0/amp-form-0.1.mjs

chrome.exe

Remote address:

142.250.180.1:443

Request

GET /rtv/012406241625000/v0/amp-form-0.1.mjs HTTP/2.0
host: cdn.ampproject.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

en.softonic.com

chrome.exe

Remote address:

8.8.8.8:53

Request

en.softonic.com

IN A

Response

en.softonic.com

IN CNAME

swls.map.fastly.net

swls.map.fastly.net

IN A

151.101.65.91

swls.map.fastly.net

IN A

151.101.193.91

swls.map.fastly.net

IN A

151.101.1.91

swls.map.fastly.net

IN A

151.101.129.91
DNS

aax-eu.amazon-adsystem.com

chrome.exe

Remote address:

8.8.8.8:53

Request

aax-eu.amazon-adsystem.com

IN A

Response

aax-eu.amazon-adsystem.com

IN A

52.95.122.74
GET

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&dl=gg_n-index_n-onetag_pm-db5_smrt_sovrn_3lift

chrome.exe

Remote address:

52.95.122.74:443

Request

GET /s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&dl=gg_n-index_n-onetag_pm-db5_smrt_sovrn_3lift HTTP/1.1
Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://mandela-invasion.en.softonic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

Server: Server
Date: Wed, 06 Nov 2024 03:39:49 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: WNAYA7SDMZFBGZYSRCJX
Set-Cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8|t; Domain=.amazon-adsystem.com; Expires=Tue, 01-Jul-2025 03:39:49 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&dl=gg_n-index_n-onetag_pm-db5_smrt_sovrn_3lift&dcc=t
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
GET

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&dl=gg_n-index_n-onetag_pm-db5_smrt_sovrn_3lift&dcc=t

chrome.exe

Remote address:

52.95.122.74:443

Request

GET /s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&dl=gg_n-index_n-onetag_pm-db5_smrt_sovrn_3lift&dcc=t HTTP/1.1
Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Referer: https://mandela-invasion.en.softonic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8|t

Response

HTTP/1.1 200 OK

Server: Server
Date: Wed, 06 Nov 2024 03:39:49 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 637
Connection: keep-alive
x-amz-rid: F6595CQAMKDY3KG26G14
Set-Cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8; Domain=.amazon-adsystem.com; Expires=Tue, 01-Jul-2025 03:39:49 GMT; Path=/; Secure; HttpOnly; SameSite=None
Set-Cookie: ad-privacy=0; Domain=.amazon-adsystem.com; Expires=Tue, 01-Jan-2030 03:39:49 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
GET

https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_n-onetag_pm-db5_smrt_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

chrome.exe

Remote address:

52.95.122.74:443

Request

GET /s/v3/pr?exlist=gg_n-index_n-onetag_pm-db5_smrt_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1 HTTP/1.1
Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&dl=gg_n-index_n-onetag_pm-db5_smrt_sovrn_3lift&dcc=t
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8; ad-privacy=0

Response

HTTP/1.1 200 OK

Server: Server
Date: Wed, 06 Nov 2024 03:39:49 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 4149
Connection: keep-alive
x-amz-rid: 1Y8J9X7991G6E06N4WKD
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
GET

https://aax-eu.amazon-adsystem.com/s/ecm3?gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&ex=index.com&id=ZyrlBbmqPkgAAGCeAgrT-wAAE7oAAAAB

chrome.exe

Remote address:

52.95.122.74:443

Request

GET /s/ecm3?gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&ex=index.com&id=ZyrlBbmqPkgAAGCeAgrT-wAAE7oAAAAB HTTP/1.1
Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ssum-sec.casalemedia.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8; ad-privacy=0

Response

HTTP/1.1 200 OK

Server: Server
Date: Wed, 06 Nov 2024 03:39:49 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: ABQYMCA08HJWH11XEE37
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
GET

https://aax-eu.amazon-adsystem.com/s/ecm3?id=Jno7ABZHcfCkY9miSFGVuR2Y&ex=sovrn.com&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

52.95.122.74:443

Request

GET /s/ecm3?id=Jno7ABZHcfCkY9miSFGVuR2Y&ex=sovrn.com&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/1.1
Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ce.lijit.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8; ad-privacy=0

Response

HTTP/1.1 200 OK

Server: Server
Date: Wed, 06 Nov 2024 03:39:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: JAY9WVAN7FQTJWGCCNHT
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
GET

https://aax-eu.amazon-adsystem.com/s/ecm3?ex=gg.com&id=e_1e527246-1ff7-4792-8838-14ef0c433cb2

chrome.exe

Remote address:

52.95.122.74:443

Request

GET /s/ecm3?ex=gg.com&id=e_1e527246-1ff7-4792-8838-14ef0c433cb2 HTTP/1.1
Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://rtb.gumgum.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8; ad-privacy=0

Response

HTTP/1.1 200 OK

Server: Server
Date: Wed, 06 Nov 2024 03:39:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: 36G4A6FCDN1E70PP2T88
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
GET

https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=2333261018016514337000

chrome.exe

Remote address:

52.95.122.74:443

Request

GET /s/ecm3?ex=3lift.com&id=2333261018016514337000 HTTP/1.1
Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8; ad-privacy=0

Response

HTTP/1.1 200 OK

Server: Server
Date: Wed, 06 Nov 2024 03:39:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: CXMWQM6D6VNH3768S27Q
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
DNS

onetag-sys.com

chrome.exe

Remote address:

8.8.8.8:53

Request

onetag-sys.com

IN A

Response

onetag-sys.com

IN A

51.89.9.253

onetag-sys.com

IN A

51.89.9.252

onetag-sys.com

IN A

51.89.9.251

onetag-sys.com

IN A

51.89.9.254

onetag-sys.com

IN A

51.75.86.98

onetag-sys.com

IN A

51.38.120.206
DNS

rtb.gumgum.com

chrome.exe

Remote address:

8.8.8.8:53

Request

rtb.gumgum.com

IN A

Response

rtb.gumgum.com

IN A

54.229.148.225

rtb.gumgum.com

IN A

52.210.26.144

rtb.gumgum.com

IN A

34.255.154.106

rtb.gumgum.com

IN A

54.171.11.232

rtb.gumgum.com

IN A

34.240.152.87

rtb.gumgum.com

IN A

52.18.231.111

rtb.gumgum.com

IN A

54.246.147.81

rtb.gumgum.com

IN A

34.246.79.237
DNS

ssum-sec.casalemedia.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ssum-sec.casalemedia.com

IN A

Response

ssum-sec.casalemedia.com

IN A

172.64.151.101

ssum-sec.casalemedia.com

IN A

104.18.36.155
DNS

ads.pubmatic.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ads.pubmatic.com

IN A

Response

ads.pubmatic.com

IN CNAME

pubmatic.edgekey.net

pubmatic.edgekey.net

IN CNAME

e6603.g.akamaiedge.net

e6603.g.akamaiedge.net

IN A

23.219.196.188
DNS

cm.g.doubleclick.net

chrome.exe

Remote address:

8.8.8.8:53

Request

cm.g.doubleclick.net

IN A

Response

cm.g.doubleclick.net

IN A

142.250.187.194
DNS

s.amazon-adsystem.com

chrome.exe

Remote address:

8.8.8.8:53

Request

s.amazon-adsystem.com

IN A

Response

s.amazon-adsystem.com

IN A

98.82.157.231
GET

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZyrlBbmqPkgAAGCeAgrT-wAAE7oAAAAB&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&us_privacy=&gdpr=1&gpp=&gpp_sid=

chrome.exe

Remote address:

142.250.187.194:443

Request

GET /pixel?google_nid=index&google_cm&google_hm=ZyrlBbmqPkgAAGCeAgrT-wAAE7oAAAAB&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&us_privacy=&gdpr=1&gpp=&gpp_sid= HTTP/2.0
host: cm.g.doubleclick.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ssum-sec.casalemedia.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: IDE=AHWqTUlUcXQCODVfbC40oKw8_zx494c1xEE8stfUjtZOVun_iN7rCWg-27PiFflxf5I
cookie: DSID=NO_DATA
GET

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&id=ZyrlBbmqPkgAAGCeAgrT-wAAE7oAAAAB&gpp=&gpp_sid=

chrome.exe

Remote address:

98.82.157.231:443

Request

GET /dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&id=ZyrlBbmqPkgAAGCeAgrT-wAAE7oAAAAB&gpp=&gpp_sid= HTTP/1.1
Host: s.amazon-adsystem.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ssum-sec.casalemedia.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8; ad-privacy=0

Response

HTTP/1.1 200 OK

Server: Server
Date: Wed, 06 Nov 2024 03:39:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: YHHDEC3HGPPQ33SFS17X
Set-Cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8; Domain=.amazon-adsystem.com; Expires=Tue, 01-Jul-2025 03:39:50 GMT; Path=/; Secure; HttpOnly; SameSite=None
Set-Cookie: ad-privacy=0; Domain=.amazon-adsystem.com; Expires=Tue, 01-Jan-2030 03:39:50 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
DNS

dsum-sec.casalemedia.com

chrome.exe

Remote address:

8.8.8.8:53

Request

dsum-sec.casalemedia.com

IN A

Response

dsum-sec.casalemedia.com

IN A

104.18.36.155

dsum-sec.casalemedia.com

IN A

172.64.151.101
DNS

secure.adnxs.com

chrome.exe

Remote address:

8.8.8.8:53

Request

secure.adnxs.com

IN A

Response

secure.adnxs.com

IN CNAME

xandr-g-geo.trafficmanager.net

xandr-g-geo.trafficmanager.net

IN CNAME

ib.anycast.adnxs.com

ib.anycast.adnxs.com

IN A

185.89.210.82

ib.anycast.adnxs.com

IN A

185.89.210.122

ib.anycast.adnxs.com

IN A

185.89.210.244

ib.anycast.adnxs.com

IN A

185.89.211.116

ib.anycast.adnxs.com

IN A

185.89.210.153

ib.anycast.adnxs.com

IN A

185.89.211.84

ib.anycast.adnxs.com

IN A

185.89.210.180

ib.anycast.adnxs.com

IN A

185.89.210.141

ib.anycast.adnxs.com

IN A

185.89.210.46

ib.anycast.adnxs.com

IN A

185.89.210.20

ib.anycast.adnxs.com

IN A

185.89.210.90

ib.anycast.adnxs.com

IN A

185.89.210.212
DNS

x.bidswitch.net

chrome.exe

Remote address:

8.8.8.8:53

Request

x.bidswitch.net

IN A

Response

x.bidswitch.net

IN CNAME

user-data-eu.bidswitch.net

user-data-eu.bidswitch.net

IN A

35.214.136.108
DNS

sync.srv.stackadapt.com

chrome.exe

Remote address:

8.8.8.8:53

Request

sync.srv.stackadapt.com

IN A

Response

sync.srv.stackadapt.com

IN A

3.209.70.78

sync.srv.stackadapt.com

IN A

3.224.31.74

sync.srv.stackadapt.com

IN A

3.211.176.3

sync.srv.stackadapt.com

IN A

52.204.245.185

sync.srv.stackadapt.com

IN A

52.71.201.14

sync.srv.stackadapt.com

IN A

3.210.226.4

sync.srv.stackadapt.com

IN A

52.23.28.143

sync.srv.stackadapt.com

IN A

34.239.13.157
DNS

c1.adform.net

chrome.exe

Remote address:

8.8.8.8:53

Request

c1.adform.net

IN A

Response

c1.adform.net

IN CNAME

track.adformnet.akadns.net

track.adformnet.akadns.net

IN A

37.157.4.29

track.adformnet.akadns.net

IN A

37.157.5.141

track.adformnet.akadns.net

IN A

37.157.5.84

track.adformnet.akadns.net

IN A

37.157.5.132

track.adformnet.akadns.net

IN A

37.157.5.87

track.adformnet.akadns.net

IN A

37.157.4.28
DNS

ssbsync.smartadserver.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ssbsync.smartadserver.com

IN A

Response

ssbsync.smartadserver.com

IN CNAME

ssbsync-geo.smartadserver.com

ssbsync-geo.smartadserver.com

IN CNAME

usersync-geo-global.usersync-prod-sas.akadns.net

usersync-geo-global.usersync-prod-sas.akadns.net

IN CNAME

ssbsync-euw2.smartadserver.com

ssbsync-euw2.smartadserver.com

IN A

178.32.210.230

ssbsync-euw2.smartadserver.com

IN A

149.202.238.101

ssbsync-euw2.smartadserver.com

IN A

178.32.197.52

ssbsync-euw2.smartadserver.com

IN A

178.32.197.53

ssbsync-euw2.smartadserver.com

IN A

217.182.178.229

ssbsync-euw2.smartadserver.com

IN A

164.132.25.181

ssbsync-euw2.smartadserver.com

IN A

178.32.210.231

ssbsync-euw2.smartadserver.com

IN A

51.178.195.213

ssbsync-euw2.smartadserver.com

IN A

5.196.111.69

ssbsync-euw2.smartadserver.com

IN A

91.134.110.132

ssbsync-euw2.smartadserver.com

IN A

91.134.110.133

ssbsync-euw2.smartadserver.com

IN A

51.178.195.212

ssbsync-euw2.smartadserver.com

IN A

5.135.209.100

ssbsync-euw2.smartadserver.com

IN A

217.182.178.228

ssbsync-euw2.smartadserver.com

IN A

164.132.25.180

ssbsync-euw2.smartadserver.com

IN A

5.196.111.68

ssbsync-euw2.smartadserver.com

IN A

149.202.238.100

ssbsync-euw2.smartadserver.com

IN A

5.135.209.101
DNS

ce.lijit.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ce.lijit.com

IN A

Response

ce.lijit.com

IN CNAME

ce-ew1.lijit.com

ce-ew1.lijit.com

IN CNAME

raptor-prd-ew1-alb-2127381300.eu-west-1.elb.amazonaws.com

raptor-prd-ew1-alb-2127381300.eu-west-1.elb.amazonaws.com

IN A

52.48.206.11

raptor-prd-ew1-alb-2127381300.eu-west-1.elb.amazonaws.com

IN A

18.202.15.55

raptor-prd-ew1-alb-2127381300.eu-west-1.elb.amazonaws.com

IN A

63.33.3.88

raptor-prd-ew1-alb-2127381300.eu-west-1.elb.amazonaws.com

IN A

34.249.172.33

raptor-prd-ew1-alb-2127381300.eu-west-1.elb.amazonaws.com

IN A

3.248.125.109

raptor-prd-ew1-alb-2127381300.eu-west-1.elb.amazonaws.com

IN A

34.250.71.26
GET

https://ce.lijit.com/beacon/amazon?url=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

chrome.exe

Remote address:

52.48.206.11:443

Request

GET /beacon/amazon?url=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1 HTTP/2.0
host: ce.lijit.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:39:50 GMT
content-type: text/html
content-length: 700
vary: Accept-Encoding
set-cookie: ljtrtbexp=eJyrVrIwVrIyNDc2MjA3trQ00FGyMEHjm6HyjSB8A0sDc1MQ3wRFfy0AnGQQYA%3D%3D; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:39:50 GMT; Max-Age=31536000;Secure;SameSite=None
expires: Fri, 20 Mar 2009 00:00:00 GMT
set-cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:39:50 GMT; Max-Age=31536000;Secure;SameSite=None
cache-control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
content-encoding: gzip
GET

https://ce.lijit.com/merge?pid=84&3pid=c:09e3e7b95390c57eaea582f5382fd7f4

chrome.exe

Remote address:

52.48.206.11:443

Request

GET /merge?pid=84&3pid=c:09e3e7b95390c57eaea582f5382fd7f4 HTTP/2.0
host: ce.lijit.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ce.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y
cookie: ljtrtbexp=eJyrVrIwVrIyNDc2MjA3trQ00FGyMEHjm6HyjSB8A0sDc1MQ3wRFfy0AnGQQYA%3D%3D

Response

HTTP/2.0 204

date: Wed, 06 Nov 2024 03:39:51 GMT
vary: Accept-Encoding
x-merge: GDPR Optout true
set-cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:39:51 GMT; Max-Age=31536000;Secure;SameSite=None
expires: Fri, 20 Mar 2009 00:00:00 GMT
set-cookie: ljtrtbexp=eJyrVrIwVrIyNDc2MjA3trQ00FGyMEHjm6HyjSB8A0sDc1MQ3wRFfy0AnGQQYA%3D%3D; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:39:51 GMT; Max-Age=31536000;Secure;SameSite=None
cache-control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
DNS

eb2.3lift.com

chrome.exe

Remote address:

8.8.8.8:53

Request

eb2.3lift.com

IN A

Response

eb2.3lift.com

IN CNAME

eu-eb2.3lift.com

eu-eb2.3lift.com

IN A

76.223.111.18

eu-eb2.3lift.com

IN A

13.248.245.213
GET

https://eb2.3lift.com/getuid?redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

chrome.exe

Remote address:

76.223.111.18:443

Request

GET /getuid?redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1 HTTP/2.0
host: eb2.3lift.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Wed, 06 Nov 2024 03:39:50 GMT
content-length: 0
location: /getuid?ld=1&gdpr=1&cmp_cs=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&us_privacy=&redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
cache-control: no-cache, no-store, must-revalidate
set-cookie: tluidp=2333261018016514337000; Path=/; Domain=.3lift.com; Max-Age=7776000; Expires=Tue, 04 Feb 2025 03:39:50 GMT; Secure; SameSite=None; Partitioned;
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
set-cookie: tluid=2333261018016514337000; Max-Age=7776000; Expires=Tue, 04 Feb 2025 03:39:50 GMT; Path=/; Domain=.3lift.com; Secure; SameSite=None
GET

https://eb2.3lift.com/getuid?ld=1&gdpr=1&cmp_cs=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&us_privacy=&redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID

chrome.exe

Remote address:

76.223.111.18:443

Request

GET /getuid?ld=1&gdpr=1&cmp_cs=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&us_privacy=&redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP/2.0
host: eb2.3lift.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: tluidp=2333261018016514337000
cookie: tluid=2333261018016514337000

Response

HTTP/2.0 302

date: Wed, 06 Nov 2024 03:39:50 GMT
content-length: 0
location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=2333261018016514337000
cache-control: no-cache, no-store, must-revalidate
set-cookie: tluidp=2333261018016514337000; Path=/; Domain=.3lift.com; Max-Age=7776000; Expires=Tue, 04 Feb 2025 03:39:50 GMT; Secure; SameSite=None; Partitioned;
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
set-cookie: tluid=2333261018016514337000; Max-Age=7776000; Expires=Tue, 04 Feb 2025 03:39:50 GMT; Path=/; Domain=.3lift.com; Secure; SameSite=None
DNS

tg.socdm.com

chrome.exe

Remote address:

8.8.8.8:53

Request

tg.socdm.com

IN A

Response

tg.socdm.com

IN CNAME

tg.dr.socdm.com

tg.dr.socdm.com

IN A

211.120.53.204

tg.dr.socdm.com

IN A

211.120.53.206

tg.dr.socdm.com

IN A

211.120.53.203

tg.dr.socdm.com

IN A

124.146.153.167

tg.dr.socdm.com

IN A

124.146.153.154

tg.dr.socdm.com

IN A

124.146.153.169

tg.dr.socdm.com

IN A

124.146.153.151

tg.dr.socdm.com

IN A

211.120.53.202

tg.dr.socdm.com

IN A

124.146.153.168

tg.dr.socdm.com

IN A

211.120.53.205

tg.dr.socdm.com

IN A

211.120.53.192

tg.dr.socdm.com

IN A

124.146.153.153

tg.dr.socdm.com

IN A

211.120.53.193

tg.dr.socdm.com

IN A

124.146.153.164

tg.dr.socdm.com

IN A

124.146.153.166

tg.dr.socdm.com

IN A

124.146.153.152

tg.dr.socdm.com

IN A

124.146.153.165

tg.dr.socdm.com

IN A

124.146.153.163

tg.dr.socdm.com

IN A

124.146.153.170

tg.dr.socdm.com

IN A

124.146.153.162
DNS

creativecdn.com

chrome.exe

Remote address:

8.8.8.8:53

Request

creativecdn.com

IN A

Response

creativecdn.com

IN A

185.184.8.90
DNS

us-u.openx.net

chrome.exe

Remote address:

8.8.8.8:53

Request

us-u.openx.net

IN A

Response

us-u.openx.net

IN A

34.98.64.218

us-u.openx.net

IN A

35.244.159.8
DNS

pixel-eu.rubiconproject.com

chrome.exe

Remote address:

8.8.8.8:53

Request

pixel-eu.rubiconproject.com

IN A

Response

pixel-eu.rubiconproject.com

IN CNAME

pixel-eu.rubiconproject.net.akadns.net

pixel-eu.rubiconproject.net.akadns.net

IN A

69.173.156.148

pixel-eu.rubiconproject.net.akadns.net

IN A

69.173.156.149
DNS

aorta.clickagy.com

chrome.exe

Remote address:

8.8.8.8:53

Request

aorta.clickagy.com

IN A

Response

aorta.clickagy.com

IN A

35.171.195.136

aorta.clickagy.com

IN A

34.203.58.160

aorta.clickagy.com

IN A

44.218.158.12

aorta.clickagy.com

IN A

100.29.20.208

aorta.clickagy.com

IN A

54.87.53.92

aorta.clickagy.com

IN A

3.220.200.140

aorta.clickagy.com

IN A

3.221.17.52

aorta.clickagy.com

IN A

3.219.10.209
DNS

pr-bh.ybp.yahoo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

pr-bh.ybp.yahoo.com

IN A

Response

pr-bh.ybp.yahoo.com

IN CNAME

ds-pr-bh.ybp.gysm.yahoodns.net

ds-pr-bh.ybp.gysm.yahoodns.net

IN A

34.248.206.39

ds-pr-bh.ybp.gysm.yahoodns.net

IN A

52.49.108.45

ds-pr-bh.ybp.gysm.yahoodns.net

IN A

54.76.90.176

ds-pr-bh.ybp.gysm.yahoodns.net

IN A

34.251.102.64
DNS

match.deepintent.com

chrome.exe

Remote address:

8.8.8.8:53

Request

match.deepintent.com

IN A

Response

match.deepintent.com

IN CNAME

m.deepintent.com

m.deepintent.com

IN A

38.91.45.7

m.deepintent.com

IN A

169.197.150.8

m.deepintent.com

IN A

8.18.47.7

m.deepintent.com

IN A

169.197.150.7
DNS

sync.ipredictive.com

chrome.exe

Remote address:

8.8.8.8:53

Request

sync.ipredictive.com

IN A

Response

sync.ipredictive.com

IN A

52.0.8.114

sync.ipredictive.com

IN A

34.228.205.35

sync.ipredictive.com

IN A

107.20.90.72

sync.ipredictive.com

IN A

3.214.53.170

sync.ipredictive.com

IN A

107.21.226.44

sync.ipredictive.com

IN A

3.219.15.152

sync.ipredictive.com

IN A

18.214.221.59

sync.ipredictive.com

IN A

18.232.192.117
DNS

cms.quantserve.com

chrome.exe

Remote address:

8.8.8.8:53

Request

cms.quantserve.com

IN A

Response

cms.quantserve.com

IN CNAME

2kpixel.quantserve.com

2kpixel.quantserve.com

IN CNAME

global.px.quantserve.com

global.px.quantserve.com

IN A

91.228.74.159

global.px.quantserve.com

IN A

91.228.74.166

global.px.quantserve.com

IN A

91.228.74.244

global.px.quantserve.com

IN A

91.228.74.200
DNS

b1sync.zemanta.com

chrome.exe

Remote address:

8.8.8.8:53

Request

b1sync.zemanta.com

IN A

Response

b1sync.zemanta.com

IN CNAME

b1-use1.zemanta.com

b1-use1.zemanta.com

IN CNAME

zemanta-nychi2.outbrain.org

zemanta-nychi2.outbrain.org

IN CNAME

chidc2.outbrain.org

chidc2.outbrain.org

IN A

64.74.236.255
DNS

image6.pubmatic.com

chrome.exe

Remote address:

8.8.8.8:53

Request

image6.pubmatic.com

IN A

Response

image6.pubmatic.com

IN CNAME

image6v2.pubmnet.com

image6v2.pubmnet.com

IN CNAME

pugm-amsfpairbc.pubmnet.com

pugm-amsfpairbc.pubmnet.com

IN A

198.47.127.19
GET

https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

69.173.156.148:443

Request

GET /exchange/sync.php?p=sovrn-onscroll&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/1.1
Host: pixel-eu.rubiconproject.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ce.lijit.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 69db7c5e2f600e97f8860add7135fe1e
Content-Type: image/gif
GET

https://match.deepintent.com/usersync/142?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D

chrome.exe

Remote address:

38.91.45.7:443

Request

GET /usersync/142?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D HTTP/2.0
host: match.deepintent.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 0
date: Wed, 06 Nov 2024 03:39:50 GMT
server: a
DNS

bh.contextweb.com

chrome.exe

Remote address:

8.8.8.8:53

Request

bh.contextweb.com

IN A

Response

bh.contextweb.com

IN CNAME

am1-bh.contextweb.com

am1-bh.contextweb.com

IN CNAME

am1-direct-bgp.contextweb.com

am1-direct-bgp.contextweb.com

IN A

208.93.169.131
DNS

visitor.omnitagjs.com

chrome.exe

Remote address:

8.8.8.8:53

Request

visitor.omnitagjs.com

IN A

Response

visitor.omnitagjs.com

IN CNAME

visitor-fra02.omnitagjs.com

visitor-fra02.omnitagjs.com

IN A

185.255.84.153

visitor-fra02.omnitagjs.com

IN A

185.255.84.152
DNS

sync.richaudience.com

chrome.exe

Remote address:

8.8.8.8:53

Request

sync.richaudience.com

IN A

Response

sync.richaudience.com

IN A

148.251.20.249
DNS

contextual.media.net

chrome.exe

Remote address:

8.8.8.8:53

Request

contextual.media.net

IN A

Response

contextual.media.net

IN A

92.123.240.21
DNS

js-sec.indexww.com

chrome.exe

Remote address:

8.8.8.8:53

Request

js-sec.indexww.com

IN A

Response

js-sec.indexww.com

IN A

104.18.38.76

js-sec.indexww.com

IN A

172.64.149.180
GET

https://js-sec.indexww.com/um/ixmatch.html

chrome.exe

Remote address:

104.18.38.76:443

Request

GET /um/ixmatch.html HTTP/2.0
host: js-sec.indexww.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:39:51 GMT
content-type: text/html; charset=UTF-8
last-modified: Mon, 25 Jul 2022 19:18:19 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cf-cache-status: HIT
age: 423
expires: Wed, 06 Nov 2024 07:39:51 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8de20f0ddff09556-LHR
content-encoding: gzip
GET

https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUQ9KO7A&prvid=2034%2C2033%2C2055%2C2030%2C3020%2C251%2C331%2C233%2C2027%2C236%2C313%2C237%2C319%2C97%2C55%2C77%2C20000%2C3012%2C3011%2C182%2C460%2C462%2C201%2C246%2C126%2C203%2C108&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=1&gdprstring=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&coppa=0&usp_status=0&usp_consent=1

chrome.exe

Remote address:

92.123.240.21:443

Request

GET /checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUQ9KO7A&prvid=2034%2C2033%2C2055%2C2030%2C3020%2C251%2C331%2C233%2C2027%2C236%2C313%2C237%2C319%2C97%2C55%2C77%2C20000%2C3012%2C3011%2C182%2C460%2C462%2C201%2C246%2C126%2C203%2C108&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=1&gdprstring=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&coppa=0&usp_status=0&usp_consent=1 HTTP/2.0
host: contextual.media.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Apache
content-type: text/html; charset=UTF-8
set-cookie: visitor-id=3738659910494091000V10; Expires=Thu, 06 Nov 2025 03:39:51 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=93600
vary: Accept-Encoding
content-encoding: gzip
expires: Wed, 06 Nov 2024 03:39:51 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 06 Nov 2024 03:39:51 GMT
content-length: 12649
DNS

secure-assets.rubiconproject.com

chrome.exe

Remote address:

8.8.8.8:53

Request

secure-assets.rubiconproject.com

IN A

Response

secure-assets.rubiconproject.com

IN CNAME

digicertwc.rubiconproject.com.edgekey.net

digicertwc.rubiconproject.com.edgekey.net

IN CNAME

e8960.e2.akamaiedge.net

e8960.e2.akamaiedge.net

IN A

23.215.239.190
GET

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum

chrome.exe

Remote address:

23.215.239.190:443

Request

GET /utils/xapi/multi-sync.html?p=gumgum HTTP/2.0
host: secure-assets.rubiconproject.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

server: AkamaiGHost
content-length: 0
location: https://eus.rubiconproject.com/usync.html?p=gumgum
date: Wed, 06 Nov 2024 03:39:51 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
GET

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=medianet

chrome.exe

Remote address:

23.215.239.190:443

Request

GET /utils/xapi/multi-sync.html?p=medianet HTTP/2.0
host: secure-assets.rubiconproject.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://contextual.media.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

server: AkamaiGHost
content-length: 0
location: https://eus.rubiconproject.com/usync.html?p=medianet
date: Wed, 06 Nov 2024 03:39:52 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
GET

https://visitor.omnitagjs.com/visitor/isync?uid=19340f4f097d16f41f34fc0274981ca4&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/isync?uid=19340f4f097d16f41f34fc0274981ca4&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:39:51 GMT
content-length: 1544
x-envoy-upstream-service-time: 8
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?name=Xandr+%E2%80%93+Invest+DSP&ttl=720&uid=48d5713d5c563cba2049f505b2d944b6&visitor=7743239598165122675&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?name=Xandr+%E2%80%93+Invest+DSP&ttl=720&uid=48d5713d5c563cba2049f505b2d944b6&visitor=7743239598165122675&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:39:51 GMT
content-length: 49
x-envoy-upstream-service-time: 2
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?name=Xandr+%E2%80%93+Invest+DSP+-+Banner&ttl=720&uid=75d56568a11564bfb79a01d2fa9fdb29&visitor=7743239598165122675&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?name=Xandr+%E2%80%93+Invest+DSP+-+Banner&ttl=720&uid=75d56568a11564bfb79a01d2fa9fdb29&visitor=7743239598165122675&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:39:51 GMT
content-length: 49
x-envoy-upstream-service-time: 3
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?name=SOVRN&ttl=720&uid=4b30a0b1f289a261ab592e1e53c126eb&visitor=Jno7ABZHcfCkY9miSFGVuR2Y&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?name=SOVRN&ttl=720&uid=4b30a0b1f289a261ab592e1e53c126eb&visitor=Jno7ABZHcfCkY9miSFGVuR2Y&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:39:51 GMT
content-length: 49
x-envoy-upstream-service-time: 3
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?uid=74a1ec3b61e72925193cfceeea1b0608&visitor=0-4b0f4650-bb81-5838-5502-a4aae365672c$ip$138.199.29.44&name=STACKADAPT&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?uid=74a1ec3b61e72925193cfceeea1b0608&visitor=0-4b0f4650-bb81-5838-5502-a4aae365672c$ip$138.199.29.44&name=STACKADAPT&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:39:51 GMT
content-length: 49
x-envoy-upstream-service-time: 3
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?name=NATIVO&ttl=720&uid=0544850a0778385701c6899403bef718&visitor=NTV_USER_ID&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?name=NATIVO&ttl=720&uid=0544850a0778385701c6899403bef718&visitor=NTV_USER_ID&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:39:52 GMT
content-length: 49
x-envoy-upstream-service-time: 3
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?uid=68c72dd412a8d0f3f6d2276db2509939&name=LOOPME&visitor=630e474c-39b1-4e7e-971f-617b8538d734&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?uid=68c72dd412a8d0f3f6d2276db2509939&name=LOOPME&visitor=630e474c-39b1-4e7e-971f-617b8538d734&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1 HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:39:52 GMT
content-length: 49
x-envoy-upstream-service-time: 3
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?name=BIDINFLUENCE&uid=73a6fc4f48ca80f3b6c9454f77a18d8b&visitor=9bae63b62cd7a938f32556c5c6b6c3f3

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?name=BIDINFLUENCE&uid=73a6fc4f48ca80f3b6c9454f77a18d8b&visitor=9bae63b62cd7a938f32556c5c6b6c3f3 HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:39:52 GMT
content-length: 49
x-envoy-upstream-service-time: 3
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?name=NEXXEN&ttl=720&uid=146e9da1fca8f0ce5e1ef0b5909cc4cd&visitor=RX-d6b290a7-9475-476c-9e96-018d198e6827-003&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?name=NEXXEN&ttl=720&uid=146e9da1fca8f0ce5e1ef0b5909cc4cd&visitor=RX-d6b290a7-9475-476c-9e96-018d198e6827-003&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:39:52 GMT
content-length: 49
x-envoy-upstream-service-time: 2
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?name=RISE_CODES&ttl=720&uid=48b439bcf2930e6408d6e795f7f1cdd2&visitor=ocN42TY9kp_s&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?name=RISE_CODES&ttl=720&uid=48b439bcf2930e6408d6e795f7f1cdd2&visitor=ocN42TY9kp_s&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://cs-server-s2s.yellowblue.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:39:54 GMT
content-length: 49
x-envoy-upstream-service-time: 2
server: ayl-lb-fra02
DNS

usersync.gumgum.com

chrome.exe

Remote address:

8.8.8.8:53

Request

usersync.gumgum.com

IN A

Response

usersync.gumgum.com

IN A

34.247.233.198

usersync.gumgum.com

IN A

34.247.205.196

usersync.gumgum.com

IN A

52.210.15.1
GET

https://usersync.gumgum.com/usersync?b=apn&i=7743239598165122675

chrome.exe

Remote address:

34.247.233.198:443

Request

GET /usersync?b=apn&i=7743239598165122675 HTTP/1.1
Host: usersync.gumgum.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://rtb.gumgum.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: vst=e_1e527246-1ff7-4792-8838-14ef0c433cb2

Response

HTTP/1.1 200

Date: Wed, 06 Nov 2024 03:39:51 GMT
Content-Type: image/gif
Content-Length: 35
Connection: keep-alive
Cache-Control: private, no-store, must-revalidate, max-age=0
Expires: 0
Pragma: no-cache
GET

https://usersync.gumgum.com/usersync?b=sta&i=Sw9GULuBWDhVAqSq42VnLIrHHSw

chrome.exe

Remote address:

34.247.233.198:443

Request

GET /usersync?b=sta&i=Sw9GULuBWDhVAqSq42VnLIrHHSw HTTP/1.1
Host: usersync.gumgum.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://rtb.gumgum.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: vst=e_1e527246-1ff7-4792-8838-14ef0c433cb2

Response

HTTP/1.1 200

Date: Wed, 06 Nov 2024 03:39:51 GMT
Content-Type: image/gif
Content-Length: 35
Connection: keep-alive
Cache-Control: private, no-store, must-revalidate, max-age=0
Expires: 0
Pragma: no-cache
DNS

eus.rubiconproject.com

chrome.exe

Remote address:

8.8.8.8:53

Request

eus.rubiconproject.com

IN A

Response

eus.rubiconproject.com

IN CNAME

eus.rubiconproject.com.edgekey.net

eus.rubiconproject.com.edgekey.net

IN CNAME

e8960.b.akamaiedge.net

e8960.b.akamaiedge.net

IN A

92.123.242.2
DNS

cs-server-s2s.yellowblue.io

chrome.exe

Remote address:

8.8.8.8:53

Request

cs-server-s2s.yellowblue.io

IN A

Response

cs-server-s2s.yellowblue.io

IN A

3.212.168.182

cs-server-s2s.yellowblue.io

IN A

107.22.211.243

cs-server-s2s.yellowblue.io

IN A

18.211.232.251

cs-server-s2s.yellowblue.io

IN A

3.92.159.128

cs-server-s2s.yellowblue.io

IN A

54.243.219.7

cs-server-s2s.yellowblue.io

IN A

18.211.222.87

cs-server-s2s.yellowblue.io

IN A

18.214.7.230

cs-server-s2s.yellowblue.io

IN A

44.214.212.182
DNS

player.aniview.com

chrome.exe

Remote address:

8.8.8.8:53

Request

player.aniview.com

IN A

Response

player.aniview.com

IN CNAME

stackpath-migration.edgesuite.net

stackpath-migration.edgesuite.net

IN CNAME

a1970.dscd.akamai.net

a1970.dscd.akamai.net

IN A

2.20.12.70

a1970.dscd.akamai.net

IN A

2.20.12.106
GET

https://eus.rubiconproject.com/usync.html?p=gumgum

chrome.exe

Remote address:

92.123.242.2:443

Request

GET /usync.html?p=gumgum HTTP/2.0
host: eus.rubiconproject.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Apache/2.2.15 (CentOS)
last-modified: Thu, 21 Mar 2024 15:32:19 GMT
etag: "28052a-10d-6142d69a886c0"
accept-ranges: bytes
content-encoding: gzip
content-length: 224
content-type: text/html; charset=UTF-8
date: Wed, 06 Nov 2024 03:39:52 GMT
vary: Accept-Encoding
GET

https://eus.rubiconproject.com/usync.html?p=medianet

chrome.exe

Remote address:

92.123.242.2:443

Request

GET /usync.html?p=medianet HTTP/2.0
host: eus.rubiconproject.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
referer: https://contextual.media.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Apache/2.2.15 (CentOS)
last-modified: Thu, 21 Mar 2024 15:32:19 GMT
etag: "28052a-10d-6142d69a886c0"
accept-ranges: bytes
content-encoding: gzip
content-length: 224
content-type: text/html; charset=UTF-8
date: Wed, 06 Nov 2024 03:39:52 GMT
vary: Accept-Encoding
GET

https://eus.rubiconproject.com/usync.js

chrome.exe

Remote address:

92.123.242.2:443

Request

GET /usync.js HTTP/2.0
host: eus.rubiconproject.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://eus.rubiconproject.com/usync.html?p=gumgum
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Apache/2.4.37 (rocky)
x-powered-by: PHP/7.2.24
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
last-modified: Mon, 04 Nov 2024 20:17:01 GMT
content-encoding: gzip
content-length: 11320
content-type: text/html;charset=UTF-8
cache-control: max-age=71037
expires: Wed, 06 Nov 2024 23:23:49 GMT
date: Wed, 06 Nov 2024 03:39:52 GMT
vary: Accept-Encoding
DNS

ssc-cms.33across.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ssc-cms.33across.com

IN A

Response

ssc-cms.33across.com

IN CNAME

pixel.33across.com

pixel.33across.com

IN A

67.202.105.24

pixel.33across.com

IN A

67.202.105.22
DNS

api-2-0.spot.im

chrome.exe

Remote address:

8.8.8.8:53

Request

api-2-0.spot.im

IN A

Response

api-2-0.spot.im

IN CNAME

k8s-kongow-generalp-f832200e79-1219784492.us-east-1.elb.amazonaws.com

k8s-kongow-generalp-f832200e79-1219784492.us-east-1.elb.amazonaws.com

IN A

3.209.5.252

k8s-kongow-generalp-f832200e79-1219784492.us-east-1.elb.amazonaws.com

IN A

3.230.232.213

k8s-kongow-generalp-f832200e79-1219784492.us-east-1.elb.amazonaws.com

IN A

54.81.69.212

k8s-kongow-generalp-f832200e79-1219784492.us-east-1.elb.amazonaws.com

IN A

3.209.55.215

k8s-kongow-generalp-f832200e79-1219784492.us-east-1.elb.amazonaws.com

IN A

54.85.140.28

k8s-kongow-generalp-f832200e79-1219784492.us-east-1.elb.amazonaws.com

IN A

44.215.165.164
DNS

bc-sync.com

chrome.exe

Remote address:

8.8.8.8:53

Request

bc-sync.com

IN A

Response

bc-sync.com

IN A

8.2.108.175
DNS

sync.1rx.io

chrome.exe

Remote address:

8.8.8.8:53

Request

sync.1rx.io

IN A

Response

sync.1rx.io

IN A

46.228.174.117
GET

https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0015a00003HljHyAAJ&ru=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3D33ACROSS%26ttl%3D720%26uid%3D2f9442d7df2189f76c8b593d5f54ce95%26visitor%3D33XUSERID33X%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

67.202.105.24:443

Request

GET /ps/?m=xch&rt=html&id=0015a00003HljHyAAJ&ru=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3D33ACROSS%26ttl%3D720%26uid%3D2f9442d7df2189f76c8b593d5f54ce95%26visitor%3D33XUSERID33X%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: ssc-cms.33across.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

x-33x-status: 2000208
server: 33XP014
date: Wed, 06 Nov 2024 03:39:51 GMT
GET

https://player.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html?pid=62f53b2c7850d0786f227f64&r=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3DANIVIEW%26ttl%3D720%26uid%3De8ecb87ff2ef3a3b16ba16c51e7986ac%26visitor%3D%5BAV_UID%5D%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

2.20.12.70:443

Request

GET /ssync/62f53b2c7850d0786f227f64/ssync.html?pid=62f53b2c7850d0786f227f64&r=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3DANIVIEW%26ttl%3D720%26uid%3De8ecb87ff2ef3a3b16ba16c51e7986ac%26visitor%3D%5BAV_UID%5D%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/1.1
Host: player.aniview.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://visitor.omnitagjs.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Last-Modified: Thu, 25 Jul 2024 11:37:12 GMT
ETag: "15a46f2f4450880eb635e62a551bbd04"
x-goog-generation: 1721907432551634
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 5380
Content-Type: text/html
x-goog-hash: crc32c=X7Uy+Q==
x-goog-hash: md5=FaRvL0RQiA62NeYqVRu9BA==
x-goog-storage-class: MULTI_REGIONAL
Accept-Ranges: bytes
Access-Control-Expose-Headers: Content-Type
X-GUploader-UploadID: AHxI1nPGaqKVgrmZwiBdXD5vw9WM5dw53rgMriuvjyF8qp5p3e6Z1TCTWFUMOsdcU6VAEKZh9NI
Server: UploadServer
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: public, max-age=900
Expires: Wed, 06 Nov 2024 03:54:52 GMT
Date: Wed, 06 Nov 2024 03:39:52 GMT
Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Content-Length: 1683
Connection: keep-alive
Access-Control-Allow-Origin: *
DNS

image8.pubmatic.com

chrome.exe

Remote address:

8.8.8.8:53

Request

image8.pubmatic.com

IN A

Response

image8.pubmatic.com

IN CNAME

image8-v2.pubmnet.com

image8-v2.pubmnet.com

IN CNAME

imagsync-lhrpairbc.pubmatic.com

imagsync-lhrpairbc.pubmatic.com

IN A

185.64.191.214
DNS

csync.loopme.me

chrome.exe

Remote address:

8.8.8.8:53

Request

csync.loopme.me

IN A

Response

csync.loopme.me

IN CNAME

envoy-hl.envoy-csync.core-002-ew4.ov1o.com

envoy-hl.envoy-csync.core-002-ew4.ov1o.com

IN A

35.214.205.154

envoy-hl.envoy-csync.core-002-ew4.ov1o.com

IN A

35.214.236.216

envoy-hl.envoy-csync.core-002-ew4.ov1o.com

IN A

35.214.149.211

envoy-hl.envoy-csync.core-002-ew4.ov1o.com

IN A

35.214.151.172

envoy-hl.envoy-csync.core-002-ew4.ov1o.com

IN A

35.214.235.191

envoy-hl.envoy-csync.core-002-ew4.ov1o.com

IN A

35.214.161.124

envoy-hl.envoy-csync.core-002-ew4.ov1o.com

IN A

35.214.132.236

envoy-hl.envoy-csync.core-002-ew4.ov1o.com

IN A

35.214.185.77

envoy-hl.envoy-csync.core-002-ew4.ov1o.com

IN A

35.214.209.225

envoy-hl.envoy-csync.core-002-ew4.ov1o.com

IN A

35.214.216.122

envoy-hl.envoy-csync.core-002-ew4.ov1o.com

IN A

35.214.214.217

envoy-hl.envoy-csync.core-002-ew4.ov1o.com

IN A

35.214.210.232
DNS

jadserve.postrelease.com

chrome.exe

Remote address:

8.8.8.8:53

Request

jadserve.postrelease.com

IN A

Response

jadserve.postrelease.com

IN CNAME

jadserve.postrelease.com.akadns.net

jadserve.postrelease.com.akadns.net

IN A

52.31.108.193

jadserve.postrelease.com.akadns.net

IN A

52.18.167.44
DNS

sync-service.net

chrome.exe

Remote address:

8.8.8.8:53

Request

sync-service.net

IN A

Response

sync-service.net

IN A

204.62.12.209
GET

https://csync.loopme.me/?pubid=11480&redirect=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fuid%3D68c72dd412a8d0f3f6d2276db2509939%26name%3DLOOPME%26visitor%3D%7Bdevice_id%7D&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

35.214.205.154:443

Request

GET /?pubid=11480&redirect=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fuid%3D68c72dd412a8d0f3f6d2276db2509939%26name%3DLOOPME%26visitor%3D%7Bdevice_id%7D&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: csync.loopme.me
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 307

set-cookie: viewer_token=630e474c-39b1-4e7e-971f-617b8538d734; path=/; domain=csync.loopme.me; secure; HttpOnly; Expires=Thu, 06-Feb-2025 03:39:52 GMT; SameSite=None
location: https://visitor.omnitagjs.com/visitor/sync?uid=68c72dd412a8d0f3f6d2276db2509939&name=LOOPME&visitor=630e474c-39b1-4e7e-971f-617b8538d734&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1
content-length: 0
date: Wed, 06 Nov 2024 03:39:52 GMT
server: _
GET

https://sync-service.net/ssp?token=0K3iZk8wcIw5&pl=bi&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

204.62.12.209:443

Request

GET /ssp?token=0K3iZk8wcIw5&pl=bi&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/1.1
Host: sync-service.net
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://visitor.omnitagjs.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 06 Nov 2024 03:39:52 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: bcc_cookie_id=9bae63b62cd7a938f32556c5c6b6c3f3; path=/; expires=Thu, 06 Nov 2025 03:39:52 GMT; HttpOnly
Location: https://visitor.omnitagjs.com/visitor/sync?name=BIDINFLUENCE&uid=73a6fc4f48ca80f3b6c9454f77a18d8b&visitor=9bae63b62cd7a938f32556c5c6b6c3f3
DNS

hbx.media.net

chrome.exe

Remote address:

8.8.8.8:53

Request

hbx.media.net

IN A

Response

hbx.media.net

IN A

2.23.220.28
DNS

gum.criteo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

gum.criteo.com

IN A

Response

gum.criteo.com

IN CNAME

gum.nl3.vip.prod.criteo.com

gum.nl3.vip.prod.criteo.com

IN A

178.250.1.11
GET

https://hbx.media.net/pubcid.php?itype=HB&cb=window.advBidxc.mnetCoRtusId

chrome.exe

Remote address:

2.23.220.28:443

Request

GET /pubcid.php?itype=HB&cb=window.advBidxc.mnetCoRtusId HTTP/2.0
host: hbx.media.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://contextual.media.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: visitor-id=3738659910494091000V10

Response

HTTP/2.0 200

server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=86400 ; includeSubDomains
strict-transport-security: max-age=604800
alt-svc: h3=":443"; ma=93600
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=1800
expires: Wed, 06 Nov 2024 04:09:52 GMT
date: Wed, 06 Nov 2024 03:39:52 GMT
content-length: 18543
GET

https://cs.media.net/cksync?type=g&cs=8&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&google_gid=CAESEIX401_NKXS-u7-kU4MVVmw&google_cver=1

chrome.exe

Remote address:

2.23.220.28:443

Request

GET /cksync?type=g&cs=8&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&google_gid=CAESEIX401_NKXS-u7-kU4MVVmw&google_cver=1 HTTP/2.0
host: cs.media.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://contextual.media.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: visitor-id=3738659910494091000V10

Response

HTTP/2.0 200

server: Apache
content-length: 59
content-type: image/gif
set-cookie: data-g=CAESEIX401_NKXS-u7-kU4MVVmw~~8;Expires=Wed, 20 Nov 2024 03:39:52 GMT;path=/;domain=.media.net; sameSite=none; secure=true
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
x-mnet-hl2: E
expires: Wed, 06 Nov 2024 03:39:52 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 06 Nov 2024 03:39:52 GMT
DNS

id.rlcdn.com

chrome.exe

Remote address:

8.8.8.8:53

Request

id.rlcdn.com

IN A

Response

id.rlcdn.com

IN A

35.244.174.68
GET

https://id.rlcdn.com/711333.gif?&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

35.244.174.68:443

Request

GET /711333.gif?&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: id.rlcdn.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

c21lg-d.media.net

chrome.exe

Remote address:

8.8.8.8:53

Request

c21lg-d.media.net

IN A

Response

c21lg-d.media.net

IN CNAME

star.media.net.edgekey.net

star.media.net.edgekey.net

IN CNAME

e607.d.akamaiedge.net

e607.d.akamaiedge.net

IN A

2.23.220.28
DNS

bttrack.com

chrome.exe

Remote address:

8.8.8.8:53

Request

bttrack.com

IN A

Response

bttrack.com

IN A

192.132.33.69

bttrack.com

IN A

192.132.33.68

bttrack.com

IN A

192.132.33.67
GET

https://c21lg-d.media.net/log?logid=kfk&evtid=cs&del=1&vsid=3738659910494091000V10&origin=1&flt=0&pvgid[]=data-p&pvgid[]=data-b&pvgid[]=data-t&pvgid[]=data-sov&pvgid[]=data-r1&pvgid[]=data-pb&pvgid[]=data-k&pvgid[]=data-tx&pvgid[]=data-ct&pvgid[]=data-xu

chrome.exe

Remote address:

2.23.220.28:443

Request

GET /log?logid=kfk&evtid=cs&del=1&vsid=3738659910494091000V10&origin=1&flt=0&pvgid[]=data-p&pvgid[]=data-b&pvgid[]=data-t&pvgid[]=data-sov&pvgid[]=data-r1&pvgid[]=data-pb&pvgid[]=data-k&pvgid[]=data-tx&pvgid[]=data-ct&pvgid[]=data-xu HTTP/1.1
Host: c21lg-d.media.net
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://contextual.media.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: visitor-id=3738659910494091000V10

Response

HTTP/1.1 200 OK

Content-Type: image/gif
Access-Control-Allow-Origin: *
Content-Length: 35
Expires: Wed, 06 Nov 2024 03:39:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 06 Nov 2024 03:39:52 GMT
Connection: keep-alive
GET

https://c21lg-d.media.net/log?logid=kfk&evtid=cs&origin=1&pvgid=data-con&ovsid=0420b624-c0f5-4dca-8cf5-bc06d32ba0e6&cs=15&vsid=3738659910494091000V10

chrome.exe

Remote address:

2.23.220.28:443

Request

GET /log?logid=kfk&evtid=cs&origin=1&pvgid=data-con&ovsid=0420b624-c0f5-4dca-8cf5-bc06d32ba0e6&cs=15&vsid=3738659910494091000V10 HTTP/1.1
Host: c21lg-d.media.net
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://contextual.media.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: visitor-id=3738659910494091000V10; data-g=CAESEIX401_NKXS-u7-kU4MVVmw~~8

Response

HTTP/1.1 200 OK

Content-Type: image/gif
Access-Control-Allow-Origin: *
Content-Length: 35
Expires: Wed, 06 Nov 2024 03:39:54 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 06 Nov 2024 03:39:54 GMT
Connection: keep-alive
DNS

medianet-match.dotomi.com

chrome.exe

Remote address:

8.8.8.8:53

Request

medianet-match.dotomi.com

IN A

Response

medianet-match.dotomi.com

IN CNAME

bfp.global.dual.dotomi.weighted.com.akadns.net

bfp.global.dual.dotomi.weighted.com.akadns.net

IN A

89.207.16.204
DNS

cs.media.net

chrome.exe

Remote address:

8.8.8.8:53

Request

cs.media.net

IN A

Response

cs.media.net

IN A

2.23.220.28
DNS

sync.aniview.com

chrome.exe

Remote address:

8.8.8.8:53

Request

sync.aniview.com

IN A

Response

sync.aniview.com

IN CNAME

sync-sc-main-was.aniview.com

sync-sc-main-was.aniview.com

IN A

172.240.45.96
DNS

dis.criteo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

dis.criteo.com

IN A

Response

dis.criteo.com

IN CNAME

widget.nl3.vip.prod.criteo.com

widget.nl3.vip.prod.criteo.com

IN A

178.250.1.9
DNS

token.rubiconproject.com

chrome.exe

Remote address:

8.8.8.8:53

Request

token.rubiconproject.com

IN A

Response

token.rubiconproject.com

IN CNAME

pixel.rubiconproject.net.akadns.net

pixel.rubiconproject.net.akadns.net

IN A

69.173.156.149

pixel.rubiconproject.net.akadns.net

IN A

69.173.156.148
DNS

sync.targeting.unrulymedia.com

chrome.exe

Remote address:

8.8.8.8:53

Request

sync.targeting.unrulymedia.com

IN A

Response

sync.targeting.unrulymedia.com

IN CNAME

sync.1rx.io

sync.1rx.io

IN A

46.228.174.117
GET

https://token.rubiconproject.com/khaos.json?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

chrome.exe

Remote address:

69.173.156.149:443

Request

GET /khaos.json?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1 HTTP/1.1
Host: token.rubiconproject.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Origin: https://eus.rubiconproject.com
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://eus.rubiconproject.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 679a29ceeaceebfd6e7691896e630e16
access-control-allow-credentials: true
access-control-allow-origin: https://eus.rubiconproject.com
content-type: application/json; charset=UTF-8
content-length: 7
GET

https://token.rubiconproject.com/khaos.json?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

chrome.exe

Remote address:

69.173.156.149:443

Request

GET /khaos.json?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1 HTTP/1.1
Host: token.rubiconproject.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Origin: https://eus.rubiconproject.com
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://eus.rubiconproject.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 679a29ceeaceebfd6e7691896e630e16
access-control-allow-credentials: true
access-control-allow-origin: https://eus.rubiconproject.com
content-type: application/json; charset=UTF-8
content-length: 7
GET

https://token.rubiconproject.com/khaos.json?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

chrome.exe

Remote address:

69.173.156.149:443

Request

GET /khaos.json?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1 HTTP/1.1
Host: token.rubiconproject.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Origin: https://eus.rubiconproject.com
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://eus.rubiconproject.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 679a29ceeaceebfd6e7691896e630e16
access-control-allow-credentials: true
access-control-allow-origin: https://eus.rubiconproject.com
content-type: application/json; charset=UTF-8
content-length: 7
GET

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17184&endpoint=us-east

chrome.exe

Remote address:

23.215.239.190:443

Request

GET /utils/xapi/multi-sync.html?p=17184&endpoint=us-east HTTP/2.0
host: secure-assets.rubiconproject.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://player.aniview.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

server: AkamaiGHost
content-length: 0
location: https://eus.rubiconproject.com/usync.html?p=17184&endpoint=us-east
date: Wed, 06 Nov 2024 03:39:53 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
GET

https://eus.rubiconproject.com/usync.html?p=17184&endpoint=us-east

chrome.exe

Remote address:

92.123.242.2:443

Request

GET /usync.html?p=17184&endpoint=us-east HTTP/2.0
host: eus.rubiconproject.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
referer: https://player.aniview.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Apache/2.2.15 (CentOS)
last-modified: Thu, 21 Mar 2024 15:32:19 GMT
etag: "28052a-10d-6142d69a886c0"
accept-ranges: bytes
content-encoding: gzip
content-length: 224
content-type: text/html; charset=UTF-8
date: Wed, 06 Nov 2024 03:39:53 GMT
vary: Accept-Encoding
DNS

pixel-sync.sitescout.com

chrome.exe

Remote address:

8.8.8.8:53

Request

pixel-sync.sitescout.com

IN A

Response

pixel-sync.sitescout.com

IN A

34.36.216.150
GET

https://usersync.gumgum.com/usersync?b=vnt&i=0f888dcc-cb3e-4d62-917c-cb57b8329fc4

chrome.exe

Remote address:

34.247.233.198:443

Request

GET /usersync?b=vnt&i=0f888dcc-cb3e-4d62-917c-cb57b8329fc4 HTTP/1.1
Host: usersync.gumgum.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://rtb.gumgum.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: vst=e_1e527246-1ff7-4792-8838-14ef0c433cb2

Response

HTTP/1.1 200

Date: Wed, 06 Nov 2024 03:39:54 GMT
Content-Type: image/gif
Content-Length: 35
Connection: keep-alive
Cache-Control: private, no-store, must-revalidate, max-age=0
Expires: 0
Pragma: no-cache
GET

https://ap.lijit.com/pixel?us_privacy=&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&redir=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D%26biddername%3D18%26key%3D%24UID

chrome.exe

Remote address:

3.251.12.140:443

Request

GET /pixel?us_privacy=&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&redir=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D%26biddername%3D18%26key%3D%24UID HTTP/2.0
host: ap.lijit.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://player.aniview.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y
cookie: ljtrtbexp=eJyrVrIwVrIyNDc2MjA3trQ00FGyMEHjm6HyjSB8A0sDc1MQ3wRFfy0AnGQQYA%3D%3D

Response

HTTP/2.0 307

date: Wed, 06 Nov 2024 03:39:54 GMT
content-length: 0
location: https://sync.aniview.com/cookiesyncendpoint?auid=&biddername=18&key=Jno7ABZHcfCkY9miSFGVuR2Y
vary: Accept-Encoding
set-cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y;Version=1;Domain=.lijit.com;Path=/;Max-Age=31536000;Secure; SameSite=None;
access-control-allow-origin: *
access-control-allow-methods: GET, POST, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
GET

https://ap.lijit.com/pixel?gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&redir=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11607%26uid%3D%24UID

chrome.exe

Remote address:

3.251.12.140:443

Request

GET /pixel?gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&redir=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11607%26uid%3D%24UID HTTP/2.0
host: ap.lijit.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cs-server-s2s.yellowblue.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y
cookie: ljtrtbexp=eJyrVrIwVrIyNDc2MjA3trQ00FGyMEHjm6HyjSB8A0sDc1MQ3wRFfy0AnGQQYA%3D%3D

Response

HTTP/2.0 307

date: Wed, 06 Nov 2024 03:39:54 GMT
content-length: 0
location: https://cs-server-s2s.yellowblue.io/cs?aid=11607&uid=Jno7ABZHcfCkY9miSFGVuR2Y
vary: Accept-Encoding
set-cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y;Version=1;Domain=.lijit.com;Path=/;Max-Age=31536000;Secure; SameSite=None;
access-control-allow-origin: *
access-control-allow-methods: GET, POST, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
DNS

match.prod.bidr.io

chrome.exe

Remote address:

8.8.8.8:53

Request

match.prod.bidr.io

IN A

Response

match.prod.bidr.io

IN A

34.246.139.66

match.prod.bidr.io

IN A

3.248.173.67

match.prod.bidr.io

IN A

54.170.20.205

match.prod.bidr.io

IN A

34.248.243.155

match.prod.bidr.io

IN A

52.16.65.27

match.prod.bidr.io

IN A

54.247.20.233

match.prod.bidr.io

IN A

54.155.111.174
DNS

casale-match.dotomi.com

chrome.exe

Remote address:

8.8.8.8:53

Request

casale-match.dotomi.com

IN A

Response

casale-match.dotomi.com

IN CNAME

bfp.global.dual.dotomi.weighted.com.akadns.net

bfp.global.dual.dotomi.weighted.com.akadns.net

IN A

63.215.202.140
GET

https://csync.loopme.me/?pubid=11466&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D24%26external_user_id%3D%7Bviewer_token%7D&us_privacy=&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gpp=&gpp_sid=

chrome.exe

Remote address:

35.214.205.154:443

Request

GET /?pubid=11466&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D24%26external_user_id%3D%7Bviewer_token%7D&us_privacy=&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gpp=&gpp_sid= HTTP/2.0
host: csync.loopme.me
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ssum-sec.casalemedia.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: viewer_token=630e474c-39b1-4e7e-971f-617b8538d734

Response

HTTP/2.0 307

set-cookie: viewer_token=630e474c-39b1-4e7e-971f-617b8538d734; path=/; domain=csync.loopme.me; secure; HttpOnly; Expires=Thu, 06-Feb-2025 03:39:54 GMT; SameSite=None
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=630e474c-39b1-4e7e-971f-617b8538d734&gpp_sid=null&gpp=null&us_privacy=null&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1
content-length: 0
date: Wed, 06 Nov 2024 03:39:54 GMT
server: _
GET

https://csync.loopme.me/?pubid=11362&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&redirect=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11571%26id%3D%7Bdevice_id%7D

chrome.exe

Remote address:

35.214.205.154:443

Request

GET /?pubid=11362&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&redirect=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11571%26id%3D%7Bdevice_id%7D HTTP/2.0
host: csync.loopme.me
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://cs-server-s2s.yellowblue.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: viewer_token=630e474c-39b1-4e7e-971f-617b8538d734

Response

HTTP/2.0 307

set-cookie: viewer_token=630e474c-39b1-4e7e-971f-617b8538d734; path=/; domain=csync.loopme.me; secure; HttpOnly; Expires=Thu, 06-Feb-2025 03:39:54 GMT; SameSite=None
location: https://cs-server-s2s.yellowblue.io/cs?aid=11571&id=630e474c-39b1-4e7e-971f-617b8538d734&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1
content-length: 0
date: Wed, 06 Nov 2024 03:39:54 GMT
server: _
DNS

pm.w55c.net

chrome.exe

Remote address:

8.8.8.8:53

Request

pm.w55c.net

IN A

Response

pm.w55c.net

IN CNAME

cdn.w55c.net

cdn.w55c.net

IN A

3.248.27.53

cdn.w55c.net

IN A

54.171.131.187

cdn.w55c.net

IN A

99.80.216.230
DNS

sync-tm.everesttech.net

chrome.exe

Remote address:

8.8.8.8:53

Request

sync-tm.everesttech.net

IN A

Response

sync-tm.everesttech.net

IN CNAME

sync.tubemogul.com

sync.tubemogul.com

IN CNAME

syncf.tubemogul.com

syncf.tubemogul.com

IN CNAME

h2.shared.global.fastly.net

h2.shared.global.fastly.net

IN A

151.101.130.49

h2.shared.global.fastly.net

IN A

151.101.2.49

h2.shared.global.fastly.net

IN A

151.101.194.49

h2.shared.global.fastly.net

IN A

151.101.66.49
DNS

cdn.indexww.com

chrome.exe

Remote address:

8.8.8.8:53

Request

cdn.indexww.com

IN A

Response

cdn.indexww.com

IN A

104.18.38.76

cdn.indexww.com

IN A

172.64.149.180
GET

https://cdn.indexww.com/ht/htw-pixel.gif?ZyrlBbmqPkgAAGCeAgrT.wAA%265050=&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

104.18.38.76:443

Request

GET /ht/htw-pixel.gif?ZyrlBbmqPkgAAGCeAgrT.wAA%265050=&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: cdn.indexww.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ssum-sec.casalemedia.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:39:54 GMT
content-type: image/gif
content-length: 43
last-modified: Tue, 24 Jan 2017 19:36:04 GMT
etag: "da1f1d-2b-546dc3a097100"
cache-control: public, max-age=86400
expires: Thu, 07 Nov 2024 03:39:54 GMT
edge-control: cache-maxage=1h
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cf-cache-status: HIT
age: 33389
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8de20f202eda4999-LHR
DNS

ib.adnxs.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ib.adnxs.com

IN A

Response

ib.adnxs.com

IN CNAME

xandr-g-geo.trafficmanager.net

xandr-g-geo.trafficmanager.net

IN CNAME

ib.anycast.adnxs.com

ib.anycast.adnxs.com

IN A

185.89.210.212

ib.anycast.adnxs.com

IN A

185.89.210.82

ib.anycast.adnxs.com

IN A

185.89.210.46

ib.anycast.adnxs.com

IN A

185.89.210.20

ib.anycast.adnxs.com

IN A

185.89.210.153

ib.anycast.adnxs.com

IN A

185.89.211.116

ib.anycast.adnxs.com

IN A

185.89.210.180

ib.anycast.adnxs.com

IN A

185.89.210.244

ib.anycast.adnxs.com

IN A

185.89.211.84

ib.anycast.adnxs.com

IN A

185.89.210.122

ib.anycast.adnxs.com

IN A

185.89.210.90

ib.anycast.adnxs.com

IN A

185.89.210.141
DNS

match.sharethrough.com

chrome.exe

Remote address:

8.8.8.8:53

Request

match.sharethrough.com

IN A

Response

match.sharethrough.com

IN CNAME

match-eu-central-1-ecs.sharethrough.com

match-eu-central-1-ecs.sharethrough.com

IN A

18.195.234.25
DNS

cdn-download.avgbrowser.com

chrome.exe

Remote address:

8.8.8.8:53

Request

cdn-download.avgbrowser.com

IN A

Response

cdn-download.avgbrowser.com

IN CNAME

cdn-prod-download.browser.akamaized.net

cdn-prod-download.browser.akamaized.net

IN CNAME

a333.dscd.akamai.net

a333.dscd.akamai.net

IN A

2.20.12.107

a333.dscd.akamai.net

IN A

2.20.12.82
GET

https://cdn-download.avgbrowser.com/avg/avg_secure_browser_setup.exe?nouac=1&cid=9228

chrome.exe

Remote address:

2.20.12.107:443

Request

GET /avg/avg_secure_browser_setup.exe?nouac=1&cid=9228 HTTP/1.1
Host: cdn-download.avgbrowser.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://mandela-invasion.en.softonic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 6117104
Pragma: public
content-disposition: attachment; filename="avg_secure_browser_setup.exe"
Last-Modified: Wed, 06 Nov 2024 01:00:33 GMT
ETag: 0dc93e1f58cbb736598ce7fa7ecefa33
Accept-Ranges: bytes
cf-cache-status: DYNAMIC
Server: cloudflare
CF-RAY: 8de1c666cc20952c-LHR
Cache-Control: public, must-revalidate, max-age=0, post-check=0, pre-check=0
Expires: Wed, 06 Nov 2024 03:39:55 GMT
Date: Wed, 06 Nov 2024 03:39:55 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
GET

https://www.clarity.ms/tag/n22abp4c18

chrome.exe

Remote address:

13.107.246.65:443

Request

GET /tag/n22abp4c18 HTTP/2.0
host: www.clarity.ms
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: CLID=c8802170a4914d16b9dc460d332019fe.20241106.20251106

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:40:02 GMT
content-type: application/x-javascript
content-length: 701
cache-control: no-cache, no-store
expires: -1
request-context: appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8
x-azure-ref: 20241106T034002Z-r1559f78f6b99vwxhC1LONvpkw000000014000000000661f
x-cache: CONFIG_NOCACHE
accept-ranges: bytes
DNS

connect.facebook.net

chrome.exe

Remote address:

8.8.8.8:53

Request

connect.facebook.net

IN A

Response

connect.facebook.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

163.70.151.21
GET

https://btloader.com/tag?o=5633429348548608&upapi=true

chrome.exe

Remote address:

104.22.75.216:443

Request

GET /tag?o=5633429348548608&upapi=true HTTP/2.0
host: btloader.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
if-none-match: "ac26a6b901db30402db9ea05b3198682"
if-modified-since: Wed, 06 Nov 2024 02:46:45 GMT

Response

HTTP/2.0 304

date: Wed, 06 Nov 2024 03:40:02 GMT
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
etag: "ac26a6b901db30402db9ea05b3198682"
last-modified: Wed, 06 Nov 2024 02:46:45 GMT
vary: Origin, Accept-Encoding
x-robots-tag: noindex, nofollow
via: 1.1 google
cf-cache-status: HIT
age: 3012
server: cloudflare
cf-ray: 8de20f5408ab7753-LHR
GET

https://aax.amazon-adsystem.com/e/dtb/bid?src=3177&u=https%3A%2F%2Fmandela-invasion.en.softonic.com%2Fdownload&pr=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&pid=F65XXwizcbQuS&cb=0&ws=1280x552&v=24.910.1025&t=1000&slots=%5B%7B%22sd%22%3A%22top-mpu-1__ad%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%2C%22300x180%22%2C%22300x150%22%2C%22250x250%22%2C%22200x200%22%2C%22180x150%22%2C%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FDownload%2FATF_MPU_First%22%7D%2C%7B%22sd%22%3A%22top-leaderboard-1__ad%22%2C%22s%22%3A%5B%221x1%22%2C%22970x250%22%2C%22970x90%22%2C%22960x90%22%2C%22950x90%22%2C%22728x90%22%2C%22500x90%22%2C%22468x90%22%2C%22468x60%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FDownload%2FATF_Leaderboard_First%22%7D%2C%7B%22sd%22%3A%22td-top-mpu-bf__ad%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x180%22%2C%22250x250%22%2C%22200x200%22%2C%22180x150%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FDownload%2FATF_MPU%22%7D%5D&sm=4added60-a844-42c5-a4d9-a874909f5060&gdpre=1&gdprc=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

chrome.exe

Remote address:

108.156.255.231:443

Request

GET /e/dtb/bid?src=3177&u=https%3A%2F%2Fmandela-invasion.en.softonic.com%2Fdownload&pr=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&pid=F65XXwizcbQuS&cb=0&ws=1280x552&v=24.910.1025&t=1000&slots=%5B%7B%22sd%22%3A%22top-mpu-1__ad%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%2C%22300x180%22%2C%22300x150%22%2C%22250x250%22%2C%22200x200%22%2C%22180x150%22%2C%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FDownload%2FATF_MPU_First%22%7D%2C%7B%22sd%22%3A%22top-leaderboard-1__ad%22%2C%22s%22%3A%5B%221x1%22%2C%22970x250%22%2C%22970x90%22%2C%22960x90%22%2C%22950x90%22%2C%22728x90%22%2C%22500x90%22%2C%22468x90%22%2C%22468x60%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FDownload%2FATF_Leaderboard_First%22%7D%2C%7B%22sd%22%3A%22td-top-mpu-bf__ad%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x180%22%2C%22250x250%22%2C%22200x200%22%2C%22180x150%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FDownload%2FATF_MPU%22%7D%5D&sm=4added60-a844-42c5-a4d9-a874909f5060&gdpre=1&gdprc=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D HTTP/2.0
host: aax.amazon-adsystem.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8
cookie: ad-privacy=0

Response

HTTP/2.0 200

content-type: text/javascript;charset=UTF-8
content-length: 304
content-encoding: gzip
access-control-allow-origin: https://mandela-invasion.en.softonic.com
access-control-allow-credentials: true
date: Wed, 06 Nov 2024 03:40:03 GMT
server: Server
x-cache: Miss from cloudfront
via: 1.1 271c2e1e305f31b0f14837cad3c843b0.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: ItL0SEsoP7QVU3DqCMJapaXmqEqHe6lvY-fY4aDfeSxDQYqebMoWFg==
GET

https://aax.amazon-adsystem.com/e/dtb/bid?src=3177&u=https%3A%2F%2Fmandela-invasion.en.softonic.com%2Fdownload&pr=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&pid=F65XXwizcbQuS&cb=1&ws=1280x552&v=24.910.1025&t=1000&slots=%5B%7B%22sd%22%3A%22bottom-leaderboard-1__ad%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%2C%22468x60%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FDownload%2FBTF_Leaderboard_First%22%7D%5D&sm=4added60-a844-42c5-a4d9-a874909f5060&gdpre=1&gdprc=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&vm=%7B%22ids%22%3A%7B%22id5%22%3A%22ID5*PQaQzypadknTCxaxK8KL0Ccn-h2BJVkcbIPwo2L86ePWA20snZ5npnV9pTaFOcoE1gKBgs3RvLAE0UDoSKADGdYGt388ta-x906GccY3xCTWCQbECCR86Z96mYSBoUoh1hSOzw99JFRrkHOZqbY7vdYcNL-Ofil0LA9RLwIy3wPWICoti5MaDuwZgnHvzulf1jC2W6BgGgJBcRSK5gNQwtY-_whFlMgpYhD6kOscYrPWQHUcUFYzD27TwoECqkbp1kq4beCWJn_9lmIqvoY4BtZMI7XenJ2_zuQm_cPP784%22%7D%7D

chrome.exe

Remote address:

108.156.255.231:443

Request

GET /e/dtb/bid?src=3177&u=https%3A%2F%2Fmandela-invasion.en.softonic.com%2Fdownload&pr=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&pid=F65XXwizcbQuS&cb=1&ws=1280x552&v=24.910.1025&t=1000&slots=%5B%7B%22sd%22%3A%22bottom-leaderboard-1__ad%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%2C%22468x60%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FDownload%2FBTF_Leaderboard_First%22%7D%5D&sm=4added60-a844-42c5-a4d9-a874909f5060&gdpre=1&gdprc=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&vm=%7B%22ids%22%3A%7B%22id5%22%3A%22ID5*PQaQzypadknTCxaxK8KL0Ccn-h2BJVkcbIPwo2L86ePWA20snZ5npnV9pTaFOcoE1gKBgs3RvLAE0UDoSKADGdYGt388ta-x906GccY3xCTWCQbECCR86Z96mYSBoUoh1hSOzw99JFRrkHOZqbY7vdYcNL-Ofil0LA9RLwIy3wPWICoti5MaDuwZgnHvzulf1jC2W6BgGgJBcRSK5gNQwtY-_whFlMgpYhD6kOscYrPWQHUcUFYzD27TwoECqkbp1kq4beCWJn_9lmIqvoY4BtZMI7XenJ2_zuQm_cPP784%22%7D%7D HTTP/2.0
host: aax.amazon-adsystem.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8
cookie: ad-privacy=0

Response

HTTP/2.0 200

content-type: text/javascript;charset=UTF-8
content-length: 573
content-encoding: gzip
access-control-allow-origin: https://mandela-invasion.en.softonic.com
access-control-allow-credentials: true
date: Wed, 06 Nov 2024 03:40:05 GMT
server: Server
x-cache: Miss from cloudfront
via: 1.1 271c2e1e305f31b0f14837cad3c843b0.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: M8a-MDPpK_r5t0X5hSaBOvYMbDlXiKjxogQpvL8I5rJ3ECVq3BSEUA==
GET

https://aax.amazon-adsystem.com/e/dtb/bid?src=3177&u=https%3A%2F%2Fen.softonic.com%2Fdownload%2Fmandela-invasion%2Fwindows%2Fpost-download&pid=v4UIsHqAp4snf&cb=0&ws=1280x552&v=24.910.1025&t=1000&slots=%5B%7B%22sd%22%3A%22top-mpu-2__ad%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%2C%22300x180%22%2C%22300x150%22%2C%22250x250%22%2C%22200x200%22%2C%22180x150%22%2C%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FPostDownload%2FATF_MPU_Second%22%7D%2C%7B%22sd%22%3A%22top-leaderboard-1__ad%22%2C%22s%22%3A%5B%221x1%22%2C%22970x250%22%2C%22970x90%22%2C%22960x90%22%2C%22950x90%22%2C%22728x90%22%2C%22500x90%22%2C%22468x90%22%2C%22468x60%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FPostDownload%2FATF_Leaderboard_First%22%7D%2C%7B%22sd%22%3A%22td-top-mpu-bf__ad%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x180%22%2C%22250x250%22%2C%22200x200%22%2C%22180x150%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FPostDownload%2FATF_MPU%22%7D%5D&pj=%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22platform%22%3A%7B%22brand%22%3A%22Windows%22%7D%2C%22browsers%22%3A%5B%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%5B%22106%22%5D%7D%2C%7B%22brand%22%3A%22Google+Chrome%22%2C%22version%22%3A%5B%22106%22%5D%7D%2C%7B%22brand%22%3A%22Not%3BA%3DBrand%22%2C%22version%22%3A%5B%2299%22%5D%7D%5D%7D%7D%7D&sm=9ab0359c-cdc4-4111-87ee-a11cf8dd16ca&gdpre=1&gdprc=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

chrome.exe

Remote address:

108.156.255.231:443

Request

GET /e/dtb/bid?src=3177&u=https%3A%2F%2Fen.softonic.com%2Fdownload%2Fmandela-invasion%2Fwindows%2Fpost-download&pid=v4UIsHqAp4snf&cb=0&ws=1280x552&v=24.910.1025&t=1000&slots=%5B%7B%22sd%22%3A%22top-mpu-2__ad%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%2C%22300x180%22%2C%22300x150%22%2C%22250x250%22%2C%22200x200%22%2C%22180x150%22%2C%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FPostDownload%2FATF_MPU_Second%22%7D%2C%7B%22sd%22%3A%22top-leaderboard-1__ad%22%2C%22s%22%3A%5B%221x1%22%2C%22970x250%22%2C%22970x90%22%2C%22960x90%22%2C%22950x90%22%2C%22728x90%22%2C%22500x90%22%2C%22468x90%22%2C%22468x60%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FPostDownload%2FATF_Leaderboard_First%22%7D%2C%7B%22sd%22%3A%22td-top-mpu-bf__ad%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x180%22%2C%22250x250%22%2C%22200x200%22%2C%22180x150%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FPostDownload%2FATF_MPU%22%7D%5D&pj=%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22platform%22%3A%7B%22brand%22%3A%22Windows%22%7D%2C%22browsers%22%3A%5B%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%5B%22106%22%5D%7D%2C%7B%22brand%22%3A%22Google+Chrome%22%2C%22version%22%3A%5B%22106%22%5D%7D%2C%7B%22brand%22%3A%22Not%3BA%3DBrand%22%2C%22version%22%3A%5B%2299%22%5D%7D%5D%7D%7D%7D&sm=9ab0359c-cdc4-4111-87ee-a11cf8dd16ca&gdpre=1&gdprc=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D HTTP/2.0
host: aax.amazon-adsystem.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8
cookie: ad-privacy=0

Response

HTTP/2.0 200

content-type: text/javascript;charset=UTF-8
content-length: 304
content-encoding: gzip
access-control-allow-origin: https://en.softonic.com
access-control-allow-credentials: true
date: Wed, 06 Nov 2024 03:40:09 GMT
server: Server
x-cache: Miss from cloudfront
via: 1.1 271c2e1e305f31b0f14837cad3c843b0.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: JTWdoP2Zmm1wIPsZPqNRCOTx_4ohRvCLng06-nZYqe1QBPa0gYG3Pw==
POST

https://ad.360yield.com/pb

chrome.exe

Remote address:

63.34.96.164:443

Request

POST /pb HTTP/2.0
host: ad.360yield.com
content-length: 2468
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 400

date: Wed, 06 Nov 2024 03:40:02 GMT
content-type: text/html; charset=UTF-8
content-length: 0
access-control-allow-origin: https://mandela-invasion.en.softonic.com
set-cookie: tuuid=f0da56e6-8ab0-4f1a-9894-7866974b49cf; Expires=Tue, 04 Feb 2025 03:40:02 GMT; Domain=.360yield.com; Path=/; SameSite=None; Secure; HttpOnly
set-cookie: tuuid_lu=1730864402; Expires=Tue, 04 Feb 2025 03:40:02 GMT; Domain=.360yield.com; Path=/; SameSite=None; Secure; HttpOnly
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
access-control-allow-credentials: true
POST

https://ad.360yield.com/pb

chrome.exe

Remote address:

63.34.96.164:443

Request

POST /pb HTTP/2.0
host: ad.360yield.com
content-length: 2419
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: tuuid=f0da56e6-8ab0-4f1a-9894-7866974b49cf
cookie: tuuid_lu=1730864402

Response

HTTP/2.0 204

date: Wed, 06 Nov 2024 03:40:05 GMT
access-control-allow-origin: https://mandela-invasion.en.softonic.com
access-control-allow-credentials: true
POST

https://ad.360yield.com/pb

chrome.exe

Remote address:

63.34.96.164:443

Request

POST /pb HTTP/2.0
host: ad.360yield.com
content-length: 2354
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: tuuid=f0da56e6-8ab0-4f1a-9894-7866974b49cf
cookie: tuuid_lu=1730864402

Response

HTTP/2.0 400

date: Wed, 06 Nov 2024 03:40:10 GMT
content-type: text/html; charset=UTF-8
content-length: 0
access-control-allow-origin: https://en.softonic.com
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
access-control-allow-credentials: true
POST

https://ap.lijit.com/rtb/bid?src=prebid_prebid_8.39.0

chrome.exe

Remote address:

3.251.12.140:443

Request

POST /rtb/bid?src=prebid_prebid_8.39.0 HTTP/2.0
host: ap.lijit.com
content-length: 2243
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y
cookie: ljtrtbexp=eJyrVrIwVrIyNDc2MjA3trQ00FGyMEHjm6HyjSB8A0sDc1MQ3wRFfy0AnGQQYA%3D%3D

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:40:02 GMT
content-type: application/json
content-length: 510
vary: Accept-Encoding
set-cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y;Version=1;Domain=.lijit.com;Path=/;Max-Age=31536000;Secure; SameSite=None;
access-control-allow-origin: https://mandela-invasion.en.softonic.com
access-control-allow-methods: GET, POST, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
content-encoding: gzip
POST

https://ap.lijit.com/rtb/bid?src=prebid_prebid_8.39.0

chrome.exe

Remote address:

3.251.12.140:443

Request

POST /rtb/bid?src=prebid_prebid_8.39.0 HTTP/2.0
host: ap.lijit.com
content-length: 1879
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y
cookie: ljtrtbexp=eJyrVrIwVrIyNDc2MjA3trQ00FGyMEHjm6HyjSB8A0sDc1MQ3wRFfy0AnGQQYA%3D%3D

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:40:05 GMT
content-type: application/json
content-length: 24
vary: Accept-Encoding
set-cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y;Version=1;Domain=.lijit.com;Path=/;Max-Age=31536000;Secure; SameSite=None;
access-control-allow-origin: https://mandela-invasion.en.softonic.com
access-control-allow-methods: GET, POST, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
GET

https://ap.lijit.com/beacon?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&informer=13461259

chrome.exe

Remote address:

3.251.12.140:443

Request

GET /beacon?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&informer=13461259 HTTP/2.0
host: ap.lijit.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y
cookie: ljtrtbexp=eJyrVrIwVrIyNDc2MjA3trQ00FGyMEHjm6HyjSB8A0sDc1MQ3wRFfy0AnGQQYA%3D%3D

Response

HTTP/2.0 302

server: awselb/2.0
date: Wed, 06 Nov 2024 03:40:06 GMT
content-type: text/html
content-length: 110
location: https://ce.lijit.com:443/beacon?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&informer=13461259
GET

https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

3.251.12.140:443

Request

GET /dsp/google/cookiematch/beacon?gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: ap.lijit.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ce.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y
cookie: ljtrtbexp=eJxlkEsOgDAIRO%2FStYuBUihezXh3Y22iHZdv%2BOTBUbTsElURBvhW3FcOIX7qYp56c2bGSJANfSZ9nRHa2UFciY24EdM%2BpXn1aYTwwUHOdPO84PWFclA5IAX7NfAPhB5puXLrX%2BnzApj3T1c%3D

Response

HTTP/2.0 302

date: Wed, 06 Nov 2024 03:40:06 GMT
content-length: 0
location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=Sm5vN0FCWkhjZkNrWTltaVNGR1Z1UjJZ&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA
vary: Accept-Encoding
set-cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y;Version=1;Domain=.lijit.com;Path=/;Max-Age=31536000;Secure; SameSite=None;
access-control-allow-origin: *
access-control-allow-methods: GET, POST, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
GET

https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

3.251.12.140:443

Request

GET /dsp/google/cookiematch/dv?gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: ap.lijit.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ce.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y
cookie: ljtrtbexp=eJxlkEsOgDAIRO%2FStYuBUihezXh3Y22iHZdv%2BOTBUbTsElURBvhW3FcOIX7qYp56c2bGSJANfSZ9nRHa2UFciY24EdM%2BpXn1aYTwwUHOdPO84PWFclA5IAX7NfAPhB5puXLrX%2BnzApj3T1c%3D

Response

HTTP/2.0 302

date: Wed, 06 Nov 2024 03:40:06 GMT
content-length: 0
location: https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=Sm5vN0FCWkhjZkNrWTltaVNGR1Z1UjJZ&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA
vary: Accept-Encoding
set-cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y;Version=1;Domain=.lijit.com;Path=/;Max-Age=31536000;Secure; SameSite=None;
access-control-allow-origin: *
access-control-allow-methods: GET, POST, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
GET

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3DSOVRN%26ttl%3D720%26uid%3D4b30a0b1f289a261ab592e1e53c126eb%26visitor%3D%24UID%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

3.251.12.140:443

Request

GET /pixel?redir=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3DSOVRN%26ttl%3D720%26uid%3D4b30a0b1f289a261ab592e1e53c126eb%26visitor%3D%24UID%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: ap.lijit.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y
cookie: ljtrtbexp=eJxlkEsOgDAIRO%2FStYuBUihezXh3Y22iHZdv%2BOTBUbTsElURBvhW3FcOIX7qYp56c2bGSJANfSZ9nRHa2UFciY24EdM%2BpXn1aYTwwUHOdPO84PWFclA5IAX7NfAPhB5puXLrX%2BnzApj3T1c%3D
cookie: _ljtrtb_92=7743239598165122675

Response

HTTP/2.0 307

date: Wed, 06 Nov 2024 03:40:07 GMT
content-length: 0
location: https://visitor.omnitagjs.com/visitor/sync?name=SOVRN&ttl=720&uid=4b30a0b1f289a261ab592e1e53c126eb&visitor=Jno7ABZHcfCkY9miSFGVuR2Y&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA
vary: Accept-Encoding
set-cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y;Version=1;Domain=.lijit.com;Path=/;Max-Age=31536000;Secure; SameSite=None;
access-control-allow-origin: *
access-control-allow-methods: GET, POST, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
POST

https://ap.lijit.com/rtb/bid?src=prebid_prebid_8.39.0

chrome.exe

Remote address:

3.251.12.140:443

Request

POST /rtb/bid?src=prebid_prebid_8.39.0 HTTP/2.0
host: ap.lijit.com
content-length: 2121
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y
cookie: ljtrtbexp=eJxlkEsOgDAIRO%2FStYuBUihezXh3Y22iHZdv%2BOTBUbTsElURBvhW3FcOIX7qYp56c2bGSJANfSZ9nRHa2UFciY24EdM%2BpXn1aYTwwUHOdPO84PWFclA5IAX7NfAPhB5puXLrX%2BnzApj3T1c%3D
cookie: _ljtrtb_92=7743239598165122675
cookie: _ljtrtb_85=AAE3oU7OVcoAABWvTcgUPA
cookie: ljtrtb=eJyrVrI0UrJSMjc3MTYytjS1tDA0MzU0MjIzN1WqBQBXGQYS

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:40:10 GMT
content-type: application/json
content-length: 510
vary: Accept-Encoding
set-cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y;Version=1;Domain=.lijit.com;Path=/;Max-Age=31536000;Secure; SameSite=None;
set-cookie: _ljtrtb_92=7743239598165122675;Version=1;Domain=.lijit.com;Path=/;Max-Age=0;Secure;Expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=None;
set-cookie: _ljtrtb_85=AAE3oU7OVcoAABWvTcgUPA;Version=1;Domain=.lijit.com;Path=/;Max-Age=0;Secure;Expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=None;
set-cookie: ljtrtb=eJyrVrI0UrJSMjc3MTYytjS1tDA0MzU0MjIzN1XSUbIwBUo5Oroa54ea%2B4cl5zs6OoWXhSSnhwY4KtUCAHyrDm4%3D;Version=1;Domain=.lijit.com;Path=/;Max-Age=31536000;Secure; SameSite=None;
access-control-allow-origin: https://en.softonic.com
access-control-allow-methods: GET, POST, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
content-encoding: gzip
POST

https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2Fdownload&PageUrl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2Fdownload&PageReferrer=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&CanonicalUrl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2Fdownload

chrome.exe

Remote address:

185.255.84.150:443

Request

POST /hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2Fdownload&PageUrl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2Fdownload&PageReferrer=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&CanonicalUrl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2Fdownload HTTP/2.0
host: hb-api.omnitagjs.com
content-length: 2676
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

access-control-allow-credentials: true
access-control-allow-headers: Accept-Encoding, Content-Type
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://mandela-invasion.en.softonic.com
access-control-max-age: 3600
cache-control: no-cache, no-store, must-revalidate
content-type: application/json; charset=utf-8
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:40:02 GMT
content-length: 3
x-envoy-upstream-service-time: 61
server: ayl-lb-fra02
POST

https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fen.softonic.com%2Fdownload%2Fmandela-invasion%2Fwindows%2Fpost-download&PageUrl=https%3A%2F%2Fen.softonic.com%2Fdownload%2Fmandela-invasion%2Fwindows%2Fpost-download&PageReferrer=https%3A%2F%2Fen.softonic.com%2Fdownload%2Fmandela-invasion%2Fwindows%2Fpost-download

chrome.exe

Remote address:

185.255.84.150:443

Request

POST /hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fen.softonic.com%2Fdownload%2Fmandela-invasion%2Fwindows%2Fpost-download&PageUrl=https%3A%2F%2Fen.softonic.com%2Fdownload%2Fmandela-invasion%2Fwindows%2Fpost-download&PageReferrer=https%3A%2F%2Fen.softonic.com%2Fdownload%2Fmandela-invasion%2Fwindows%2Fpost-download HTTP/2.0
host: hb-api.omnitagjs.com
content-length: 2199
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

access-control-allow-credentials: true
access-control-allow-headers: Accept-Encoding, Content-Type
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://en.softonic.com
access-control-max-age: 3600
cache-control: no-cache, no-store, must-revalidate
content-type: application/json; charset=utf-8
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:40:09 GMT
content-length: 180
x-envoy-upstream-service-time: 65
server: ayl-lb-fra02
DNS

5f9ca2ac9e594db0da2c77bc41c36353.safeframe.googlesyndication.com

chrome.exe

Remote address:

8.8.8.8:53

Request

5f9ca2ac9e594db0da2c77bc41c36353.safeframe.googlesyndication.com

IN A

Response

5f9ca2ac9e594db0da2c77bc41c36353.safeframe.googlesyndication.com

IN CNAME

pagead-googlehosted.l.google.com

pagead-googlehosted.l.google.com

IN A

216.58.213.1
GET

https://5f9ca2ac9e594db0da2c77bc41c36353.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

chrome.exe

Remote address:

216.58.213.1:443

Request

GET /safeframe/1-0-40/html/container.html HTTP/2.0
host: 5f9ca2ac9e594db0da2c77bc41c36353.safeframe.googlesyndication.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://04bad0e059b40130318c69ce114f650e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

chrome.exe

Remote address:

216.58.213.1:443

Request

GET /safeframe/1-0-40/html/container.html HTTP/2.0
host: 04bad0e059b40130318c69ce114f650e.safeframe.googlesyndication.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://ad-delivery.net/px.gif?ch=1&e=0.8512960495046087

chrome.exe

Remote address:

104.26.2.70:443

Request

GET /px.gif?ch=1&e=0.8512960495046087 HTTP/2.0
host: ad-delivery.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:40:03 GMT
content-type: image/gif
content-length: 43
x-goog-generation: 1620242732037093
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 43
x-goog-hash: crc32c=cpEfJQ==
x-goog-hash: md5=rUsPYG4PhGW8TEwXCzfhow==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-guploader-uploadid: AHmUCY0SjdtusLMzFKMkspdUwAKfn_DgVEhZVoXasmb7ADosrIZ6RkcNIfICFfm_vURLtB353nVE4ZdaAQ
expires: Wed, 23 Oct 2024 19:57:54 GMT
cache-control: public, max-age=86400
age: 1152962
last-modified: Wed, 05 May 2021 19:25:32 GMT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QVjYpUXo7F9%2BA%2BvbuD153e3NsXn4X1cPOihIkUaZbToT%2FbRm1Hm9MggWWMNBMaLzj9dxdXgxnx%2F%2FggFKeCEHYcFZzc5ya3nWdaWDztpb8isJydSwO4oUVCm2qamxBSJz4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8de20f58ff029412-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=31512&sent=5&recv=7&lost=0&retrans=0&sent_bytes=755&recv_bytes=1263&delivery_rate=12429&cwnd=250&unsent_bytes=0&cid=182a556dac77b722&ts=120&x=0"
GET

https://ad-delivery.net/px.gif?ch=2

chrome.exe

Remote address:

104.26.2.70:443

Request

GET /px.gif?ch=2 HTTP/2.0
host: ad-delivery.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
if-none-match: "ad4b0f606e0f8465bc4c4c170b37e1a3"
if-modified-since: Wed, 05 May 2021 19:25:32 GMT

Response

HTTP/2.0 304

date: Wed, 06 Nov 2024 03:40:03 GMT
x-goog-generation: 1620242732037093
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 43
x-goog-hash: crc32c=cpEfJQ==
x-goog-hash: md5=rUsPYG4PhGW8TEwXCzfhow==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-guploader-uploadid: AHmUCY0SjdtusLMzFKMkspdUwAKfn_DgVEhZVoXasmb7ADosrIZ6RkcNIfICFfm_vURLtB353nVE4ZdaAQ
expires: Wed, 23 Oct 2024 19:57:54 GMT
cache-control: public, max-age=86400
age: 1152962
last-modified: Wed, 05 May 2021 19:25:32 GMT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6MNJJ7s8kUdRdngCC7hgcF8gt10Xy%2BRgcj88vpr8fqEuKigh6WbpVbS28LzelADKDx4aVyNgk%2B5MQ73SIWTLe6DI%2BUbfF1RmtNeThBIMFoCC0yPjDzoXmwDLITQV8PPWPw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8de20f58ff039412-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=31512&sent=7&recv=7&lost=0&retrans=0&sent_bytes=1868&recv_bytes=1263&delivery_rate=12429&cwnd=250&unsent_bytes=0&cid=182a556dac77b722&ts=121&x=0"
GET

https://ad-delivery.net/px.gif?ch=1&e=0.5963525431037089

chrome.exe

Remote address:

104.26.2.70:443

Request

GET /px.gif?ch=1&e=0.5963525431037089 HTTP/2.0
host: ad-delivery.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:40:10 GMT
content-type: image/gif
content-length: 43
x-goog-generation: 1620242732037093
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 43
x-goog-hash: crc32c=cpEfJQ==
x-goog-hash: md5=rUsPYG4PhGW8TEwXCzfhow==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-guploader-uploadid: AHmUCY0SjdtusLMzFKMkspdUwAKfn_DgVEhZVoXasmb7ADosrIZ6RkcNIfICFfm_vURLtB353nVE4ZdaAQ
expires: Wed, 23 Oct 2024 19:57:54 GMT
cache-control: public, max-age=86400
age: 1152969
last-modified: Wed, 05 May 2021 19:25:32 GMT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9CdQ%2BUANUe4BnvbSoqHXTjNTEEWPgybuRc9rM%2FBcgWATrUqtpIn1oJpY%2FvBdrKOGmqsm3qUrwk1ML%2FsAZnpGlwMVgrda2lrTRuD1erGyrcK17GNM0%2BTz8fjEo1d%2BvrycXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8de20f83edcb9412-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=47125&sent=11&recv=12&lost=0&retrans=0&sent_bytes=2280&recv_bytes=1453&delivery_rate=178605&cwnd=255&unsent_bytes=0&cid=182a556dac77b722&ts=6994&x=0"
GET

https://ad-delivery.net/px.gif?ch=2

chrome.exe

Remote address:

104.26.2.70:443

Request

GET /px.gif?ch=2 HTTP/2.0
host: ad-delivery.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
if-none-match: "ad4b0f606e0f8465bc4c4c170b37e1a3"
if-modified-since: Wed, 05 May 2021 19:25:32 GMT

Response

HTTP/2.0 304

date: Wed, 06 Nov 2024 03:40:10 GMT
x-goog-generation: 1620242732037093
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 43
x-goog-hash: crc32c=cpEfJQ==
x-goog-hash: md5=rUsPYG4PhGW8TEwXCzfhow==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-guploader-uploadid: AHmUCY0SjdtusLMzFKMkspdUwAKfn_DgVEhZVoXasmb7ADosrIZ6RkcNIfICFfm_vURLtB353nVE4ZdaAQ
expires: Wed, 23 Oct 2024 19:57:54 GMT
cache-control: public, max-age=86400
age: 1152969
last-modified: Wed, 05 May 2021 19:25:32 GMT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TmI%2FiRHWOgfNy9Y03exm9REW0LJM5mO62wI8ls55nTz7j%2F5BoSNusGl7m526gVqWGEg3k7%2F65Z04oxPZVzmuTrDgMVKikQ1Or5y9mw6ZXUVc46BmdoxFXbx7lHt6oqNN4A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8de20f83edcd9412-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=47125&sent=13&recv=12&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1453&delivery_rate=178605&cwnd=255&unsent_bytes=0&cid=182a556dac77b722&ts=6996&x=0"
GET

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&dl=n-onetag_pm-db5_smrt

chrome.exe

Remote address:

52.95.122.74:443

Request

GET /s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&dl=n-onetag_pm-db5_smrt HTTP/1.1
Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://mandela-invasion.en.softonic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8; ad-privacy=0

Response

HTTP/1.1 200 OK

Server: Server
Date: Wed, 06 Nov 2024 03:40:03 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 614
Connection: keep-alive
x-amz-rid: P7T5G8MS0PBK07PVB3EB
Set-Cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8; Domain=.amazon-adsystem.com; Expires=Tue, 01-Jul-2025 03:40:03 GMT; Path=/; Secure; HttpOnly; SameSite=None
Set-Cookie: ad-privacy=0; Domain=.amazon-adsystem.com; Expires=Tue, 01-Jan-2030 03:40:03 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
GET

https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=smrt_n-onetag_pm-db5&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

chrome.exe

Remote address:

52.95.122.74:443

Request

GET /s/v3/pr?exlist=smrt_n-onetag_pm-db5&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1 HTTP/1.1
Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&dl=n-onetag_pm-db5_smrt
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8; ad-privacy=0

Response

HTTP/1.1 200 OK

Server: Server
Date: Wed, 06 Nov 2024 03:40:03 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 1830
Connection: keep-alive
x-amz-rid: BF9TZCE7WSJZDWRC8H89
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
GET

https://aax-eu.amazon-adsystem.com/s/x/ae12848777b41970a5f2?gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

52.95.122.74:443

Request

GET /s/x/ae12848777b41970a5f2?gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/1.1
Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ce.lijit.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8; ad-privacy=0

Response

HTTP/1.1 200 OK

Server: Server
Date: Wed, 06 Nov 2024 03:40:06 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 64
Connection: keep-alive
x-amz-rid: 64GAHNC1H3H6ABR0D1V3
Set-Cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8; Domain=.amazon-adsystem.com; Expires=Tue, 01-Jul-2025 03:40:06 GMT; Path=/; Secure; HttpOnly; SameSite=None
Set-Cookie: ad-privacy=0; Domain=.amazon-adsystem.com; Expires=Tue, 01-Jan-2030 03:40:06 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
GET

https://api.btmessage.com/mw/state?bt_env=prod

chrome.exe

Remote address:

172.67.74.232:443

Request

GET /mw/state?bt_env=prod HTTP/2.0
host: api.btmessage.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Wed, 06 Nov 2024 03:40:03 GMT
access-control-allow-origin: *
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zlr%2F3UXZ4RlSGoyIpLJp7oFp2xjkB4qLfN1165Dj5xldUDmWRFp1NsDPtQ8GaIZSn2ycXiJ0qE7z6eGEL2y%2FoS48UEv83dSduX7h90m4q5qCCiYOIQnDYw5wd222FuEKdaye"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8de20f5c0e7388b0-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=20270&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2850&recv_bytes=1126&delivery_rate=131965&cwnd=252&unsent_bytes=0&cid=9b3c735fffc41348&ts=140&x=0"
POST

https://api.btmessage.com/events/mw

chrome.exe

Remote address:

172.67.74.232:443

Request

POST /events/mw HTTP/2.0
host: api.btmessage.com
content-length: 481
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Wed, 06 Nov 2024 03:40:05 GMT
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QwZkQ%2B3lzWG7b1C%2BY237CUvEko14XfmDYOy%2B3XsLvWTKfc15kYuemnpe8C%2B9atkGsK03tJEoaSzeij1LWf2DkgyruGa8enyhfHBKheLfpXK468QSMP3%2FG4eJKToBMTM52egz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8de20f63dba388b0-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=33937&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3390&recv_bytes=1731&delivery_rate=131965&cwnd=254&unsent_bytes=0&cid=9b3c735fffc41348&ts=1389&x=0"
GET

https://api.btmessage.com/websiteconfig?bt_env=prod&o=5633429348548608&w=en.softonic.com&l=EN

chrome.exe

Remote address:

172.67.74.232:443

Request

GET /websiteconfig?bt_env=prod&o=5633429348548608&w=en.softonic.com&l=EN HTTP/2.0
host: api.btmessage.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Wed, 06 Nov 2024 03:40:10 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, must-revalidate
location: /websiteconfig?bt_env=prod&o=5633429348548608&w=softonic.com&l=EN
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=943sKizEG9Rw2n486t3TtDP1Q6IKdwbhwa27urOOHUayOxkteFfEhmO9Dx%2BSf1vJXchLaehXPSTTJ1vshFt2DC7HO0a%2BpABrKQNUDX4Smtuh69SLqgUNs5BIL1aF%2BJPW3P8A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8de20f85ce6888b0-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=33937&sent=11&recv=13&lost=0&retrans=1&sent_bytes=4292&recv_bytes=1870&delivery_rate=131965&cwnd=256&unsent_bytes=0&cid=9b3c735fffc41348&ts=6821&x=0"
GET

https://api.btmessage.com/websiteconfig?bt_env=prod&o=5633429348548608&w=softonic.com&l=EN

chrome.exe

Remote address:

172.67.74.232:443

Request

GET /websiteconfig?bt_env=prod&o=5633429348548608&w=softonic.com&l=EN HTTP/2.0
host: api.btmessage.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
if-none-match: "b4ef508b5c59ab62e5af44ec7f73277e"

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:40:10 GMT
content-type: application/json
content-length: 582
access-control-allow-origin: *
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
content-encoding: gzip
etag: "b4ef508b5c59ab62e5af44ec7f73277e"
last-modified: Wed, 06 Nov 2024 03:37:36 GMT
vary: Origin
vary: accept-encoding
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4MaoqRTRr3DeINcDxB3MzXf0pZFCMslPoGTeixPd%2BmiX5UJSOsIFxVKuWfLuWdBmQCrwQ08Fg64mIlumciu9lNGS8BaPUyuJ0hsfUleCQQphIudDlhmB3NPbvTH7gsI1eNsE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8de20f870f0b88b0-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=31498&sent=16&recv=16&lost=0&retrans=1&sent_bytes=4979&recv_bytes=2034&delivery_rate=153570&cwnd=256&unsent_bytes=0&cid=9b3c735fffc41348&ts=7022&x=0"
GET

https://api.btmessage.com/mw/state?bt_env=prod

chrome.exe

Remote address:

172.67.74.232:443

Request

GET /mw/state?bt_env=prod HTTP/2.0
host: api.btmessage.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Wed, 06 Nov 2024 03:40:11 GMT
access-control-allow-origin: *
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=84%2FaURxQI1HYmpML2eJHjuRj6YQ%2FSrwfEP4h5WTs1n2WAW0Tk3jlYJyvVPvy%2BqdPVm0b1uNCDh3xiw9bF3eMz4xEzkXPgBjnDNGLg3kzGQNKa%2BbUnQoYIzowmqm6wXWVR4B9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8de20f883fa288b0-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=36553&sent=21&recv=19&lost=0&retrans=1&sent_bytes=6172&recv_bytes=2189&delivery_rate=153570&cwnd=256&unsent_bytes=0&cid=9b3c735fffc41348&ts=7208&x=0"
GET

https://api.btmessage.com/mw/sign_pbm?w=5299385968099328&bt_env=prod

chrome.exe

Remote address:

172.67.74.232:443

Request

GET /mw/sign_pbm?w=5299385968099328&bt_env=prod HTTP/2.0
host: api.btmessage.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:40:11 GMT
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600, must-revalidate
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0hr7Sj4OkgLrbOTADZS6nt7POwHpGZW4cKkX5exjHGApqTKKBWQ7HASKlES584RGuPV2HqoIHqRofRbsVGXQjkwzMFZ9444OHjlUZoqEjeNNQ4CrjuqBo6H%2BMxyCF1GtAKGt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8de20f883fa388b0-LHR
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=36553&sent=22&recv=19&lost=0&retrans=1&sent_bytes=6599&recv_bytes=2189&delivery_rate=153570&cwnd=256&unsent_bytes=0&cid=9b3c735fffc41348&ts=7243&x=0"
POST

https://api.btmessage.com/events/mw

chrome.exe

Remote address:

172.67.74.232:443

Request

POST /events/mw HTTP/2.0
host: api.btmessage.com
content-length: 504
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Wed, 06 Nov 2024 03:40:12 GMT
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PIm%2F8oC1A6q5vsqd200NESURhAMDD2FKaoEpIxtAtForqj%2FAq99b%2BllWHJ9rll0Ayb%2Fp%2B9sSObCov9%2F8X5154SjIScsyAEtxLbOD3z9UcnqesBXSkYlqGm7Dj7tUixGMUoeg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8de20f8febb688b0-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=36608&sent=29&recv=24&lost=0&retrans=2&sent_bytes=7834&recv_bytes=2791&delivery_rate=10455&cwnd=256&unsent_bytes=0&cid=9b3c735fffc41348&ts=8434&x=0"
DNS

www.facebook.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

163.70.151.35
GET

https://ad-delivery.net/px.gif?ch=2

chrome.exe

Remote address:

104.26.2.70:443

Request

GET /px.gif?ch=2 HTTP/2.0
host: ad-delivery.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
if-none-match: "ad4b0f606e0f8465bc4c4c170b37e1a3"
if-modified-since: Wed, 05 May 2021 19:25:32 GMT

Response

HTTP/2.0 304

date: Wed, 06 Nov 2024 03:40:04 GMT
x-goog-generation: 1620242732037093
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 43
x-goog-hash: crc32c=cpEfJQ==
x-goog-hash: md5=rUsPYG4PhGW8TEwXCzfhow==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-guploader-uploadid: AHmUCY2fryjOeUXKS1d2NiUnYfSyS144qDd8N3QVM7m6DlptEUQD85ermpj6BxRf7gi4tWGhM_GtW9hRWg
expires: Sun, 03 Nov 2024 19:45:09 GMT
cache-control: public, max-age=86400
age: 201553
last-modified: Wed, 05 May 2021 19:25:32 GMT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UD%2Bzqbv%2FZRylEfGtUROQ4laUFqO3g2%2BeGPvWJhhXohM5ggeP%2FB7ynetkxjMSlbYBXRZ3HgDj57wcam6463lBp%2BJZOqygJV%2B931Vvy4jmQ1ydpmREwQGIl3zSU%2BYiXR6p3g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8de20f62bd846582-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=30112&sent=4&recv=6&lost=0&retrans=0&sent_bytes=733&recv_bytes=1174&delivery_rate=65720&cwnd=250&unsent_bytes=0&cid=c3acacbbd326aa59&ts=34&x=0"
GET

https://ad-delivery.net/px.gif?ch=1&e=0.8418542900934511

chrome.exe

Remote address:

104.26.2.70:443

Request

GET /px.gif?ch=1&e=0.8418542900934511 HTTP/2.0
host: ad-delivery.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:40:05 GMT
content-type: image/gif
content-length: 43
x-goog-generation: 1620242732037093
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 43
x-goog-hash: crc32c=cpEfJQ==
x-goog-hash: md5=rUsPYG4PhGW8TEwXCzfhow==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-guploader-uploadid: AHmUCY2fryjOeUXKS1d2NiUnYfSyS144qDd8N3QVM7m6DlptEUQD85ermpj6BxRf7gi4tWGhM_GtW9hRWg
expires: Sun, 03 Nov 2024 19:45:09 GMT
cache-control: public, max-age=86400
age: 201554
last-modified: Wed, 05 May 2021 19:25:32 GMT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=phGnm0jA8D8hP8II5bN2hZwLLQyqiF8jJlP4y%2FdZSwAT%2B98LSsRyz8QjVuuo70eslRLgYCh4XS1Kpblpb2Qd0THJGUgWU2wlYgjSzaRmKLp6KUIJyEBoLxHkRekygPhEYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8de20f638df76582-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=39365&sent=7&recv=8&lost=0&retrans=0&sent_bytes=1727&recv_bytes=1283&delivery_rate=65720&cwnd=252&unsent_bytes=0&cid=c3acacbbd326aa59&ts=178&x=0"
GET

https://ad-delivery.net/px.gif?ch=2

chrome.exe

Remote address:

104.26.2.70:443

Request

GET /px.gif?ch=2 HTTP/2.0
host: ad-delivery.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
if-none-match: "ad4b0f606e0f8465bc4c4c170b37e1a3"
if-modified-since: Wed, 05 May 2021 19:25:32 GMT

Response

HTTP/2.0 304

date: Wed, 06 Nov 2024 03:40:12 GMT
x-goog-generation: 1620242732037093
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 43
x-goog-hash: crc32c=cpEfJQ==
x-goog-hash: md5=rUsPYG4PhGW8TEwXCzfhow==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-guploader-uploadid: AHmUCY2hvMeVtbCHAOO0IoaYWjhyg1Mo9CCW_5U2sazWRbFF8t-WYu9cq--Sr9OT50n8Go-S-zEX36SDXg
expires: Mon, 21 Oct 2024 23:21:40 GMT
cache-control: public, max-age=86400
age: 1314209
last-modified: Wed, 05 May 2021 19:25:32 GMT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IQXBcWH1wDs%2Ffr3CiNqmPsYl69mGgbU04sVvzwih3uhwr6thXa4aAeiAI4c%2FuOtk%2FMlANc8j6hZO5gPj7H4wDDPm1SSiV1%2FKWy9MPLG72G0aEqmJbU634lcqdLTZ6XUETA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8de20f8f8c606582-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=37002&sent=9&recv=10&lost=0&retrans=0&sent_bytes=2294&recv_bytes=1384&delivery_rate=132610&cwnd=254&unsent_bytes=0&cid=c3acacbbd326aa59&ts=7194&x=0"
GET

https://ad-delivery.net/px.gif?ch=1&e=0.799573025697111

chrome.exe

Remote address:

104.26.2.70:443

Request

GET /px.gif?ch=1&e=0.799573025697111 HTTP/2.0
host: ad-delivery.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:40:12 GMT
content-type: image/gif
content-length: 43
x-goog-generation: 1620242732037093
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 43
x-goog-hash: crc32c=cpEfJQ==
x-goog-hash: md5=rUsPYG4PhGW8TEwXCzfhow==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-guploader-uploadid: AHmUCY2hvMeVtbCHAOO0IoaYWjhyg1Mo9CCW_5U2sazWRbFF8t-WYu9cq--Sr9OT50n8Go-S-zEX36SDXg
expires: Mon, 21 Oct 2024 23:21:40 GMT
cache-control: public, max-age=86400
age: 1314209
last-modified: Wed, 05 May 2021 19:25:32 GMT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0Ui3HmjEStRqSiTVuL%2Fsco08cBVS550KYlD16MnrstMI3Tx42I0eaBghctbiGAUYjIWFQ%2FVTexlM5BzetovqZvcB1NrLIxYcy%2FP3XRSmh%2FEAZOHB3LWklqnhKb2TpypmTA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8de20f8fbc746582-LHR
server-timing: cfL4;desc="?proto=TCP&rtt=35384&sent=10&recv=11&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1461&delivery_rate=132610&cwnd=255&unsent_bytes=0&cid=c3acacbbd326aa59&ts=7224&x=0"
DNS

ep1.adtrafficquality.google

chrome.exe

Remote address:

8.8.8.8:53

Request

ep1.adtrafficquality.google

IN A

Response

ep1.adtrafficquality.google

IN A

172.217.169.66
GET

https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202410310101&st=env

chrome.exe

Remote address:

172.217.169.66:443

Request

GET /getconfig/sodar?sv=200&tid=gpt&tv=m202410310101&st=env HTTP/2.0
host: ep1.adtrafficquality.google
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://mandela-invasion.en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

ep2.adtrafficquality.google

chrome.exe

Remote address:

8.8.8.8:53

Request

ep2.adtrafficquality.google

IN A

Response

ep2.adtrafficquality.google

IN A

142.250.179.225
GET

https://ep2.adtrafficquality.google/sodar/sodar2.js

chrome.exe

Remote address:

142.250.179.225:443

Request

GET /sodar/sodar2.js HTTP/2.0
host: ep2.adtrafficquality.google
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://visitor.omnitagjs.com/visitor/isync?uid=19340f4f097d16f41f34fc0274981ca4&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/isync?uid=19340f4f097d16f41f34fc0274981ca4&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:40:06 GMT
content-length: 1548
x-envoy-upstream-service-time: 4
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?name=Xandr+%E2%80%93+Invest+DSP&ttl=720&uid=48d5713d5c563cba2049f505b2d944b6&visitor=7743239598165122675&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?name=Xandr+%E2%80%93+Invest+DSP&ttl=720&uid=48d5713d5c563cba2049f505b2d944b6&visitor=7743239598165122675&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:40:07 GMT
content-length: 49
x-envoy-upstream-service-time: 2
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?name=Xandr+%E2%80%93+Invest+DSP+-+Banner&ttl=720&uid=75d56568a11564bfb79a01d2fa9fdb29&visitor=7743239598165122675&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?name=Xandr+%E2%80%93+Invest+DSP+-+Banner&ttl=720&uid=75d56568a11564bfb79a01d2fa9fdb29&visitor=7743239598165122675&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:40:07 GMT
content-length: 49
x-envoy-upstream-service-time: 2
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?uid=68c72dd412a8d0f3f6d2276db2509939&name=LOOPME&visitor=630e474c-39b1-4e7e-971f-617b8538d734&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?uid=68c72dd412a8d0f3f6d2276db2509939&name=LOOPME&visitor=630e474c-39b1-4e7e-971f-617b8538d734&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1 HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:40:07 GMT
content-length: 49
x-envoy-upstream-service-time: 2
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?name=SOVRN&ttl=720&uid=4b30a0b1f289a261ab592e1e53c126eb&visitor=Jno7ABZHcfCkY9miSFGVuR2Y&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?name=SOVRN&ttl=720&uid=4b30a0b1f289a261ab592e1e53c126eb&visitor=Jno7ABZHcfCkY9miSFGVuR2Y&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:40:07 GMT
content-length: 49
x-envoy-upstream-service-time: 4
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?name=NATIVO&ttl=720&uid=0544850a0778385701c6899403bef718&visitor=NTV_USER_ID&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?name=NATIVO&ttl=720&uid=0544850a0778385701c6899403bef718&visitor=NTV_USER_ID&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:40:07 GMT
content-length: 49
x-envoy-upstream-service-time: 2
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?name=NEXXEN&ttl=720&uid=146e9da1fca8f0ce5e1ef0b5909cc4cd&visitor=RX-d6b290a7-9475-476c-9e96-018d198e6827-003&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?name=NEXXEN&ttl=720&uid=146e9da1fca8f0ce5e1ef0b5909cc4cd&visitor=RX-d6b290a7-9475-476c-9e96-018d198e6827-003&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:40:07 GMT
content-length: 49
x-envoy-upstream-service-time: 2
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?name=RISE_CODES&ttl=720&uid=48b439bcf2930e6408d6e795f7f1cdd2&visitor=ocN42TY9kp_s&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?name=RISE_CODES&ttl=720&uid=48b439bcf2930e6408d6e795f7f1cdd2&visitor=ocN42TY9kp_s&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://cs-server-s2s.yellowblue.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:40:07 GMT
content-length: 49
x-envoy-upstream-service-time: 3
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?uid=74a1ec3b61e72925193cfceeea1b0608&visitor=0-4b0f4650-bb81-5838-5502-a4aae365672c$ip$138.199.29.44&name=STACKADAPT&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?uid=74a1ec3b61e72925193cfceeea1b0608&visitor=0-4b0f4650-bb81-5838-5502-a4aae365672c$ip$138.199.29.44&name=STACKADAPT&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:40:07 GMT
content-length: 49
x-envoy-upstream-service-time: 2
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?name=BIDINFLUENCE&uid=73a6fc4f48ca80f3b6c9454f77a18d8b&visitor=b3c9ca0a885e708befb2997d1e1a6492

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?name=BIDINFLUENCE&uid=73a6fc4f48ca80f3b6c9454f77a18d8b&visitor=b3c9ca0a885e708befb2997d1e1a6492 HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:40:07 GMT
content-length: 49
x-envoy-upstream-service-time: 2
server: ayl-lb-fra02
GET

https://ce.lijit.com/beacon?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&informer=13461259

chrome.exe

Remote address:

52.48.206.11:443

Request

GET /beacon?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&informer=13461259 HTTP/2.0
host: ce.lijit.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
referer: https://mandela-invasion.en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y
cookie: ljtrtbexp=eJyrVrIwVrIyNDc2MjA3trQ00FGyMEHjm6HyjSB8A0sDc1MQ3wRFfy0AnGQQYA%3D%3D

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:40:06 GMT
content-type: text/html
content-length: 1493
vary: Accept-Encoding
set-cookie: ljtrtbexp=eJxlkEsOgDAIRO%2FStYuBUihezXh3Y22iHZdv%2BOTBUbTsElURBvhW3FcOIX7qYp56c2bGSJANfSZ9nRHa2UFciY24EdM%2BpXn1aYTwwUHOdPO84PWFclA5IAX7NfAPhB5puXLrX%2BnzApj3T1c%3D; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:06 GMT; Max-Age=31536000;Secure;SameSite=None
expires: Fri, 20 Mar 2009 00:00:00 GMT
set-cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:06 GMT; Max-Age=31536000;Secure;SameSite=None
cache-control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
content-encoding: gzip
GET

https://ce.lijit.com/merge?pid=92&3pid=7743239598165122675&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

52.48.206.11:443

Request

GET /merge?pid=92&3pid=7743239598165122675&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: ce.lijit.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ce.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y
cookie: ljtrtbexp=eJxlkEsOgDAIRO%2FStYuBUihezXh3Y22iHZdv%2BOTBUbTsElURBvhW3FcOIX7qYp56c2bGSJANfSZ9nRHa2UFciY24EdM%2BpXn1aYTwwUHOdPO84PWFclA5IAX7NfAPhB5puXLrX%2BnzApj3T1c%3D

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:40:06 GMT
content-type: image/gif
content-length: 43
vary: Accept-Encoding
set-cookie: _ljtrtb_92=7743239598165122675; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:06 GMT; Max-Age=31536000;Secure;SameSite=None
expires: Fri, 20 Mar 2009 00:00:00 GMT
set-cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:06 GMT; Max-Age=31536000;Secure;SameSite=None
set-cookie: ljtrtbexp=eJxlkEsOgDAIRO%2FStYuBUihezXh3Y22iHZdv%2BOTBUbTsElURBvhW3FcOIX7qYp56c2bGSJANfSZ9nRHa2UFciY24EdM%2BpXn1aYTwwUHOdPO84PWFclA5IAX7NfAPhB5puXLrX%2BnzApj3T1c%3D; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:06 GMT; Max-Age=31536000;Secure;SameSite=None
cache-control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
GET

https://ce.lijit.com/merge?pid=84&3pid=c:09e3e7b95390c57eaea582f5382fd7f4

chrome.exe

Remote address:

52.48.206.11:443

Request

GET /merge?pid=84&3pid=c:09e3e7b95390c57eaea582f5382fd7f4 HTTP/2.0
host: ce.lijit.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ce.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y
cookie: ljtrtbexp=eJxlkEsOgDAIRO%2FStYuBUihezXh3Y22iHZdv%2BOTBUbTsElURBvhW3FcOIX7qYp56c2bGSJANfSZ9nRHa2UFciY24EdM%2BpXn1aYTwwUHOdPO84PWFclA5IAX7NfAPhB5puXLrX%2BnzApj3T1c%3D
cookie: _ljtrtb_92=7743239598165122675

Response

HTTP/2.0 204

date: Wed, 06 Nov 2024 03:40:07 GMT
vary: Accept-Encoding
x-merge: GDPR Optout true
set-cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:07 GMT; Max-Age=31536000;Secure;SameSite=None
expires: Fri, 20 Mar 2009 00:00:00 GMT
set-cookie: ljtrtbexp=eJxlkEsOgDAIRO%2FStYuBUihezXh3Y22iHZdv%2BOTBUbTsElURBvhW3FcOIX7qYp56c2bGSJANfSZ9nRHa2UFciY24EdM%2BpXn1aYTwwUHOdPO84PWFclA5IAX7NfAPhB5puXLrX%2BnzApj3T1c%3D; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:07 GMT; Max-Age=31536000;Secure;SameSite=None
cache-control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
GET

https://ce.lijit.com/merge?3pid=AAE3oU7OVcoAABWvTcgUPA&pid=85&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

52.48.206.11:443

Request

GET /merge?3pid=AAE3oU7OVcoAABWvTcgUPA&pid=85&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: ce.lijit.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ce.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y
cookie: ljtrtbexp=eJxlkEsOgDAIRO%2FStYuBUihezXh3Y22iHZdv%2BOTBUbTsElURBvhW3FcOIX7qYp56c2bGSJANfSZ9nRHa2UFciY24EdM%2BpXn1aYTwwUHOdPO84PWFclA5IAX7NfAPhB5puXLrX%2BnzApj3T1c%3D
cookie: _ljtrtb_92=7743239598165122675

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:40:07 GMT
content-type: image/gif
content-length: 43
vary: Accept-Encoding
set-cookie: _ljtrtb_92=7743239598165122675; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0;Secure;SameSite=None
expires: Fri, 20 Mar 2009 00:00:00 GMT
set-cookie: ljtrtb=eJyrVrI0UrJSMjc3MTYytjS1tDA0MzU0MjIzN1WqBQBXGQYS; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:07 GMT; Max-Age=31536000;Secure;SameSite=None
set-cookie: _ljtrtb_85=AAE3oU7OVcoAABWvTcgUPA; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:07 GMT; Max-Age=31536000;Secure;SameSite=None
set-cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:07 GMT; Max-Age=31536000;Secure;SameSite=None
set-cookie: ljtrtbexp=eJxlkEsOgDAIRO%2FStYuBUihezXh3Y22iHZdv%2BOTBUbTsElURBvhW3FcOIX7qYp56c2bGSJANfSZ9nRHa2UFciY24EdM%2BpXn1aYTwwUHOdPO84PWFclA5IAX7NfAPhB5puXLrX%2BnzApj3T1c%3D; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:07 GMT; Max-Age=31536000;Secure;SameSite=None
cache-control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
GET

https://ce.lijit.com/merge?pid=102&3pid=d92d9148-6b1e-56c0-a34f-d5683fc0698b

chrome.exe

Remote address:

52.48.206.11:443

Request

GET /merge?pid=102&3pid=d92d9148-6b1e-56c0-a34f-d5683fc0698b HTTP/2.0
host: ce.lijit.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ce.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y
cookie: ljtrtbexp=eJxlkEsOgDAIRO%2FStYuBUihezXh3Y22iHZdv%2BOTBUbTsElURBvhW3FcOIX7qYp56c2bGSJANfSZ9nRHa2UFciY24EdM%2BpXn1aYTwwUHOdPO84PWFclA5IAX7NfAPhB5puXLrX%2BnzApj3T1c%3D
cookie: _ljtrtb_92=7743239598165122675
cookie: ljtrtb=eJyrVrI0UrJSMjc3MTYytjS1tDA0MzU0MjIzN1WqBQBXGQYS
cookie: _ljtrtb_85=AAE3oU7OVcoAABWvTcgUPA

Response

HTTP/2.0 204

date: Wed, 06 Nov 2024 03:40:07 GMT
vary: Accept-Encoding
x-merge: GDPR Optout true
set-cookie: ljtrtb=eJyrVrI0UrJSMjc3MTYytjS1tDA0MzU0MjIzN1WqBQBXGQYS; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:07 GMT; Max-Age=31536000;Secure;SameSite=None
expires: Fri, 20 Mar 2009 00:00:00 GMT
set-cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:07 GMT; Max-Age=31536000;Secure;SameSite=None
set-cookie: ljtrtbexp=eJxlkEsOgDAIRO%2FStYuBUihezXh3Y22iHZdv%2BOTBUbTsElURBvhW3FcOIX7qYp56c2bGSJANfSZ9nRHa2UFciY24EdM%2BpXn1aYTwwUHOdPO84PWFclA5IAX7NfAPhB5puXLrX%2BnzApj3T1c%3D; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:07 GMT; Max-Age=31536000;Secure;SameSite=None
cache-control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
GET

https://ce.lijit.com/merge?pid=97&3pid=RX-d6b290a7-9475-476c-9e96-018d198e6827-003

chrome.exe

Remote address:

52.48.206.11:443

Request

GET /merge?pid=97&3pid=RX-d6b290a7-9475-476c-9e96-018d198e6827-003 HTTP/2.0
host: ce.lijit.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ce.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y
cookie: ljtrtbexp=eJxlkEsOgDAIRO%2FStYuBUihezXh3Y22iHZdv%2BOTBUbTsElURBvhW3FcOIX7qYp56c2bGSJANfSZ9nRHa2UFciY24EdM%2BpXn1aYTwwUHOdPO84PWFclA5IAX7NfAPhB5puXLrX%2BnzApj3T1c%3D
cookie: _ljtrtb_92=7743239598165122675
cookie: _ljtrtb_85=AAE3oU7OVcoAABWvTcgUPA
cookie: ljtrtb=eJyrVrI0UrJSMjc3MTYytjS1tDA0MzU0MjIzN1WqBQBXGQYS

Response

HTTP/2.0 204

date: Wed, 06 Nov 2024 03:40:07 GMT
vary: Accept-Encoding
x-merge: GDPR Optout true
set-cookie: ljtrtb=eJyrVrI0UrJSMjc3MTYytjS1tDA0MzU0MjIzN1WqBQBXGQYS; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:07 GMT; Max-Age=31536000;Secure;SameSite=None
expires: Fri, 20 Mar 2009 00:00:00 GMT
set-cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:07 GMT; Max-Age=31536000;Secure;SameSite=None
set-cookie: ljtrtbexp=eJxlkEsOgDAIRO%2FStYuBUihezXh3Y22iHZdv%2BOTBUbTsElURBvhW3FcOIX7qYp56c2bGSJANfSZ9nRHa2UFciY24EdM%2BpXn1aYTwwUHOdPO84PWFclA5IAX7NfAPhB5puXLrX%2BnzApj3T1c%3D; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:07 GMT; Max-Age=31536000;Secure;SameSite=None
cache-control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
GET

https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

69.173.156.148:443

Request

GET /exchange/sync.php?p=sovrn-onscroll&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/1.1
Host: pixel-eu.rubiconproject.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ce.lijit.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 7c5d24517ee193cc868994bc18883d1d
Content-Type: image/gif
DNS

cs.krushmedia.com

chrome.exe

Remote address:

8.8.8.8:53

Request

cs.krushmedia.com

IN A

Response

cs.krushmedia.com

IN A

80.77.87.216
DNS

um.simpli.fi

chrome.exe

Remote address:

8.8.8.8:53

Request

um.simpli.fi

IN A

Response

um.simpli.fi

IN A

34.91.62.186

um.simpli.fi

IN A

35.204.158.49

um.simpli.fi

IN A

35.204.74.118
DNS

s.ad.smaato.net

chrome.exe

Remote address:

8.8.8.8:53

Request

s.ad.smaato.net

IN A

Response

s.ad.smaato.net

IN A

18.66.248.129

s.ad.smaato.net

IN A

18.66.248.84

s.ad.smaato.net

IN A

18.66.248.81

s.ad.smaato.net

IN A

18.66.248.116
DNS

ums.acuityplatform.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ums.acuityplatform.com

IN A

Response

ums.acuityplatform.com

IN A

154.59.122.79
GET

https://ums.acuityplatform.com/tum?umid=27&uid=Jno7ABZHcfCkY9miSFGVuR2Y&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

154.59.122.79:443

Request

GET /tum?umid=27&uid=Jno7ABZHcfCkY9miSFGVuR2Y&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/1.1
Host: ums.acuityplatform.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ce.lijit.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content
GET

https://s.ad.smaato.net/c/?adExInit=sovrn&gdpr=&gdpr_consent=&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D108%263pid%3D%24UID&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

18.66.248.129:443

Request

GET /c/?adExInit=sovrn&gdpr=&gdpr_consent=&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D108%263pid%3D%24UID&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: s.ad.smaato.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ce.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

server: CloudFront
date: Wed, 06 Nov 2024 03:40:06 GMT
cache-control: no-cache, must-revalidate
x-cache: Miss from cloudfront
via: 1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-amz-cf-id: ttAmJ91qD88vVHC3xm15Y3ZbEtD-lxZibeJfWwn_VBNLjjNoDKzInQ==
DNS

data.adsrvr.org

chrome.exe

Remote address:

8.8.8.8:53

Request

data.adsrvr.org

IN A

Response

data.adsrvr.org

IN CNAME

match.adsrvr.org

match.adsrvr.org

IN A

35.71.131.137

match.adsrvr.org

IN A

52.223.40.198

match.adsrvr.org

IN A

15.197.193.217

match.adsrvr.org

IN A

3.33.220.150
DNS

sync.serverbid.com

chrome.exe

Remote address:

8.8.8.8:53

Request

sync.serverbid.com

IN A

Response

sync.serverbid.com

IN CNAME

d1giprow6b9psh.cloudfront.net

d1giprow6b9psh.cloudfront.net

IN A

18.154.63.117

d1giprow6b9psh.cloudfront.net

IN A

18.154.63.17

d1giprow6b9psh.cloudfront.net

IN A

18.154.63.18

d1giprow6b9psh.cloudfront.net

IN A

18.154.63.20
GET

https://c21lg-d.media.net/log?logid=kfk&evtid=cs&del=1&vsid=3738659910494091000V10&origin=1&flt=0&pvgid[]=data-p&pvgid[]=data-b&pvgid[]=data-t&pvgid[]=data-sov&pvgid[]=data-r1&pvgid[]=data-pb&pvgid[]=data-k&pvgid[]=data-tx&pvgid[]=data-ct&pvgid[]=data-xu

chrome.exe

Remote address:

2.23.220.28:443

Request

GET /log?logid=kfk&evtid=cs&del=1&vsid=3738659910494091000V10&origin=1&flt=0&pvgid[]=data-p&pvgid[]=data-b&pvgid[]=data-t&pvgid[]=data-sov&pvgid[]=data-r1&pvgid[]=data-pb&pvgid[]=data-k&pvgid[]=data-tx&pvgid[]=data-ct&pvgid[]=data-xu HTTP/1.1
Host: c21lg-d.media.net
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://contextual.media.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: visitor-id=3738659910494091000V10; data-g=CAESEIX401_NKXS-u7-kU4MVVmw~~8

Response

HTTP/1.1 200 OK

Content-Type: image/gif
Access-Control-Allow-Origin: *
Content-Length: 35
Expires: Wed, 06 Nov 2024 03:40:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 06 Nov 2024 03:40:07 GMT
Connection: keep-alive
GET

https://token.rubiconproject.com/khaos.json?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

chrome.exe

Remote address:

69.173.156.149:443

Request

GET /khaos.json?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1 HTTP/1.1
Host: token.rubiconproject.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Origin: https://eus.rubiconproject.com
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://eus.rubiconproject.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 7c5d24517ee193cc868994bc18883d1d
access-control-allow-credentials: true
access-control-allow-origin: https://eus.rubiconproject.com
content-type: application/json; charset=UTF-8
content-length: 7
GET

https://sync.serverbid.com/syncs/audio.html?gdpr={{.GDPR}}&gdpr_consent={{.GDPRConsent}}&us_privacy={{.USPrivacy}}&gpp={{.GPP}}&gpp_sid={{.GPPSID}}&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

18.154.63.117:443

Request

GET /syncs/audio.html?gdpr={{.GDPR}}&gdpr_consent={{.GDPRConsent}}&us_privacy={{.USPrivacy}}&gpp={{.GPP}}&gpp_sid={{.GPPSID}}&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: sync.serverbid.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ce.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/html
content-length: 79
last-modified: Tue, 05 Dec 2023 20:33:24 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Tue, 05 Nov 2024 20:53:19 GMT
etag: "f4efd6c3fb6ff75c0c266c1967109d39"
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 e854bbca657208a759bb2d8d135f9d78.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P4
x-amz-cf-id: V9NClPTg304kd672nfwGyqt55_sDCPDWkbi8azVkf4px09HPS03RcA==
age: 24409
DNS

ad.turn.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ad.turn.com

IN A

Response

ad.turn.com

IN CNAME

presentation-ams1.turn.com

presentation-ams1.turn.com

IN A

46.228.164.11
DNS

s0.2mdn.net

chrome.exe

Remote address:

8.8.8.8:53

Request

s0.2mdn.net

IN A

Response

s0.2mdn.net

IN A

172.217.16.230
DNS

t.adx.opera.com

chrome.exe

Remote address:

8.8.8.8:53

Request

t.adx.opera.com

IN A

Response

t.adx.opera.com

IN CNAME

outspot2-ams.adx.opera.com

outspot2-ams.adx.opera.com

IN A

82.145.213.8
GET

https://ad.turn.com/r/cs?pid=45&id=RX-d6b290a7-9475-476c-9e96-018d198e6827-003&rndcb=2823041597

chrome.exe

Remote address:

46.228.164.11:443

Request

GET /r/cs?pid=45&id=RX-d6b290a7-9475-476c-9e96-018d198e6827-003&rndcb=2823041597 HTTP/2.0
host: ad.turn.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ce.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
pragma: no-cache
set-cookie: uid=2699113523548803539; Domain=.turn.com; Expires=Mon, 05-May-2025 03:40:07 GMT; Path=/; Secure; SameSite=None
location: https://sync.1rx.io/usersync/turn/2699113523548803539?dspret=1&gdpr=&gdpr_consent=&us_privacy=
content-length: 0
date: Wed, 06 Nov 2024 03:40:06 GMT
GET

https://s0.2mdn.net/dot.gif?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

172.217.16.230:443

Request

GET /dot.gif?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: s0.2mdn.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ce.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0015a00003HljHyAAJ&ru=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3D33ACROSS%26ttl%3D720%26uid%3D2f9442d7df2189f76c8b593d5f54ce95%26visitor%3D33XUSERID33X%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

67.202.105.24:443

Request

GET /ps/?m=xch&rt=html&id=0015a00003HljHyAAJ&ru=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3D33ACROSS%26ttl%3D720%26uid%3D2f9442d7df2189f76c8b593d5f54ce95%26visitor%3D33XUSERID33X%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: ssc-cms.33across.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

x-33x-status: 2000208
server: 33XP020
date: Wed, 06 Nov 2024 03:40:06 GMT
DNS

pixel-us-east.rubiconproject.com

chrome.exe

Remote address:

8.8.8.8:53

Request

pixel-us-east.rubiconproject.com

IN A

Response

pixel-us-east.rubiconproject.com

IN CNAME

pixel-us-east.rubiconproject.net.akadns.net

pixel-us-east.rubiconproject.net.akadns.net

IN A

69.173.151.100
GET

https://csync.loopme.me/?pubid=11480&redirect=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fuid%3D68c72dd412a8d0f3f6d2276db2509939%26name%3DLOOPME%26visitor%3D%7Bdevice_id%7D&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

35.214.205.154:443

Request

GET /?pubid=11480&redirect=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fuid%3D68c72dd412a8d0f3f6d2276db2509939%26name%3DLOOPME%26visitor%3D%7Bdevice_id%7D&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: csync.loopme.me
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: viewer_token=630e474c-39b1-4e7e-971f-617b8538d734

Response

HTTP/2.0 307

set-cookie: viewer_token=630e474c-39b1-4e7e-971f-617b8538d734; path=/; domain=csync.loopme.me; secure; HttpOnly; Expires=Thu, 06-Feb-2025 03:40:07 GMT; SameSite=None
location: https://visitor.omnitagjs.com/visitor/sync?uid=68c72dd412a8d0f3f6d2276db2509939&name=LOOPME&visitor=630e474c-39b1-4e7e-971f-617b8538d734&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1
content-length: 0
date: Wed, 06 Nov 2024 03:40:07 GMT
server: _
GET

https://sync-service.net/ssp?token=0K3iZk8wcIw5&pl=bi&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

204.62.12.209:443

Request

GET /ssp?token=0K3iZk8wcIw5&pl=bi&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/1.1
Host: sync-service.net
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://visitor.omnitagjs.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 06 Nov 2024 03:40:07 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: bcc_cookie_id=b3c9ca0a885e708befb2997d1e1a6492; path=/; expires=Thu, 06 Nov 2025 03:40:07 GMT; HttpOnly
Location: https://visitor.omnitagjs.com/visitor/sync?name=BIDINFLUENCE&uid=73a6fc4f48ca80f3b6c9454f77a18d8b&visitor=b3c9ca0a885e708befb2997d1e1a6492
GET

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&id=ZyrlBbmqPkgAAGCeAgrT-wAAE7oAAAAB&gpp=&gpp_sid=

chrome.exe

Remote address:

98.82.157.231:443

Request

GET /dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&id=ZyrlBbmqPkgAAGCeAgrT-wAAE7oAAAAB&gpp=&gpp_sid= HTTP/1.1
Host: s.amazon-adsystem.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ssum-sec.casalemedia.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8; ad-privacy=0

Response

HTTP/1.1 200 OK

Server: Server
Date: Wed, 06 Nov 2024 03:40:07 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: 1KA7926HR9GY23WWYJRJ
Set-Cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8; Domain=.amazon-adsystem.com; Expires=Tue, 01-Jul-2025 03:40:07 GMT; Path=/; Secure; HttpOnly; SameSite=None
Set-Cookie: ad-privacy=0; Domain=.amazon-adsystem.com; Expires=Tue, 01-Jan-2030 03:40:07 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
DNS

p.rfihub.com

chrome.exe

Remote address:

8.8.8.8:53

Request

p.rfihub.com

IN A

Response

p.rfihub.com

IN CNAME

a.rfihub.com

a.rfihub.com

IN CNAME

a.rfihub.com.akadns.net

a.rfihub.com.akadns.net

IN CNAME

a-emea.rfihub.com.akadns.net

a-emea.rfihub.com.akadns.net

IN A

193.0.160.131
DNS

a.tribalfusion.com

chrome.exe

Remote address:

8.8.8.8:53

Request

a.tribalfusion.com

IN A

Response

a.tribalfusion.com

IN A

172.64.150.63

a.tribalfusion.com

IN A

104.18.37.193
GET

https://a.tribalfusion.com/i.match?p=b20&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com/crum%3Fcm_dsp_id%3D131%26external_user_id%3D%24TF_USER_ID_ENC%24&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_user_id=ZyrlBbmqPkgAAGCeAgrT.wAA

chrome.exe

Remote address:

172.64.150.63:443

Request

GET /i.match?p=b20&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com/crum%3Fcm_dsp_id%3D131%26external_user_id%3D%24TF_USER_ID_ENC%24&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_user_id=ZyrlBbmqPkgAAGCeAgrT.wAA HTTP/2.0
host: a.tribalfusion.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ssum-sec.casalemedia.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Wed, 06 Nov 2024 03:40:07 GMT
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b20&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com/crum%3Fcm_dsp_id%3D131%26external_user_id%3D%24TF_USER_ID_ENC%24&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_user_id=ZyrlBbmqPkgAAGCeAgrT.wAA
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 206
x-reuse-index: 28
cache-control: no-cache
cache-control: private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: ANON_ID=aHnoeUolXVyQuWxdIZckMPDGHQdUGI1eqdGeXAXKT; path=/; domain=.tribalfusion.com; expires=Tue, 04-Feb-2025 03:40:07 GMT; SameSite=None; Secure;
set-cookie: ANON_ID_old=aHnoeUolXVyQuWxdIZckMPDGHQdUGI1eqdGeXAXKT; path=/; domain=.tribalfusion.com; expires=Tue, 04-Feb-2025 03:40:07 GMT;
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8de20f724b13d1fd-LHR
alt-svc: h3=":443"; ma=86400
GET

https://s.tribalfusion.com/z/i.match?p=b20&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com/crum%3Fcm_dsp_id%3D131%26external_user_id%3D%24TF_USER_ID_ENC%24&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_user_id=ZyrlBbmqPkgAAGCeAgrT.wAA

chrome.exe

Remote address:

172.64.150.63:443

Request

GET /z/i.match?p=b20&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com/crum%3Fcm_dsp_id%3D131%26external_user_id%3D%24TF_USER_ID_ENC%24&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_user_id=ZyrlBbmqPkgAAGCeAgrT.wAA HTTP/2.0
host: s.tribalfusion.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ssum-sec.casalemedia.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ANON_ID=aHnoeUolXVyQuWxdIZckMPDGHQdUGI1eqdGeXAXKT

Response

HTTP/2.0 302

date: Wed, 06 Nov 2024 03:40:07 GMT
content-type: text/html
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=131&external_user_id=18072662166051215300
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 209
x-reuse-index: 2
cache-control: no-cache
cache-control: private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8de20f739d03d1fd-LHR
alt-svc: h3=":443"; ma=86400
DNS

s.tribalfusion.com

chrome.exe

Remote address:

8.8.8.8:53

Request

s.tribalfusion.com

IN A

Response

s.tribalfusion.com

IN A

172.64.150.63

s.tribalfusion.com

IN A

104.18.37.193
GET

https://c.amazon-adsystem.com/cdn/prod/config?src=3177&u=https%3A%2F%2Fen.softonic.com

chrome.exe

Remote address:

108.157.7.75:443

Request

GET /cdn/prod/config?src=3177&u=https%3A%2F%2Fen.softonic.com HTTP/2.0
host: c.amazon-adsystem.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8
cookie: ad-privacy=0

Response

HTTP/2.0 200

content-type: application/json;charset=UTF-8
content-length: 487
access-control-allow-origin: https://en.softonic.com
access-control-allow-credentials: true
cache-control: max-age=21550, s-maxage=21600
date: Wed, 06 Nov 2024 01:44:21 GMT
server: Server
x-cache: Hit from cloudfront
via: 1.1 c1c42e732809880dbf4b6deb496490ae.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: wdCndO1BkhBgy3P8vIaansS1V9ub36lIdu07Q1CdpgwOuxbrlqQ_dQ==
age: 6948
GET

https://www.clarity.ms/tag/n22abp4c18

chrome.exe

Remote address:

13.107.246.65:443

Request

GET /tag/n22abp4c18 HTTP/2.0
host: www.clarity.ms
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: CLID=c8802170a4914d16b9dc460d332019fe.20241106.20251106

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:40:09 GMT
content-type: application/x-javascript
content-length: 701
cache-control: no-cache, no-store
expires: -1
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d
x-azure-ref: 20241106T034009Z-r1559f78f6bglqmlhC1LONakn0000000050000000000a201
x-cache: CONFIG_NOCACHE
accept-ranges: bytes
GET

https://btloader.com/tag?o=5633429348548608&upapi=true

chrome.exe

Remote address:

104.22.75.216:443

Request

GET /tag?o=5633429348548608&upapi=true HTTP/2.0
host: btloader.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
if-none-match: "ac26a6b901db30402db9ea05b3198682"
if-modified-since: Wed, 06 Nov 2024 02:46:45 GMT

Response

HTTP/2.0 304

date: Wed, 06 Nov 2024 03:40:09 GMT
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
etag: "ac26a6b901db30402db9ea05b3198682"
last-modified: Wed, 06 Nov 2024 02:46:45 GMT
vary: Origin, Accept-Encoding
x-robots-tag: noindex, nofollow
via: 1.1 google
cf-cache-status: HIT
age: 3019
server: cloudflare
cf-ray: 8de20f80fd6863ae-LHR
DNS

wct.softonic.com

chrome.exe

Remote address:

8.8.8.8:53

Request

wct.softonic.com

IN A

Response

wct.softonic.com

IN CNAME

api.wecantrack.com

api.wecantrack.com

IN A

104.26.3.63

api.wecantrack.com

IN A

172.67.74.173

api.wecantrack.com

IN A

104.26.2.63
DNS

js.adscale.de

chrome.exe

Remote address:

8.8.8.8:53

Request

js.adscale.de

IN A

Response

js.adscale.de

IN CNAME

d2w45tum40fmzp.cloudfront.net

d2w45tum40fmzp.cloudfront.net

IN A

18.173.233.7

d2w45tum40fmzp.cloudfront.net

IN A

18.173.233.112

d2w45tum40fmzp.cloudfront.net

IN A

18.173.233.13

d2w45tum40fmzp.cloudfront.net

IN A

18.173.233.106
GET

https://js.adscale.de/map.js

chrome.exe

Remote address:

18.173.233.7:443

Request

GET /map.js HTTP/2.0
host: js.adscale.de
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
last-modified: Mon, 04 Nov 2024 17:50:59 GMT
content-encoding: gzip
x-amz-server-side-encryption: AES256
x-amz-version-id: REr1mP17aNPjyLEocbT4OfGGbb51tAw.
server: AmazonS3
date: Wed, 06 Nov 2024 01:51:02 GMT
cache-control: max-age=7200, stale-while-revalidate=86400
etag: W/"bb2519f07c2b375b30fd87c577394952"
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 7270c380adcd801a51b624e5f77df782.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P3
x-amz-cf-id: UgSgz-KFY4F9ebPuYuYkNLfCzaL6UsgUliEz4wXbz2QNM0ioNqz7DA==
age: 6548
GET

https://wct.softonic.com/wct.js?type=session

chrome.exe

Remote address:

104.26.3.63:443

Request

GET /wct.js?type=session HTTP/2.0
host: wct.softonic.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: rv_prebid_position=151
cookie: rv_test_position=642
cookie: rv_rh_position=0.6
cookie: rv_fp_ad_session_id=88d12145-64c4-4cdf-8dc4-1d33a1ebfa13
cookie: _clck=1uhbk6o%7C2%7Cfqn%7C0%7C1771
cookie: _gcl_au=1.1.1883251844.1730864384
cookie: _adbs=JTdCJTIyaW5zdGFsbGVkJTIyJTNBZmFsc2UlMkMlMjJhY3RpdmUlMjIlM0FmYWxzZSUyQyUyMmxhc3RTdGF0ZSUyMiUzQWZhbHNlJTdE
cookie: euconsent-v2=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA
cookie: didomi_token=eyJ1c2VyX2lkIjoiMTkyZmY4ZTgtYTFhNy02ZDMyLTg1NjgtODljMzgwMWYwNWNjIiwiY3JlYXRlZCI6IjIwMjQtMTEtMDZUMDM6Mzk6NDQuNTM4WiIsInVwZGF0ZWQiOiIyMDI0LTExLTA2VDAzOjM5OjQ2LjE3MloiLCJ2ZW5kb3JzIjp7ImVuYWJsZWQiOlsiZ29vZ2xlIiwiYW1hem9uIiwiYzpncmF2YXRhciIsImM6YmluZy1hZHMiLCJjOmludG93b3dpbi1xYXp0NXRHaSIsImM6c3RpY2t5YWRzIiwiYzphZHZlcnRpc2luZ2NvbSIsImM6aG90amFyIiwiYzp0cmVtb3ItdmlkZW8iLCJjOmJhaWR1LWFkcyIsImM6Z2lneWEtY291bnRlciIsImM6cmFtYmxlciIsImM6Z2lneWEiLCJjOm1hcmtldG8iLCJjOnNla2luZG8iLCJjOmFkc3RpciIsImM6YnJpZ2h0cm9sbCIsImM6YWRhcHR2IiwiYzphZHNjaWVuY2UiLCJjOmFkaW5nbyIsImM6YWR2ZXJzZXJ2ZSIsImM6bGtxZCIsImM6ZXEtYWR2ZXJ0aXNpbmciLCJjOmRpc3F1cyIsImM6c3luYWNvciIsImM6YWRuZXQtbWVkaWEiLCJjOmFkbmV0LW1lZHlhbmV0IiwiYzphZG1vYiIsImM6ZnJvc21vLW9wdGltaXplciIsImM6aW5mZWN0aW91cy1tZWRpYSIsImM6dmlkZW9sb2d5IiwiYzpzbWFydGJpZC1QZkRhRXA4YiIsImM6Ymx1ZWthaSIsImM6Z29vZ2xlYW5hLTRUWG5KaWdSIiwiYzpkaXN0cmljdG0tQllFQUVCbUgiLCJjOnN5c3RlbTEtVVc5NHk4ZlIiLCJjOnJldGFyZ2V0ZWQtYlB3MjNXUnEiLCJjOndlY2FudHJhY2stVlVRckJhVk4iLCJjOmFheGxsYy0zRVJyTFhuUSIsImM6ZW14ZGlnaXRhLUczUVFCaDRRIiwiYzplYmF5LXN0YXRzIiwiYzphZmZpbGluZXQiLCJjOnNjb290YS1FVkN3cnlDZCIsImM6bWljcm9zb2Z0IiwiYzpoYXZhc21lZGktQkFHN3BKRGUiLCJjOmZyYWN0aW9uYWwtbjJqWURGUE4iLCJjOmRpZG9taSJdfSwicHVycG9zZXMiOnsiZW5hYmxlZCI6WyJnZW9sb2NhdGlvbl9kYXRhIiwiZGV2aWNlX2NoYXJhY3RlcmlzdGljcyIsImdlb19hZHMiXX0sInZlcnNpb24iOjIsImFjIjoiREpPQlFBRVlBTElBWFFBMkFCNkFFcUFNQUFZZ0JOd0NoZ0dmQVBOQWU0Qjd3RU9BTkhBZFVBOVVDRFlFUndJa2dTMUFuNEJSVUN3NEZxUU1SQWRPQTZzQjJFRVZBSXpRU0VBazFCTFdDZDRGQkFLRHdVNmdzLUJrbUFBQS5BQUFBIn0=
cookie: rv_google_ppid=565bca3c-352a-4a8b-b04c-cca852f6b9dc
cookie: persistent.fpmUserId=b0c73705-42e9-4158-ab16-ffbe4fbb4326
cookie: session.fpmSessionId=f628e2ba-1e9d-497c-a77c-0aac19b65dad
cookie: __gsas=ID=b7705755fe2f1855:T=1730864387:RT=1730864387:S=ALNI_MbdJlmAzW73n5xBnGa_qEzozLsAOA
cookie: panoramaId_expiry=1730950787449
cookie: AMP_TOKEN=%24NOT_FOUND
cookie: _gid=GA1.2.937552829.1730864387
cookie: _dc_gtm_UA-152357-1=1
cookie: __gads=ID=f70f6c052a03358a:T=1730864387:RT=1730864387:S=ALNI_MYkkQkJB_kYNb62ylfY1XTSyK_Uhw
cookie: __gpi=UID=00000f252dfe42aa:T=1730864387:RT=1730864387:S=ALNI_MZl-v3ZG4VZaiUqnu1yQJ9gLnRVAQ
cookie: __eoi=ID=9330ec229148b1b8:T=1730864387:RT=1730864387:S=AA-AfjZKAT-JIrc_-NT8zvIYzxqJ
cookie: softonic-r2d2-view-state=1
cookie: _gat_UA-152357-1=1
cookie: _fbp=fb.1.1730864403242.717237240466354142
cookie: _ga=GA1.2.1213229484.1730864387
cookie: _ga_R5K71YRXMV=GS1.1.1730864386.1.1.1730864408.38.0.0
cookie: session.referrerPageId=app_download
cookie: session.pv=3
cookie: rv_fp_pv=3

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:40:09 GMT
content-type: application/javascript
cf-ray: 8de20f824f079583-LHR
cf-cache-status: HIT
access-control-allow-origin: *
age: 4219
cache-control: public, max-age:3600
last-modified: Wed, 06 Nov 2024 02:29:50 GMT
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4%2FMSgNOU3Ayv9gsNWwgXrxuohxc7dKlG20Q2EJX1Ul0S%2Fv6RUNkFvAaWg2QBxf%2FMQNI29tiOQULxQH2LrZuaqZcQLD%2BNodeDY0%2BllBRSgFOtbQ2CgOPBF7yAvg3N66DKUuU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=21565&sent=6&recv=10&lost=0&retrans=0&sent_bytes=2863&recv_bytes=3435&delivery_rate=133813&cwnd=253&unsent_bytes=0&cid=76af09e23c3c64bf&ts=76&x=0"
GET

https://wct.softonic.com/wct.js?type=auto-tagging

chrome.exe

Remote address:

104.26.3.63:443

Request

GET /wct.js?type=auto-tagging HTTP/2.0
host: wct.softonic.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: rv_prebid_position=151
cookie: rv_test_position=642
cookie: rv_rh_position=0.6
cookie: rv_fp_ad_session_id=88d12145-64c4-4cdf-8dc4-1d33a1ebfa13
cookie: _clck=1uhbk6o%7C2%7Cfqn%7C0%7C1771
cookie: _gcl_au=1.1.1883251844.1730864384
cookie: _adbs=JTdCJTIyaW5zdGFsbGVkJTIyJTNBZmFsc2UlMkMlMjJhY3RpdmUlMjIlM0FmYWxzZSUyQyUyMmxhc3RTdGF0ZSUyMiUzQWZhbHNlJTdE
cookie: didomi_token=eyJ1c2VyX2lkIjoiMTkyZmY4ZTgtYTFhNy02ZDMyLTg1NjgtODljMzgwMWYwNWNjIiwiY3JlYXRlZCI6IjIwMjQtMTEtMDZUMDM6Mzk6NDQuNTM4WiIsInVwZGF0ZWQiOiIyMDI0LTExLTA2VDAzOjM5OjQ2LjE3MloiLCJ2ZW5kb3JzIjp7ImVuYWJsZWQiOlsiZ29vZ2xlIiwiYW1hem9uIiwiYzpncmF2YXRhciIsImM6YmluZy1hZHMiLCJjOmludG93b3dpbi1xYXp0NXRHaSIsImM6c3RpY2t5YWRzIiwiYzphZHZlcnRpc2luZ2NvbSIsImM6aG90amFyIiwiYzp0cmVtb3ItdmlkZW8iLCJjOmJhaWR1LWFkcyIsImM6Z2lneWEtY291bnRlciIsImM6cmFtYmxlciIsImM6Z2lneWEiLCJjOm1hcmtldG8iLCJjOnNla2luZG8iLCJjOmFkc3RpciIsImM6YnJpZ2h0cm9sbCIsImM6YWRhcHR2IiwiYzphZHNjaWVuY2UiLCJjOmFkaW5nbyIsImM6YWR2ZXJzZXJ2ZSIsImM6bGtxZCIsImM6ZXEtYWR2ZXJ0aXNpbmciLCJjOmRpc3F1cyIsImM6c3luYWNvciIsImM6YWRuZXQtbWVkaWEiLCJjOmFkbmV0LW1lZHlhbmV0IiwiYzphZG1vYiIsImM6ZnJvc21vLW9wdGltaXplciIsImM6aW5mZWN0aW91cy1tZWRpYSIsImM6dmlkZW9sb2d5IiwiYzpzbWFydGJpZC1QZkRhRXA4YiIsImM6Ymx1ZWthaSIsImM6Z29vZ2xlYW5hLTRUWG5KaWdSIiwiYzpkaXN0cmljdG0tQllFQUVCbUgiLCJjOnN5c3RlbTEtVVc5NHk4ZlIiLCJjOnJldGFyZ2V0ZWQtYlB3MjNXUnEiLCJjOndlY2FudHJhY2stVlVRckJhVk4iLCJjOmFheGxsYy0zRVJyTFhuUSIsImM6ZW14ZGlnaXRhLUczUVFCaDRRIiwiYzplYmF5LXN0YXRzIiwiYzphZmZpbGluZXQiLCJjOnNjb290YS1FVkN3cnlDZCIsImM6bWljcm9zb2Z0IiwiYzpoYXZhc21lZGktQkFHN3BKRGUiLCJjOmZyYWN0aW9uYWwtbjJqWURGUE4iLCJjOmRpZG9taSJdfSwicHVycG9zZXMiOnsiZW5hYmxlZCI6WyJnZW9sb2NhdGlvbl9kYXRhIiwiZGV2aWNlX2NoYXJhY3RlcmlzdGljcyIsImdlb19hZHMiXX0sInZlcnNpb24iOjIsImFjIjoiREpPQlFBRVlBTElBWFFBMkFCNkFFcUFNQUFZZ0JOd0NoZ0dmQVBOQWU0Qjd3RU9BTkhBZFVBOVVDRFlFUndJa2dTMUFuNEJSVUN3NEZxUU1SQWRPQTZzQjJFRVZBSXpRU0VBazFCTFdDZDRGQkFLRHdVNmdzLUJrbUFBQS5BQUFBIn0=
cookie: euconsent-v2=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA
cookie: rv_google_ppid=565bca3c-352a-4a8b-b04c-cca852f6b9dc
cookie: persistent.fpmUserId=b0c73705-42e9-4158-ab16-ffbe4fbb4326
cookie: session.fpmSessionId=f628e2ba-1e9d-497c-a77c-0aac19b65dad
cookie: __gsas=ID=b7705755fe2f1855:T=1730864387:RT=1730864387:S=ALNI_MbdJlmAzW73n5xBnGa_qEzozLsAOA
cookie: panoramaId_expiry=1730950787449
cookie: AMP_TOKEN=%24NOT_FOUND
cookie: _gid=GA1.2.937552829.1730864387
cookie: _dc_gtm_UA-152357-1=1
cookie: __gads=ID=f70f6c052a03358a:T=1730864387:RT=1730864387:S=ALNI_MYkkQkJB_kYNb62ylfY1XTSyK_Uhw
cookie: __gpi=UID=00000f252dfe42aa:T=1730864387:RT=1730864387:S=ALNI_MZl-v3ZG4VZaiUqnu1yQJ9gLnRVAQ
cookie: __eoi=ID=9330ec229148b1b8:T=1730864387:RT=1730864387:S=AA-AfjZKAT-JIrc_-NT8zvIYzxqJ
cookie: softonic-r2d2-view-state=1
cookie: _gat_UA-152357-1=1
cookie: _fbp=fb.1.1730864403242.717237240466354142
cookie: _ga=GA1.2.1213229484.1730864387
cookie: _ga_R5K71YRXMV=GS1.1.1730864386.1.1.1730864408.38.0.0
cookie: session.referrerPageId=app_download
cookie: session.pv=3
cookie: rv_fp_pv=3

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:40:10 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age:3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1el7CDFBxIS0LNtwGcjv1UIlLtx%2FmUsqht3hJsz0A93cy%2Fg2Hxry3G45CAcnqINFRi2Al7sNyxKnn0oZHKNzJva%2F2Nm7Kd4m5xDvoUiFLmg%2FGXBcaJrOjQ9Pi9xbsv9cpiI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8de20f8428099583-LHR
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=20758&sent=32&recv=27&lost=0&retrans=0&sent_bytes=15685&recv_bytes=6226&delivery_rate=1503045&cwnd=257&unsent_bytes=0&cid=76af09e23c3c64bf&ts=377&x=0"
POST

https://wct.softonic.com/track/update-session

chrome.exe

Remote address:

104.26.3.63:443

Request

POST /track/update-session HTTP/2.0
host: wct.softonic.com
content-length: 546
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: multipart/form-data; boundary=----WebKitFormBoundary2vqDmq3V0ByjAyYe
accept: */*
origin: https://en.softonic.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: rv_prebid_position=151
cookie: rv_test_position=642
cookie: rv_rh_position=0.6
cookie: rv_fp_ad_session_id=88d12145-64c4-4cdf-8dc4-1d33a1ebfa13
cookie: _clck=1uhbk6o%7C2%7Cfqn%7C0%7C1771
cookie: _gcl_au=1.1.1883251844.1730864384
cookie: _adbs=JTdCJTIyaW5zdGFsbGVkJTIyJTNBZmFsc2UlMkMlMjJhY3RpdmUlMjIlM0FmYWxzZSUyQyUyMmxhc3RTdGF0ZSUyMiUzQWZhbHNlJTdE
cookie: euconsent-v2=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA
cookie: didomi_token=eyJ1c2VyX2lkIjoiMTkyZmY4ZTgtYTFhNy02ZDMyLTg1NjgtODljMzgwMWYwNWNjIiwiY3JlYXRlZCI6IjIwMjQtMTEtMDZUMDM6Mzk6NDQuNTM4WiIsInVwZGF0ZWQiOiIyMDI0LTExLTA2VDAzOjM5OjQ2LjE3MloiLCJ2ZW5kb3JzIjp7ImVuYWJsZWQiOlsiZ29vZ2xlIiwiYW1hem9uIiwiYzpncmF2YXRhciIsImM6YmluZy1hZHMiLCJjOmludG93b3dpbi1xYXp0NXRHaSIsImM6c3RpY2t5YWRzIiwiYzphZHZlcnRpc2luZ2NvbSIsImM6aG90amFyIiwiYzp0cmVtb3ItdmlkZW8iLCJjOmJhaWR1LWFkcyIsImM6Z2lneWEtY291bnRlciIsImM6cmFtYmxlciIsImM6Z2lneWEiLCJjOm1hcmtldG8iLCJjOnNla2luZG8iLCJjOmFkc3RpciIsImM6YnJpZ2h0cm9sbCIsImM6YWRhcHR2IiwiYzphZHNjaWVuY2UiLCJjOmFkaW5nbyIsImM6YWR2ZXJzZXJ2ZSIsImM6bGtxZCIsImM6ZXEtYWR2ZXJ0aXNpbmciLCJjOmRpc3F1cyIsImM6c3luYWNvciIsImM6YWRuZXQtbWVkaWEiLCJjOmFkbmV0LW1lZHlhbmV0IiwiYzphZG1vYiIsImM6ZnJvc21vLW9wdGltaXplciIsImM6aW5mZWN0aW91cy1tZWRpYSIsImM6dmlkZW9sb2d5IiwiYzpzbWFydGJpZC1QZkRhRXA4YiIsImM6Ymx1ZWthaSIsImM6Z29vZ2xlYW5hLTRUWG5KaWdSIiwiYzpkaXN0cmljdG0tQllFQUVCbUgiLCJjOnN5c3RlbTEtVVc5NHk4ZlIiLCJjOnJldGFyZ2V0ZWQtYlB3MjNXUnEiLCJjOndlY2FudHJhY2stVlVRckJhVk4iLCJjOmFheGxsYy0zRVJyTFhuUSIsImM6ZW14ZGlnaXRhLUczUVFCaDRRIiwiYzplYmF5LXN0YXRzIiwiYzphZmZpbGluZXQiLCJjOnNjb290YS1FVkN3cnlDZCIsImM6bWljcm9zb2Z0IiwiYzpoYXZhc21lZGktQkFHN3BKRGUiLCJjOmZyYWN0aW9uYWwtbjJqWURGUE4iLCJjOmRpZG9taSJdfSwicHVycG9zZXMiOnsiZW5hYmxlZCI6WyJnZW9sb2NhdGlvbl9kYXRhIiwiZGV2aWNlX2NoYXJhY3RlcmlzdGljcyIsImdlb19hZHMiXX0sInZlcnNpb24iOjIsImFjIjoiREpPQlFBRVlBTElBWFFBMkFCNkFFcUFNQUFZZ0JOd0NoZ0dmQVBOQWU0Qjd3RU9BTkhBZFVBOVVDRFlFUndJa2dTMUFuNEJSVUN3NEZxUU1SQWRPQTZzQjJFRVZBSXpRU0VBazFCTFdDZDRGQkFLRHdVNmdzLUJrbUFBQS5BQUFBIn0=
cookie: rv_google_ppid=565bca3c-352a-4a8b-b04c-cca852f6b9dc
cookie: persistent.fpmUserId=b0c73705-42e9-4158-ab16-ffbe4fbb4326
cookie: session.fpmSessionId=f628e2ba-1e9d-497c-a77c-0aac19b65dad
cookie: __gsas=ID=b7705755fe2f1855:T=1730864387:RT=1730864387:S=ALNI_MbdJlmAzW73n5xBnGa_qEzozLsAOA
cookie: panoramaId_expiry=1730950787449
cookie: AMP_TOKEN=%24NOT_FOUND
cookie: _gid=GA1.2.937552829.1730864387
cookie: _dc_gtm_UA-152357-1=1
cookie: __gads=ID=f70f6c052a03358a:T=1730864387:RT=1730864387:S=ALNI_MYkkQkJB_kYNb62ylfY1XTSyK_Uhw
cookie: __gpi=UID=00000f252dfe42aa:T=1730864387:RT=1730864387:S=ALNI_MZl-v3ZG4VZaiUqnu1yQJ9gLnRVAQ
cookie: __eoi=ID=9330ec229148b1b8:T=1730864387:RT=1730864387:S=AA-AfjZKAT-JIrc_-NT8zvIYzxqJ
cookie: softonic-r2d2-view-state=1
cookie: _gat_UA-152357-1=1
cookie: _fbp=fb.1.1730864403242.717237240466354142
cookie: session.referrerPageId=app_download
cookie: session.pv=3
cookie: rv_fp_pv=3
cookie: _ga_R5K71YRXMV=GS1.1.1730864386.1.1.1730864409.37.0.0
cookie: _wctrck=1730864409456.qFIyZmUCZm18sAYfMzHnfiW4cmUaJl2atmVuwBVjhAdbskVT2yLDeiLTwASbclm1eviTekGyZmUCZm18cDPTKyLDvzSbhCbbsk0ydEGSdn24wAxbYoX4InGqLtGm3DVrMBPDfkGaJl18sySXwA69wtIOJiHvNiSiIn1qtoWqdn2GdmZCtmIOJiKL2CIWIi3GZm0ydoWmZnX4cn4qtoYiZmXitmIOJiKL2yNjYE
cookie: _ga=GA1.2.1213229484.1730864387

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:40:11 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
x-content-type-options: nosniff
x-content-type-options: nosniff
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cN%2BP9xw8MWBwxYOKWsHqAJtB%2B%2BPTPD%2FsdzYT%2BGJSeeNbbDz1t%2FFRPp8n%2FRdg%2FHTJytnCKIzeNvSPHhTX29U4ZqZYT7PJ3XfldGCFDfd4UEX8X6z%2FLcxoi8dzGs9F8hXPUcg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8de20f8abc699583-LHR
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=45364&sent=59&recv=44&lost=0&retrans=0&sent_bytes=34590&recv_bytes=9595&delivery_rate=1503045&cwnd=257&unsent_bytes=0&cid=76af09e23c3c64bf&ts=1456&x=0"
POST

https://id5-sync.com/api/config/prebid

chrome.exe

Remote address:

141.95.33.120:443

Request

POST /api/config/prebid HTTP/2.0
host: id5-sync.com
content-length: 172
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://en.softonic.com
vary: Origin
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
date: Wed, 06 Nov 2024 03:40:09 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
DNS

04bad0e059b40130318c69ce114f650e.safeframe.googlesyndication.com

chrome.exe

Remote address:

8.8.8.8:53

Request

04bad0e059b40130318c69ce114f650e.safeframe.googlesyndication.com

IN A

Response

04bad0e059b40130318c69ce114f650e.safeframe.googlesyndication.com

IN CNAME

pagead-googlehosted.l.google.com

pagead-googlehosted.l.google.com

IN A

216.58.213.1
GET

https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js

chrome.exe

Remote address:

108.157.7.75:443

Request

GET /bao-csm/aps-comm/aps_csm.js HTTP/2.0
host: c.amazon-adsystem.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
if-none-match: W/"a4d296427fc806b21335359e398c025c"

Response

HTTP/2.0 304

date: Wed, 06 Nov 2024 03:40:10 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
server: AmazonS3
x-amz-server-side-encryption: AES256
x-amz-version-id: r5.lR.LJ66XEXzxUUVo7iMemjL_F_GoE
cache-control: public, max-age=86400
etag: W/"a4d296427fc806b21335359e398c025c"
vary: Origin,accept-encoding
x-cache: Hit from cloudfront
via: 1.1 fa544a973edca8926f95609301f23b66.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: qIjYhpU3Vb2vTx-_l2-S0GRjA3QOGKCGtysFf2T0JYrba6doVKbkvw==
age: 4750
GET

https://lb.eu-1-id5-sync.com/lb/v1

chrome.exe

Remote address:

141.95.33.120:443

Request

GET /lb/v1 HTTP/2.0
host: lb.eu-1-id5-sync.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://en.softonic.com
vary: Origin
content-type: application/json;charset=UTF-8
date: Wed, 06 Nov 2024 03:40:13 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://lb.eu-1-id5-sync.com/lb/v1

chrome.exe

Remote address:

141.95.33.120:443

Request

GET /lb/v1 HTTP/2.0
host: lb.eu-1-id5-sync.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://wct.softonic.com/track/session?data=91hBSvNB6iczPn2CFjclIidnXqtnZyJn0adnYCZmYCtm34Im0iZmWqdn2GdmZCtmUeJlIzMi6icCIz2xIWcBSvNB6iYyIz2xIWIi3GZm0ydoWmZnX4cn4qtoYiZmXitmUiJlXe0rIOJiHD2xIWIiW4cmUGZmUGdm0qJn4aZm3eJlX4smUydoZqJn4aZm3eJlX4smtDKi6iYCN9vyN9Li7PJiZvwAR92BJjclIiIoIixzYjxzMvMCIWIiU9wAZjxz2bJmLq3CLrxySbJmL0cmYuszLjNzWitjTaJmLiJl04smWitjU9wAZfMDULemYusySvgzUfwtWitjKf2BS52DVrKi6iszSrxA09vzNfgCIWIi2mJl3mtngjtjPjxyMf2uWitjW4cmUaJl2atmgjtjL12BYH2qWitjP82AJv2rWitjLTwASbJmLmKmLWutuH0sOaJmLyZmUCZm1yKmLqxAljwzxvgBWbxqWitjPqJn4bJmLi0mLqJnUL2vWitjcntjX4InWitju5emYuYC39gzUL2vOaJmLaJl1yKmLegBSLMEV1Ki6isy1jclIqwyVXMB39gzTq3CVbNrYuYC39gzUL2DgjtjU9wAZfMDULwlHXwzK5wyTzKmLqwyVXMB39gzgjtjT92yUmwAU9gDM92CU4wzgjtjgjtjbntjZbhD0HMi6icBYvNiSiYn4mdn2GdmZCtmUqdo0KJmYmtmYeJi6iczPn2zIWIiurKEJnZCIOJiKLwDIWIi2udn5adn0ydoWmZnXiIoIqwAZjYE

chrome.exe

Remote address:

104.26.3.63:443

Request

GET /track/session?data=91hBSvNB6iczPn2CFjclIidnXqtnZyJn0adnYCZmYCtm34Im0iZmWqdn2GdmZCtmUeJlIzMi6icCIz2xIWcBSvNB6iYyIz2xIWIi3GZm0ydoWmZnX4cn4qtoYiZmXitmUiJlXe0rIOJiHD2xIWIiW4cmUGZmUGdm0qJn4aZm3eJlX4smUydoZqJn4aZm3eJlX4smtDKi6iYCN9vyN9Li7PJiZvwAR92BJjclIiIoIixzYjxzMvMCIWIiU9wAZjxz2bJmLq3CLrxySbJmL0cmYuszLjNzWitjTaJmLiJl04smWitjU9wAZfMDULemYusySvgzUfwtWitjKf2BS52DVrKi6iszSrxA09vzNfgCIWIi2mJl3mtngjtjPjxyMf2uWitjW4cmUaJl2atmgjtjL12BYH2qWitjP82AJv2rWitjLTwASbJmLmKmLWutuH0sOaJmLyZmUCZm1yKmLqxAljwzxvgBWbxqWitjPqJn4bJmLi0mLqJnUL2vWitjcntjX4InWitju5emYuYC39gzUL2vOaJmLaJl1yKmLegBSLMEV1Ki6isy1jclIqwyVXMB39gzTq3CVbNrYuYC39gzUL2DgjtjU9wAZfMDULwlHXwzK5wyTzKmLqwyVXMB39gzgjtjT92yUmwAU9gDM92CU4wzgjtjgjtjbntjZbhD0HMi6icBYvNiSiYn4mdn2GdmZCtmUqdo0KJmYmtmYeJi6iczPn2zIWIiurKEJnZCIOJiKLwDIWIi2udn5adn0ydoWmZnXiIoIqwAZjYE HTTP/2.0
host: wct.softonic.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: application/x-www-form-urlencoded
accept: */*
origin: https://en.softonic.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:40:10 GMT
content-type: application/json
cf-ray: 8de20f847bf876fb-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: no-cache, private
content-encoding: gzip
vary: Accept-Encoding
cf-apo-via: origin,host
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UD0b2n5djOBgAl8cPGRmuj%2B%2Bi6JSNR%2BFOCTYO0y77YcJB%2FRD6ScRSO2RNVtD%2BNUZrGNxUeVt4%2B%2BVk34f%2FL8WZ4bpULFGB0nX0Eg3JHi5IxN%2BMAXbFS3YCe%2BaLw7NXTuonnk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=TCP&rtt=20220&sent=6&recv=9&lost=0&retrans=0&sent_bytes=2863&recv_bytes=1750&delivery_rate=134770&cwnd=253&unsent_bytes=0&cid=32945fefb5674a03&ts=71&x=0"
GET

https://wct.softonic.com/wct.js?type=pattern&uid=s3czDT

chrome.exe

Remote address:

104.26.3.63:443

Request

GET /wct.js?type=pattern&uid=s3czDT HTTP/2.0
host: wct.softonic.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://en.softonic.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:40:10 GMT
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age:300
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ry3BkUTTD9Li97Gwrixuw%2FV%2FvrvXIjdugd3XW%2Bbev5rcwQ3IxByShnatK15XVyitNpkJj3l%2F9NdhInnQo6%2Fzh5bCPxm%2BfaPJLlXWU6kVh5vRanO06u8bQHykGwgVMe%2Fw%2Bkg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8de20f851c5976fb-LHR
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=24660&sent=14&recv=13&lost=0&retrans=0&sent_bytes=7479&recv_bytes=1827&delivery_rate=390260&cwnd=257&unsent_bytes=0&cid=32945fefb5674a03&ts=222&x=0"
DNS

ih.adscale.de

chrome.exe

Remote address:

8.8.8.8:53

Request

ih.adscale.de

IN A

Response

ih.adscale.de

IN A

3.125.98.251

ih.adscale.de

IN A

3.67.112.80

ih.adscale.de

IN A

18.195.17.219
DNS

prs.sftcdn.net

chrome.exe

Remote address:

8.8.8.8:53

Request

prs.sftcdn.net

IN A

Response

prs.sftcdn.net

IN CNAME

swls.map.fastly.net

swls.map.fastly.net

IN A

151.101.65.91

swls.map.fastly.net

IN A

151.101.193.91

swls.map.fastly.net

IN A

151.101.129.91

swls.map.fastly.net

IN A

151.101.1.91
GET

https://prs.sftcdn.net/softoniccom/Zfm7NQ4qyfNhFypo_herowarsprismic.jpg?auto=format,compress

chrome.exe

Remote address:

151.101.65.91:443

Request

GET /softoniccom/Zfm7NQ4qyfNhFypo_herowarsprismic.jpg?auto=format,compress HTTP/2.0
host: prs.sftcdn.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-imgix-id: 8dc808002ee94eb040b73b3d217490f382694ea6
cache-control: public, max-age=31536000
last-modified: Fri, 25 Oct 2024 04:32:55 GMT
server: imgix
log-mgt-timing: fetch=461895,misspass=161,do_stream=0
log-mgt-origin: shield=CHI,src_ip,alternate_path=0,ip=140.248.75.76,port=443,name=shield_ssl_cache_fra_etou8220076_FRA,status=200,reason=OK,method=GET,host=shield-cd73014c3caee31a58194e89a19e2bb700972757.imgix.net,path="/softoniccom/Zfm7NQ4qyfNhFypo_herowarsprismic.jpg",qs="auto=compress&fm=avif"
backend_is_origin: 0
content-type: image/avif
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 1033635
date: Wed, 06 Nov 2024 03:40:10 GMT
x-served-by: cache-chi-kigq8000169-CHI, cache-fra-etou8220076-FRA, cache-ams2100107-AMS, cache-ams2100107-AMS, cache-lcy-eglc8600046-LCY
x-cache: MISS, MISS, HIT, MISS, MISS
x-cache-hits: 0, 0
x-timer: S1730864411.508537,VS0,VE8
vary: Accept, User-Agent, Accept-Encoding
x-device-type: common
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 24709
GET

https://prs.sftcdn.net/softoniccom/ZkYu7Col0Zci9N2M_startrek2.png?auto=format,compress

chrome.exe

Remote address:

151.101.65.91:443

Request

GET /softoniccom/ZkYu7Col0Zci9N2M_startrek2.png?auto=format,compress HTTP/2.0
host: prs.sftcdn.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-imgix-id: 0dd58af3267724bc531ae8fc3cbde30e48afacc4
cache-control: public, max-age=31536000
last-modified: Mon, 14 Oct 2024 16:13:36 GMT
server: imgix
log-mgt-timing: fetch=8154,misspass=110,do_stream=0
log-mgt-origin: shield=CHI,src_ip,alternate_path=0,ip=140.248.75.88,port=443,name=shield_ssl_cache_fra_etou8220088_FRA,status=200,reason=OK,method=GET,host=shield-cd73014c3caee31a58194e89a19e2bb700972757.imgix.net,path="/softoniccom/ZlWTI6WtHYXtT1oh_500x600.jpg",qs="auto=compress&fm=avif"
backend_is_origin: 0
content-type: image/avif
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 1941994
date: Wed, 06 Nov 2024 03:40:10 GMT
x-served-by: cache-chi-klot8100161-CHI, cache-fra-etou8220088-FRA, cache-ams2100104-AMS, cache-ams2100104-AMS, cache-lcy-eglc8600046-LCY
x-cache: MISS, HIT, HIT, MISS, MISS
x-cache-hits: 0, 0
x-timer: S1730864411.509090,VS0,VE7
vary: Accept, User-Agent, Accept-Encoding
x-device-type: common
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 31260
GET

https://prs.sftcdn.net/softoniccom/ZmK4JJm069VX1iZj_riseofkingdoms-1655145831689.jpg?auto=format,compress

chrome.exe

Remote address:

151.101.65.91:443

Request

GET /softoniccom/ZmK4JJm069VX1iZj_riseofkingdoms-1655145831689.jpg?auto=format,compress HTTP/2.0
host: prs.sftcdn.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-imgix-id: 7757ec915b75dc9c4b91700cb6f2e128f45acc5e
cache-control: public, max-age=31536000
last-modified: Sat, 02 Nov 2024 07:01:17 GMT
server: imgix
content-type: image/avif
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 333533
date: Wed, 06 Nov 2024 03:40:10 GMT
x-served-by: cache-chi-klot8100132-CHI, cache-fra-etou8220141-FRA, cache-ams2100084-AMS, cache-ams2100084-AMS, cache-lcy-eglc8600046-LCY
x-cache: MISS, MISS, HIT, MISS, MISS
x-cache-hits: 0, 0
x-timer: S1730864411.508816,VS0,VE8
vary: Accept, User-Agent, Accept-Encoding
x-device-type: common
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 128001
GET

https://prs.sftcdn.net/softoniccom/1b0fa9d4-d0c9-4893-aa60-2205403306d6_EN_282x388_WT_02.jpg?auto=compress,format

chrome.exe

Remote address:

151.101.65.91:443

Request

GET /softoniccom/1b0fa9d4-d0c9-4893-aa60-2205403306d6_EN_282x388_WT_02.jpg?auto=compress,format HTTP/2.0
host: prs.sftcdn.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-imgix-id: 322180029c93b231e35fac4681c9026ce398e439
cache-control: public, max-age=315360000
last-modified: Sun, 03 Nov 2024 04:13:40 GMT
server: imgix
content-type: image/avif
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 257189
date: Wed, 06 Nov 2024 03:40:10 GMT
x-served-by: cache-chi-kigq8000034-CHI, cache-fra-etou8220114-FRA, cache-ams21057-AMS, cache-ams21057-AMS, cache-lcy-eglc8600046-LCY
x-cache: MISS, MISS, HIT, MISS, MISS
x-cache-hits: 0, 0
x-timer: S1730864411.509088,VS0,VE8
vary: Accept, User-Agent, Accept-Encoding
x-device-type: common
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 20021
GET

https://prs.sftcdn.net/softoniccom/ZlWTI6WtHYXtT1oh_500x600.jpg?auto=format,compress

chrome.exe

Remote address:

151.101.65.91:443

Request

GET /softoniccom/ZlWTI6WtHYXtT1oh_500x600.jpg?auto=format,compress HTTP/2.0
host: prs.sftcdn.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-imgix-id: 5776e900490c6eff7482055bc1aebfc67ddaff8e
cache-control: public, max-age=31536000
last-modified: Tue, 22 Oct 2024 08:53:26 GMT
server: imgix
log-mgt-timing: fetch=6873,misspass=93,do_stream=0
log-mgt-origin: shield=CHI,src_ip,alternate_path=0,ip=140.248.75.59,port=443,name=shield_ssl_cache_fra_etou8220059_FRA,status=200,reason=OK,method=GET,host=shield-cd73014c3caee31a58194e89a19e2bb700972757.imgix.net,path="/softoniccom/ZkYu7Col0Zci9N2M_startrek2.png",qs="auto=compress&fm=avif"
backend_is_origin: 0
content-type: image/avif
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 06 Nov 2024 03:40:10 GMT
age: 1277203
x-served-by: cache-chi-klot8100128-CHI, cache-fra-etou8220059-FRA, cache-ams2100111-AMS, cache-ams2100111-AMS, cache-lcy-eglc8600046-LCY
x-cache: MISS, HIT, HIT, MISS, MISS
x-cache-hits: 0, 0
x-timer: S1730864411.508855,VS0,VE8
vary: Accept, User-Agent, Accept-Encoding
x-device-type: common
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 114655
GET

https://prs.sftcdn.net/softoniccom/65917734-ab3a-483b-89ec-0996285bd220_stormshot.png?auto=format,compress

chrome.exe

Remote address:

151.101.65.91:443

Request

GET /softoniccom/65917734-ab3a-483b-89ec-0996285bd220_stormshot.png?auto=format,compress HTTP/2.0
host: prs.sftcdn.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-imgix-id: 820fdd29bef4d6c8645c40a7932dfbb06f3813ed
cache-control: public, max-age=315360000
last-modified: Fri, 01 Nov 2024 03:25:33 GMT
server: imgix
log-mgt-timing: fetch=274650,misspass=100,do_stream=0
log-mgt-origin: shield=CHI,src_ip,alternate_path=0,ip=167.82.237.137,port=443,name=shield_ssl_cache_chi_kigq8000137_CHI,status=200,reason=OK,method=GET,host=shield-cd73014c3caee31a58194e89a19e2bb700972757.imgix.net,path="/softoniccom/65917734-ab3a-483b-89ec-0996285bd220_stormshot.png",qs="auto=compress&fm=avif"
backend_is_origin: 0
content-type: image/avif
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 432877
date: Wed, 06 Nov 2024 03:40:10 GMT
x-served-by: cache-chi-kigq8000137-CHI, cache-ams21057-AMS, cache-ams21057-AMS, cache-lcy-eglc8600046-LCY
x-cache: MISS, HIT, MISS, MISS
x-cache-hits: 0, 0
x-timer: S1730864411.509207,VS0,VE8
vary: Accept, User-Agent, Accept-Encoding
x-device-type: common
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 14507
GET

https://prs.sftcdn.net/softoniccom/ZhO67hrFxhpPBXWc_seaofconquest.jpg?auto=format,compress

chrome.exe

Remote address:

151.101.65.91:443

Request

GET /softoniccom/ZhO67hrFxhpPBXWc_seaofconquest.jpg?auto=format,compress HTTP/2.0
host: prs.sftcdn.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-imgix-id: cffe59ec82a066120b9dddb4f7915a5eb8c243b8
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 2024 11:20:25 GMT
server: imgix
log-mgt-timing: fetch=707479,misspass=138,do_stream=0
log-mgt-origin: shield=CHI,src_ip,alternate_path=0,ip=167.82.237.173,port=443,name=shield_ssl_cache_chi_kigq8000173_CHI,status=200,reason=OK,method=GET,host=shield-cd73014c3caee31a58194e89a19e2bb700972757.imgix.net,path="/softoniccom/ZxDYxIF3NbkBXqTq_warrobots.png",qs="auto=compress&fm=avif"
backend_is_origin: 0
content-type: image/avif
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 922784
date: Wed, 06 Nov 2024 03:40:10 GMT
x-served-by: cache-chi-kigq8000173-CHI, cache-fra-eddf8230152-FRA, cache-ams2100101-AMS, cache-ams2100101-AMS, cache-lcy-eglc8600046-LCY
x-cache: MISS, HIT, HIT, MISS, MISS
x-cache-hits: 0, 0
x-timer: S1730864411.531610,VS0,VE8
vary: Accept, User-Agent, Accept-Encoding
x-device-type: common
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 57277
GET

https://prs.sftcdn.net/softoniccom/ZxDYxIF3NbkBXqTq_warrobots.png?auto=format,compress

chrome.exe

Remote address:

151.101.65.91:443

Request

GET /softoniccom/ZxDYxIF3NbkBXqTq_warrobots.png?auto=format,compress HTTP/2.0
host: prs.sftcdn.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-imgix-id: e6ecc1a3e0fe5f9618e063dfd5c44f270b422225
cache-control: public, max-age=31536000
last-modified: Mon, 14 Oct 2024 16:13:37 GMT
server: imgix
log-mgt-timing: fetch=405940,misspass=155,do_stream=0
log-mgt-origin: shield=CHI,src_ip,alternate_path=0,ip=140.248.75.135,port=443,name=shield_ssl_cache_fra_etou8220135_FRA,status=200,reason=OK,method=GET,host=shield-cd73014c3caee31a58194e89a19e2bb700972757.imgix.net,path="/softoniccom/ZhO67hrFxhpPBXWc_seaofconquest.jpg",qs="auto=compress&fm=avif"
backend_is_origin: 0
content-type: image/avif
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 1941993
date: Wed, 06 Nov 2024 03:40:10 GMT
x-served-by: cache-chi-klot8100130-CHI, cache-fra-etou8220135-FRA, cache-ams21056-AMS, cache-ams21056-AMS, cache-lcy-eglc8600046-LCY
x-cache: MISS, MISS, HIT, MISS, MISS
x-cache-hits: 0, 0
x-timer: S1730864411.531487,VS0,VE8
vary: Accept, User-Agent, Accept-Encoding
x-device-type: common
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 31311
GET

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&dl=n-onetag_pm-db5_smrt

chrome.exe

Remote address:

52.95.122.74:443

Request

GET /s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&dl=n-onetag_pm-db5_smrt HTTP/1.1
Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://en.softonic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8; ad-privacy=0

Response

HTTP/1.1 200 OK

Server: Server
Date: Wed, 06 Nov 2024 03:40:10 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 614
Connection: keep-alive
x-amz-rid: 9HA3R6Q3QBVWA69H41R0
Set-Cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8; Domain=.amazon-adsystem.com; Expires=Tue, 01-Jul-2025 03:40:10 GMT; Path=/; Secure; HttpOnly; SameSite=None
Set-Cookie: ad-privacy=0; Domain=.amazon-adsystem.com; Expires=Tue, 01-Jan-2030 03:40:10 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
GET

https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=smrt_n-onetag_pm-db5&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

chrome.exe

Remote address:

52.95.122.74:443

Request

GET /s/v3/pr?exlist=smrt_n-onetag_pm-db5&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1 HTTP/1.1
Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&dl=n-onetag_pm-db5_smrt
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8; ad-privacy=0

Response

HTTP/1.1 200 OK

Server: Server
Date: Wed, 06 Nov 2024 03:40:10 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 1830
Connection: keep-alive
x-amz-rid: DC6225H5DQYHXFEZHRH6
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
DNS

push-sdk.com

chrome.exe

Remote address:

8.8.8.8:53

Request

push-sdk.com

IN A

Response

push-sdk.com

IN A

23.88.8.125

push-sdk.com

IN A

178.63.248.56

push-sdk.com

IN A

178.63.248.57

push-sdk.com

IN A

157.90.33.72

push-sdk.com

IN A

157.90.33.121

push-sdk.com

IN A

157.90.33.68

push-sdk.com

IN A

23.88.8.123

push-sdk.com

IN A

157.90.33.122
GET

https://id5-sync.com/bounce

chrome.exe

Remote address:

141.95.33.120:443

Request

GET /bounce HTTP/2.0
host: id5-sync.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: 3pi=
cookie: cf=gif
cookie: cip=691
cookie: cnac=7
cookie: car=2
cookie: gdpr=1|CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA
cookie: id5=b1deb64a-8c9e-791c-a947-543182303f20#1730864387199#3

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:40:11 GMT
access-control-allow-origin: https://en.softonic.com
vary: Origin
access-control-allow-credentials: true
content-type: text/plain;charset=utf-8
strict-transport-security: max-age=63072000; includeSubDomains; preload
DNS

uidsync.net

chrome.exe

Remote address:

8.8.8.8:53

Request

uidsync.net

IN A

Response

uidsync.net

IN A

157.90.33.72

uidsync.net

IN A

23.88.8.125

uidsync.net

IN A

157.90.33.68

uidsync.net

IN A

157.90.33.122

uidsync.net

IN A

178.63.248.56

uidsync.net

IN A

157.90.33.121

uidsync.net

IN A

178.63.248.57

uidsync.net

IN A

23.88.8.123
DNS

8proof.com

chrome.exe

Remote address:

8.8.8.8:53

Request

8proof.com

IN A

Response

8proof.com

IN A

52.116.53.150
GET

https://visitor.omnitagjs.com/visitor/isync?uid=19340f4f097d16f41f34fc0274981ca4&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/isync?uid=19340f4f097d16f41f34fc0274981ca4&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:40:13 GMT
content-length: 1553
x-envoy-upstream-service-time: 5
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?name=SOVRN&ttl=720&uid=4b30a0b1f289a261ab592e1e53c126eb&visitor=Jno7ABZHcfCkY9miSFGVuR2Y&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?name=SOVRN&ttl=720&uid=4b30a0b1f289a261ab592e1e53c126eb&visitor=Jno7ABZHcfCkY9miSFGVuR2Y&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:40:13 GMT
content-length: 49
x-envoy-upstream-service-time: 3
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?name=Xandr+%E2%80%93+Invest+DSP+-+Banner&ttl=720&uid=75d56568a11564bfb79a01d2fa9fdb29&visitor=7743239598165122675&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?name=Xandr+%E2%80%93+Invest+DSP+-+Banner&ttl=720&uid=75d56568a11564bfb79a01d2fa9fdb29&visitor=7743239598165122675&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:40:13 GMT
content-length: 49
x-envoy-upstream-service-time: 3
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?name=NATIVO&ttl=720&uid=0544850a0778385701c6899403bef718&visitor=NTV_USER_ID&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?name=NATIVO&ttl=720&uid=0544850a0778385701c6899403bef718&visitor=NTV_USER_ID&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:40:13 GMT
content-length: 49
x-envoy-upstream-service-time: 4
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?name=Xandr+%E2%80%93+Invest+DSP&ttl=720&uid=48d5713d5c563cba2049f505b2d944b6&visitor=7743239598165122675&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?name=Xandr+%E2%80%93+Invest+DSP&ttl=720&uid=48d5713d5c563cba2049f505b2d944b6&visitor=7743239598165122675&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:40:13 GMT
content-length: 49
x-envoy-upstream-service-time: 4
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?uid=68c72dd412a8d0f3f6d2276db2509939&name=LOOPME&visitor=630e474c-39b1-4e7e-971f-617b8538d734&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?uid=68c72dd412a8d0f3f6d2276db2509939&name=LOOPME&visitor=630e474c-39b1-4e7e-971f-617b8538d734&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1 HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:40:13 GMT
content-length: 49
x-envoy-upstream-service-time: 4
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?name=BIDINFLUENCE&uid=73a6fc4f48ca80f3b6c9454f77a18d8b&visitor=29ccc1ff30684fb910da4140e3b9d531

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?name=BIDINFLUENCE&uid=73a6fc4f48ca80f3b6c9454f77a18d8b&visitor=29ccc1ff30684fb910da4140e3b9d531 HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:40:14 GMT
content-length: 49
x-envoy-upstream-service-time: 2
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?name=NEXXEN&ttl=720&uid=146e9da1fca8f0ce5e1ef0b5909cc4cd&visitor=RX-d6b290a7-9475-476c-9e96-018d198e6827-003&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?name=NEXXEN&ttl=720&uid=146e9da1fca8f0ce5e1ef0b5909cc4cd&visitor=RX-d6b290a7-9475-476c-9e96-018d198e6827-003&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:40:14 GMT
content-length: 49
x-envoy-upstream-service-time: 2
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?uid=74a1ec3b61e72925193cfceeea1b0608&visitor=0-4b0f4650-bb81-5838-5502-a4aae365672c$ip$138.199.29.44&name=STACKADAPT&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?uid=74a1ec3b61e72925193cfceeea1b0608&visitor=0-4b0f4650-bb81-5838-5502-a4aae365672c$ip$138.199.29.44&name=STACKADAPT&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:40:14 GMT
content-length: 49
x-envoy-upstream-service-time: 1
server: ayl-lb-fra02
GET

https://visitor.omnitagjs.com/visitor/sync?name=RISE_CODES&ttl=720&uid=48b439bcf2930e6408d6e795f7f1cdd2&visitor=ocN42TY9kp_s&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

185.255.84.153:443

Request

GET /visitor/sync?name=RISE_CODES&ttl=720&uid=48b439bcf2930e6408d6e795f7f1cdd2&visitor=ocN42TY9kp_s&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: visitor.omnitagjs.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://cs-server-s2s.yellowblue.io/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=08106d8167d5e71c65b5964a3bb3016e; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 06 Nov 2024 03:40:14 GMT
content-length: 49
x-envoy-upstream-service-time: 2
server: ayl-lb-fra02
GET

https://ap.lijit.com/beacon?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&informer=13461259

chrome.exe

Remote address:

3.251.12.140:443

Request

GET /beacon?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&informer=13461259 HTTP/2.0
host: ap.lijit.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y
cookie: ljtrtbexp=eJxlkEsOgDAIRO%2FStYuBUihezXh3Y22iHZdv%2BOTBUbTsElURBvhW3FcOIX7qYp56c2bGSJANfSZ9nRHa2UFciY24EdM%2BpXn1aYTwwUHOdPO84PWFclA5IAX7NfAPhB5puXLrX%2BnzApj3T1c%3D
cookie: ljtrtb=eJyrVrI0UrJSMjc3MTYytjS1tDA0MzU0MjIzN1XSUbIwBUo5Oroa54ea%2B4cl5zs6OoWXhSSnhwY4KtUCAHyrDm4%3D

Response

HTTP/2.0 302

server: awselb/2.0
date: Wed, 06 Nov 2024 03:40:13 GMT
content-type: text/html
content-length: 110
location: https://ce.lijit.com:443/beacon?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&informer=13461259
GET

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3DSOVRN%26ttl%3D720%26uid%3D4b30a0b1f289a261ab592e1e53c126eb%26visitor%3D%24UID%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

3.251.12.140:443

Request

GET /pixel?redir=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3DSOVRN%26ttl%3D720%26uid%3D4b30a0b1f289a261ab592e1e53c126eb%26visitor%3D%24UID%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: ap.lijit.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y
cookie: ljtrtbexp=eJxlkEsOgDAIRO%2FStYuBUihezXh3Y22iHZdv%2BOTBUbTsElURBvhW3FcOIX7qYp56c2bGSJANfSZ9nRHa2UFciY24EdM%2BpXn1aYTwwUHOdPO84PWFclA5IAX7NfAPhB5puXLrX%2BnzApj3T1c%3D
cookie: ljtrtb=eJyrVrI0UrJSMjc3MTYytjS1tDA0MzU0MjIzN1XSUbIwBUo5Oroa54ea%2B4cl5zs6OoWXhSSnhwY4KtUCAHyrDm4%3D

Response

HTTP/2.0 307

date: Wed, 06 Nov 2024 03:40:13 GMT
content-length: 0
location: https://visitor.omnitagjs.com/visitor/sync?name=SOVRN&ttl=720&uid=4b30a0b1f289a261ab592e1e53c126eb&visitor=Jno7ABZHcfCkY9miSFGVuR2Y&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA
vary: Accept-Encoding
set-cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y;Version=1;Domain=.lijit.com;Path=/;Max-Age=31536000;Secure; SameSite=None;
access-control-allow-origin: *
access-control-allow-methods: GET, POST, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
GET

https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

3.251.12.140:443

Request

GET /dsp/google/cookiematch/dv?gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: ap.lijit.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ce.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y
cookie: ljtrtb=eJyrVrI0UrJSMjc3MTYytjS1tDA0MzU0MjIzN1XSUbIwBUo5Oroa54ea%2B4cl5zs6OoWXhSSnhwY4KtUCAHyrDm4%3D
cookie: ljtrtbexp=eJxlkEsOgDAIBe%2FStQuglI9XM97dWJsoz%2BU8Phk4mrSdvQu5Evetmb1MtjXnWvenzmopN2emz4RyUKwk6gxb5SDgDqzAozoF7BOYF1tG5DbZwVnqvnXB60uCQccAFPTXgD9geKRm5RFf6fMCeDVPKw%3D%3D

Response

HTTP/2.0 302

date: Wed, 06 Nov 2024 03:40:13 GMT
content-length: 0
location: https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=Sm5vN0FCWkhjZkNrWTltaVNGR1Z1UjJZ&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA
vary: Accept-Encoding
set-cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y;Version=1;Domain=.lijit.com;Path=/;Max-Age=31536000;Secure; SameSite=None;
access-control-allow-origin: *
access-control-allow-methods: GET, POST, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
GET

https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

3.251.12.140:443

Request

GET /dsp/google/cookiematch/beacon?gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: ap.lijit.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ce.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y
cookie: ljtrtb=eJyrVrI0UrJSMjc3MTYytjS1tDA0MzU0MjIzN1XSUbIwBUo5Oroa54ea%2B4cl5zs6OoWXhSSnhwY4KtUCAHyrDm4%3D
cookie: ljtrtbexp=eJxlkEsOgDAIBe%2FStQuglI9XM97dWJsoz%2BU8Phk4mrSdvQu5Evetmb1MtjXnWvenzmopN2emz4RyUKwk6gxb5SDgDqzAozoF7BOYF1tG5DbZwVnqvnXB60uCQccAFPTXgD9geKRm5RFf6fMCeDVPKw%3D%3D

Response

HTTP/2.0 302

date: Wed, 06 Nov 2024 03:40:13 GMT
content-length: 0
location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=Sm5vN0FCWkhjZkNrWTltaVNGR1Z1UjJZ&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA
vary: Accept-Encoding
set-cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y;Version=1;Domain=.lijit.com;Path=/;Max-Age=31536000;Secure; SameSite=None;
access-control-allow-origin: *
access-control-allow-methods: GET, POST, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
GET

https://ce.lijit.com/beacon?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&informer=13461259

chrome.exe

Remote address:

52.48.206.11:443

Request

GET /beacon?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&informer=13461259 HTTP/2.0
host: ce.lijit.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y
cookie: ljtrtbexp=eJxlkEsOgDAIRO%2FStYuBUihezXh3Y22iHZdv%2BOTBUbTsElURBvhW3FcOIX7qYp56c2bGSJANfSZ9nRHa2UFciY24EdM%2BpXn1aYTwwUHOdPO84PWFclA5IAX7NfAPhB5puXLrX%2BnzApj3T1c%3D
cookie: ljtrtb=eJyrVrI0UrJSMjc3MTYytjS1tDA0MzU0MjIzN1XSUbIwBUo5Oroa54ea%2B4cl5zs6OoWXhSSnhwY4KtUCAHyrDm4%3D

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:40:13 GMT
content-type: text/html
content-length: 1410
vary: Accept-Encoding
set-cookie: ljtrtbexp=eJxlkEsOgDAIBe%2FStQuglI9XM97dWJsoz%2BU8Phk4mrSdvQu5Evetmb1MtjXnWvenzmopN2emz4RyUKwk6gxb5SDgDqzAozoF7BOYF1tG5DbZwVnqvnXB60uCQccAFPTXgD9geKRm5RFf6fMCeDVPKw%3D%3D; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:13 GMT; Max-Age=31536000;Secure;SameSite=None
expires: Fri, 20 Mar 2009 00:00:00 GMT
set-cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:13 GMT; Max-Age=31536000;Secure;SameSite=None
set-cookie: ljtrtb=eJyrVrI0UrJSMjc3MTYytjS1tDA0MzU0MjIzN1XSUbIwBUo5Oroa54ea%2B4cl5zs6OoWXhSSnhwY4KtUCAHyrDm4%3D; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:13 GMT; Max-Age=31536000;Secure;SameSite=None
cache-control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
content-encoding: gzip
GET

https://ce.lijit.com/merge?pid=84&3pid=c:09e3e7b95390c57eaea582f5382fd7f4

chrome.exe

Remote address:

52.48.206.11:443

Request

GET /merge?pid=84&3pid=c:09e3e7b95390c57eaea582f5382fd7f4 HTTP/2.0
host: ce.lijit.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ce.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y
cookie: ljtrtb=eJyrVrI0UrJSMjc3MTYytjS1tDA0MzU0MjIzN1XSUbIwBUo5Oroa54ea%2B4cl5zs6OoWXhSSnhwY4KtUCAHyrDm4%3D
cookie: ljtrtbexp=eJxlkEsOgDAIBe%2FStQuglI9XM97dWJsoz%2BU8Phk4mrSdvQu5Evetmb1MtjXnWvenzmopN2emz4RyUKwk6gxb5SDgDqzAozoF7BOYF1tG5DbZwVnqvnXB60uCQccAFPTXgD9geKRm5RFf6fMCeDVPKw%3D%3D

Response

HTTP/2.0 204

date: Wed, 06 Nov 2024 03:40:14 GMT
vary: Accept-Encoding
x-merge: GDPR Optout true
set-cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:14 GMT; Max-Age=31536000;Secure;SameSite=None
expires: Fri, 20 Mar 2009 00:00:00 GMT
set-cookie: ljtrtb=eJyrVrI0UrJSMjc3MTYytjS1tDA0MzU0MjIzN1XSUbIwBUo5Oroa54ea%2B4cl5zs6OoWXhSSnhwY4KtUCAHyrDm4%3D; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:14 GMT; Max-Age=31536000;Secure;SameSite=None
set-cookie: ljtrtbexp=eJxlkEsOgDAIBe%2FStQuglI9XM97dWJsoz%2BU8Phk4mrSdvQu5Evetmb1MtjXnWvenzmopN2emz4RyUKwk6gxb5SDgDqzAozoF7BOYF1tG5DbZwVnqvnXB60uCQccAFPTXgD9geKRm5RFf6fMCeDVPKw%3D%3D; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:14 GMT; Max-Age=31536000;Secure;SameSite=None
cache-control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
GET

https://ce.lijit.com/merge?pid=102&3pid=d92d9148-6b1e-56c0-a34f-d5683fc0698b

chrome.exe

Remote address:

52.48.206.11:443

Request

GET /merge?pid=102&3pid=d92d9148-6b1e-56c0-a34f-d5683fc0698b HTTP/2.0
host: ce.lijit.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ce.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y
cookie: ljtrtb=eJyrVrI0UrJSMjc3MTYytjS1tDA0MzU0MjIzN1XSUbIwBUo5Oroa54ea%2B4cl5zs6OoWXhSSnhwY4KtUCAHyrDm4%3D
cookie: ljtrtbexp=eJxlkEsOgDAIBe%2FStQuglI9XM97dWJsoz%2BU8Phk4mrSdvQu5Evetmb1MtjXnWvenzmopN2emz4RyUKwk6gxb5SDgDqzAozoF7BOYF1tG5DbZwVnqvnXB60uCQccAFPTXgD9geKRm5RFf6fMCeDVPKw%3D%3D

Response

HTTP/2.0 204

date: Wed, 06 Nov 2024 03:40:14 GMT
vary: Accept-Encoding
x-merge: GDPR Optout true
set-cookie: ljt_reader=Jno7ABZHcfCkY9miSFGVuR2Y; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:14 GMT; Max-Age=31536000;Secure;SameSite=None
expires: Fri, 20 Mar 2009 00:00:00 GMT
set-cookie: ljtrtb=eJyrVrI0UrJSMjc3MTYytjS1tDA0MzU0MjIzN1XSUbIwBUo5Oroa54ea%2B4cl5zs6OoWXhSSnhwY4KtUCAHyrDm4%3D; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:14 GMT; Max-Age=31536000;Secure;SameSite=None
set-cookie: ljtrtbexp=eJxlkEsOgDAIBe%2FStQuglI9XM97dWJsoz%2BU8Phk4mrSdvQu5Evetmb1MtjXnWvenzmopN2emz4RyUKwk6gxb5SDgDqzAozoF7BOYF1tG5DbZwVnqvnXB60uCQccAFPTXgD9geKRm5RFf6fMCeDVPKw%3D%3D; Path=/; Domain=.lijit.com; Expires=Thu, 6 Nov 2025 03:40:14 GMT; Max-Age=31536000;Secure;SameSite=None
cache-control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
GET

https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0015a00003HljHyAAJ&ru=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3D33ACROSS%26ttl%3D720%26uid%3D2f9442d7df2189f76c8b593d5f54ce95%26visitor%3D33XUSERID33X%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

chrome.exe

Remote address:

67.202.105.24:443

Request

GET /ps/?m=xch&rt=html&id=0015a00003HljHyAAJ&ru=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3D33ACROSS%26ttl%3D720%26uid%3D2f9442d7df2189f76c8b593d5f54ce95%26visitor%3D33XUSERID33X%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: ssc-cms.33across.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

x-33x-status: 2000208
server: 33XP015
date: Wed, 06 Nov 2024 03:40:13 GMT
GET

https://csync.loopme.me/?pubid=11480&redirect=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fuid%3D68c72dd412a8d0f3f6d2276db2509939%26name%3DLOOPME%26visitor%3D%7Bdevice_id%7D&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

Request

GET /?pubid=11480&redirect=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fuid%3D68c72dd412a8d0f3f6d2276db2509939%26name%3DLOOPME%26visitor%3D%7Bdevice_id%7D&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: csync.loopme.me
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://visitor.omnitagjs.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: viewer_token=630e474c-39b1-4e7e-971f-617b8538d734

Response

HTTP/2.0 307

set-cookie: viewer_token=630e474c-39b1-4e7e-971f-617b8538d734; path=/; domain=csync.loopme.me; secure; HttpOnly; Expires=Thu, 06-Feb-2025 03:40:14 GMT; SameSite=None
location: https://visitor.omnitagjs.com/visitor/sync?uid=68c72dd412a8d0f3f6d2276db2509939&name=LOOPME&visitor=630e474c-39b1-4e7e-971f-617b8538d734&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1
content-length: 0
date: Wed, 06 Nov 2024 03:40:14 GMT
server: _
GET

https://sync-service.net/ssp?token=0K3iZk8wcIw5&pl=bi&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

Request

GET /ssp?token=0K3iZk8wcIw5&pl=bi&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/1.1
Host: sync-service.net
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://visitor.omnitagjs.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 06 Nov 2024 03:40:14 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: bcc_cookie_id=29ccc1ff30684fb910da4140e3b9d531; path=/; expires=Thu, 06 Nov 2025 03:40:14 GMT; HttpOnly
Location: https://visitor.omnitagjs.com/visitor/sync?name=BIDINFLUENCE&uid=73a6fc4f48ca80f3b6c9454f77a18d8b&visitor=29ccc1ff30684fb910da4140e3b9d531
DNS

gsf-fl.softonic.com

Request

gsf-fl.softonic.com

IN A

Response

gsf-fl.softonic.com

IN CNAME

swls.map.fastly.net

swls.map.fastly.net

IN A

151.101.193.91

swls.map.fastly.net

IN A

151.101.65.91

swls.map.fastly.net

IN A

151.101.129.91

swls.map.fastly.net

IN A

151.101.1.91
GET

https://s.ad.smaato.net/c/?adExInit=sovrn&gdpr=&gdpr_consent=&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D108%263pid%3D%24UID&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

Request

GET /c/?adExInit=sovrn&gdpr=&gdpr_consent=&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D108%263pid%3D%24UID&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: s.ad.smaato.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ce.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

server: CloudFront
date: Wed, 06 Nov 2024 03:40:06 GMT
cache-control: no-cache, must-revalidate
x-cache: Hit from cloudfront
via: 1.1 127feb674de1f66343675c9727fafd6c.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
x-amz-cf-id: PShkwALDi2F9BPenkDVLYygcFSfSVczHArYPAC9L96Za0yU9deSrEQ==
age: 8
GET

https://gsf-fl.softonic.com/8b6/4d8/cc5a321900806269a2d3529b6d742156e6/Mandela_Invasion_v1.4.2.zip?Expires=1730907583&Signature=ad6c025245515a1365eb94c1c322d29979648b3e&url=https://mandela-invasion.en.softonic.com&Filename=Mandela_Invasion_v1.4.2.zip

Request

GET /8b6/4d8/cc5a321900806269a2d3529b6d742156e6/Mandela_Invasion_v1.4.2.zip?Expires=1730907583&Signature=ad6c025245515a1365eb94c1c322d29979648b3e&url=https://mandela-invasion.en.softonic.com&Filename=Mandela_Invasion_v1.4.2.zip HTTP/2.0
host: gsf-fl.softonic.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: rv_prebid_position=151
cookie: rv_test_position=642
cookie: rv_rh_position=0.6
cookie: rv_fp_ad_session_id=88d12145-64c4-4cdf-8dc4-1d33a1ebfa13
cookie: _clck=1uhbk6o%7C2%7Cfqn%7C0%7C1771
cookie: _gcl_au=1.1.1883251844.1730864384
cookie: _adbs=JTdCJTIyaW5zdGFsbGVkJTIyJTNBZmFsc2UlMkMlMjJhY3RpdmUlMjIlM0FmYWxzZSUyQyUyMmxhc3RTdGF0ZSUyMiUzQWZhbHNlJTdE
cookie: euconsent-v2=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA
cookie: didomi_token=eyJ1c2VyX2lkIjoiMTkyZmY4ZTgtYTFhNy02ZDMyLTg1NjgtODljMzgwMWYwNWNjIiwiY3JlYXRlZCI6IjIwMjQtMTEtMDZUMDM6Mzk6NDQuNTM4WiIsInVwZGF0ZWQiOiIyMDI0LTExLTA2VDAzOjM5OjQ2LjE3MloiLCJ2ZW5kb3JzIjp7ImVuYWJsZWQiOlsiZ29vZ2xlIiwiYW1hem9uIiwiYzpncmF2YXRhciIsImM6YmluZy1hZHMiLCJjOmludG93b3dpbi1xYXp0NXRHaSIsImM6c3RpY2t5YWRzIiwiYzphZHZlcnRpc2luZ2NvbSIsImM6aG90amFyIiwiYzp0cmVtb3ItdmlkZW8iLCJjOmJhaWR1LWFkcyIsImM6Z2lneWEtY291bnRlciIsImM6cmFtYmxlciIsImM6Z2lneWEiLCJjOm1hcmtldG8iLCJjOnNla2luZG8iLCJjOmFkc3RpciIsImM6YnJpZ2h0cm9sbCIsImM6YWRhcHR2IiwiYzphZHNjaWVuY2UiLCJjOmFkaW5nbyIsImM6YWR2ZXJzZXJ2ZSIsImM6bGtxZCIsImM6ZXEtYWR2ZXJ0aXNpbmciLCJjOmRpc3F1cyIsImM6c3luYWNvciIsImM6YWRuZXQtbWVkaWEiLCJjOmFkbmV0LW1lZHlhbmV0IiwiYzphZG1vYiIsImM6ZnJvc21vLW9wdGltaXplciIsImM6aW5mZWN0aW91cy1tZWRpYSIsImM6dmlkZW9sb2d5IiwiYzpzbWFydGJpZC1QZkRhRXA4YiIsImM6Ymx1ZWthaSIsImM6Z29vZ2xlYW5hLTRUWG5KaWdSIiwiYzpkaXN0cmljdG0tQllFQUVCbUgiLCJjOnN5c3RlbTEtVVc5NHk4ZlIiLCJjOnJldGFyZ2V0ZWQtYlB3MjNXUnEiLCJjOndlY2FudHJhY2stVlVRckJhVk4iLCJjOmFheGxsYy0zRVJyTFhuUSIsImM6ZW14ZGlnaXRhLUczUVFCaDRRIiwiYzplYmF5LXN0YXRzIiwiYzphZmZpbGluZXQiLCJjOnNjb290YS1FVkN3cnlDZCIsImM6bWljcm9zb2Z0IiwiYzpoYXZhc21lZGktQkFHN3BKRGUiLCJjOmZyYWN0aW9uYWwtbjJqWURGUE4iLCJjOmRpZG9taSJdfSwicHVycG9zZXMiOnsiZW5hYmxlZCI6WyJnZW9sb2NhdGlvbl9kYXRhIiwiZGV2aWNlX2NoYXJhY3RlcmlzdGljcyIsImdlb19hZHMiXX0sInZlcnNpb24iOjIsImFjIjoiREpPQlFBRVlBTElBWFFBMkFCNkFFcUFNQUFZZ0JOd0NoZ0dmQVBOQWU0Qjd3RU9BTkhBZFVBOVVDRFlFUndJa2dTMUFuNEJSVUN3NEZxUU1SQWRPQTZzQjJFRVZBSXpRU0VBazFCTFdDZDRGQkFLRHdVNmdzLUJrbUFBQS5BQUFBIn0=
cookie: rv_google_ppid=565bca3c-352a-4a8b-b04c-cca852f6b9dc
cookie: persistent.fpmUserId=b0c73705-42e9-4158-ab16-ffbe4fbb4326
cookie: session.fpmSessionId=f628e2ba-1e9d-497c-a77c-0aac19b65dad
cookie: __gsas=ID=b7705755fe2f1855:T=1730864387:RT=1730864387:S=ALNI_MbdJlmAzW73n5xBnGa_qEzozLsAOA
cookie: panoramaId_expiry=1730950787449
cookie: AMP_TOKEN=%24NOT_FOUND
cookie: _gid=GA1.2.937552829.1730864387
cookie: _dc_gtm_UA-152357-1=1
cookie: __gads=ID=f70f6c052a03358a:T=1730864387:RT=1730864387:S=ALNI_MYkkQkJB_kYNb62ylfY1XTSyK_Uhw
cookie: __gpi=UID=00000f252dfe42aa:T=1730864387:RT=1730864387:S=ALNI_MZl-v3ZG4VZaiUqnu1yQJ9gLnRVAQ
cookie: __eoi=ID=9330ec229148b1b8:T=1730864387:RT=1730864387:S=AA-AfjZKAT-JIrc_-NT8zvIYzxqJ
cookie: softonic-r2d2-view-state=1
cookie: _gat_UA-152357-1=1
cookie: _fbp=fb.1.1730864403242.717237240466354142
cookie: session.referrerPageId=app_download
cookie: session.pv=3
cookie: rv_fp_pv=3
cookie: _ga_R5K71YRXMV=GS1.1.1730864386.1.1.1730864409.37.0.0
cookie: _wctrck=1730864409456.qFIyZmUCZm18sAYfMzHnfiW4cmUaJl2atmVuwBVjhAdbskVT2yLDeiLTwASbclm1eviTekGyZmUCZm18cDPTKyLDvzSbhCbbsk0ydEGSdn24wAxbYoX4InGqLtGm3DVrMBPDfkGaJl18sySXwA69wtIOJiHvNiSiIn1qtoWqdn2GdmZCtmIOJiKL2CIWIi3GZm0ydoWmZnX4cn4qtoYiZmXitmIOJiKL2yNjYE
cookie: _ga=GA1.2.1213229484.1730864387

Response

HTTP/2.0 200

content-type: application/x-zip
last-modified: Tue, 08 Feb 2022 04:08:41 GMT
etag: "5eb2d249db478c30ea2a6a872328f9a3-51"
via: 1.1 db50275fc6a3d1f557e22016322e2ba2.cloudfront.net (CloudFront), 1.1 varnish, 1.1 varnish
x-amz-cf-pop: IAD12-P2
x-amz-cf-id: i6sNKAwC9CyzdpC_Mt-5uMtQqq0NTonF6ePg5maqbQxRulfM45GkSw==
accept-ranges: bytes
age: 5
date: Wed, 06 Nov 2024 03:40:18 GMT
x-served-by: cache-iad-kcgs7200094-IAD, cache-lon4246-LON
x-cache: Miss from cloudfront, HIT, MISS
x-cache-hits: 0, 0
x-timer: S1730864414.086195,VS0,VE4837
x-fastly-version: 80, 80
content-length: 266727340
GET

https://aax-eu.amazon-adsystem.com/s/x/ae12848777b41970a5f2?gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

Request

GET /s/x/ae12848777b41970a5f2?gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/1.1
Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ce.lijit.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8; ad-privacy=0

Response

HTTP/1.1 200 OK

Server: Server
Date: Wed, 06 Nov 2024 03:40:14 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 64
Connection: keep-alive
x-amz-rid: QA5X9GDPZM6NQJ9JTM7P
Set-Cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8; Domain=.amazon-adsystem.com; Expires=Tue, 01-Jul-2025 03:40:14 GMT; Path=/; Secure; HttpOnly; SameSite=None
Set-Cookie: ad-privacy=0; Domain=.amazon-adsystem.com; Expires=Tue, 01-Jan-2030 03:40:14 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
GET

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=sovrn&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

Request

GET /exchange/sync.php?p=sovrn&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/1.1
Host: pixel-us-east.rubiconproject.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ce.lijit.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 20e8391fc78a9019eb67dba4b22f0ac2
Content-Type: image/gif
GET

https://sync.serverbid.com/syncs/audio.html?gdpr={{.GDPR}}&gdpr_consent={{.GDPRConsent}}&us_privacy={{.USPrivacy}}&gpp={{.GPP}}&gpp_sid={{.GPPSID}}&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

Request

GET /syncs/audio.html?gdpr={{.GDPR}}&gdpr_consent={{.GDPRConsent}}&us_privacy={{.USPrivacy}}&gpp={{.GPP}}&gpp_sid={{.GPPSID}}&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: sync.serverbid.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ce.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/html
content-length: 79
last-modified: Tue, 05 Dec 2023 20:33:24 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Tue, 05 Nov 2024 20:53:19 GMT
etag: "f4efd6c3fb6ff75c0c266c1967109d39"
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 77007e8fa31c6833ee40a227e9348a6a.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P4
x-amz-cf-id: onzjQXI97NU2r2I75zL6KH6MslbUUFm7jkDwoo3Je12ueB1lCEMlyA==
age: 24416
GET

https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

Request

GET /exchange/sync.php?p=sovrn-onscroll&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/1.1
Host: pixel-eu.rubiconproject.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ce.lijit.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 69db7c5e2f600e97f8860add7135fe1e
Content-Type: image/gif
GET

https://c21lg-d.media.net/log?logid=kfk&evtid=cs&del=1&vsid=3738659910494091000V10&origin=1&flt=0&pvgid[]=data-p&pvgid[]=data-b&pvgid[]=data-t&pvgid[]=data-sov&pvgid[]=data-r1&pvgid[]=data-pb&pvgid[]=data-k&pvgid[]=data-tx&pvgid[]=data-ct&pvgid[]=data-xu

Request

GET /log?logid=kfk&evtid=cs&del=1&vsid=3738659910494091000V10&origin=1&flt=0&pvgid[]=data-p&pvgid[]=data-b&pvgid[]=data-t&pvgid[]=data-sov&pvgid[]=data-r1&pvgid[]=data-pb&pvgid[]=data-k&pvgid[]=data-tx&pvgid[]=data-ct&pvgid[]=data-xu HTTP/1.1
Host: c21lg-d.media.net
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://contextual.media.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: visitor-id=3738659910494091000V10; data-g=CAESEIX401_NKXS-u7-kU4MVVmw~~8

Response

HTTP/1.1 200 OK

Content-Type: image/gif
Access-Control-Allow-Origin: *
Content-Length: 35
Expires: Wed, 06 Nov 2024 03:40:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 06 Nov 2024 03:40:14 GMT
Connection: keep-alive
POST

https://id5-sync.com/gm/v3

Request

POST /gm/v3 HTTP/2.0
host: id5-sync.com
content-length: 1369
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://en.softonic.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: 3pi=
cookie: cf=gif
cookie: cip=691
cookie: cnac=7
cookie: car=2
cookie: gdpr=1|CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA
cookie: id5=b1deb64a-8c9e-791c-a947-543182303f20#1730864387199#3

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:40:14 GMT
p3p: CP="CAO PSA OUR"
set-cookie: id5=b1deb64a-8c9e-791c-a947-543182303f20#1730864387199#4; Path=/; Domain=id5-sync.com; Expires=Tue, 4 Feb 2025 03:40:14 GMT; Max-Age=7776000; SameSite=None; Secure
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin: https://en.softonic.com
vary: Origin
access-control-allow-credentials: true
content-type: application/json
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://id5-sync.com/i/691/8.gif?o=api&id5id=ID5*04uYIcTXfqc9hh5fxU-DPsmq8vNvqFHygg74TYxx4Q3WAxVQcir0Ygr09NnfvUL21gLuM4yYTrfCdhX5JW1l09YGqyZs66TZMq4JW6FBdCTWCazpZ7MQbmKu16K_x1DF1hSdhKrHuqtSERm3ctWVpdYc6JVGx6NEKUI1OHE3rBvWILrl9ykS_ca1DY1INyU01jCx9zDWeDwHmzNpJgYHQNY-OEZpHGUItCUEgp24DF3WQFGXAnSbFvNBkr4kb-zP1konzdGSSa0hicUip9XHVtZMrirpbXrbI2hIVe4ubzI&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=true

Request

GET /i/691/8.gif?o=api&id5id=ID5*04uYIcTXfqc9hh5fxU-DPsmq8vNvqFHygg74TYxx4Q3WAxVQcir0Ygr09NnfvUL21gLuM4yYTrfCdhX5JW1l09YGqyZs66TZMq4JW6FBdCTWCazpZ7MQbmKu16K_x1DF1hSdhKrHuqtSERm3ctWVpdYc6JVGx6NEKUI1OHE3rBvWILrl9ykS_ca1DY1INyU01jCx9zDWeDwHmzNpJgYHQNY-OEZpHGUItCUEgp24DF3WQFGXAnSbFvNBkr4kb-zP1konzdGSSa0hicUip9XHVtZMrirpbXrbI2hIVe4ubzI&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=true HTTP/2.0
host: id5-sync.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: 3pi=
cookie: cf=gif
cookie: cip=691
cookie: cnac=7
cookie: car=2
cookie: gdpr=1|CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA
cookie: id5=b1deb64a-8c9e-791c-a947-543182303f20#1730864387199#4

Response

HTTP/2.0 302

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: id5=b1deb64a-8c9e-791c-a947-543182303f20#1730864387199#5; Max-Age=7776000; Expires=Tue, 04-Feb-2025 03:40:14 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: 3pi=; Max-Age=7776000; Expires=Tue, 04-Feb-2025 03:40:14 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cf=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cip=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cnac=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: car=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gdpr=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gpp=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: callback=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
location: https://ice.360yield.com/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-ae70djnRto9osU53oSwve0Rd4t1G_uMw4FdcPp9OHA&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F691%2F124%2F7%2F2.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA
date: Wed, 06 Nov 2024 03:40:13 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://id5-sync.com/cq/691/124/7/2.gif?puid=f0da56e6-8ab0-4f1a-9894-7866974b49cf&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

Request

GET /cq/691/124/7/2.gif?puid=f0da56e6-8ab0-4f1a-9894-7866974b49cf&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: id5-sync.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: 3pi=
cookie: id5=b1deb64a-8c9e-791c-a947-543182303f20#1730864387199#5

Response

HTTP/2.0 302

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: 3pi=124#1730864415232#1631958495; Max-Age=7776000; Expires=Tue, 04-Feb-2025 03:40:15 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cf=gif; Max-Age=300; Expires=Wed, 06-Nov-2024 03:45:15 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cip=691; Max-Age=300; Expires=Wed, 06-Nov-2024 03:45:15 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cnac=6; Max-Age=300; Expires=Wed, 06-Nov-2024 03:45:15 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: car=3; Max-Age=300; Expires=Wed, 06-Nov-2024 03:45:15 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gdpr=1|CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA; Max-Age=300; Expires=Wed, 06-Nov-2024 03:45:15 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gpp=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: callback=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA
date: Wed, 06 Nov 2024 03:40:15 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://token.rubiconproject.com/khaos.json?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

Request

GET /khaos.json?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1 HTTP/1.1
Host: token.rubiconproject.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Origin: https://eus.rubiconproject.com
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://eus.rubiconproject.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 679a29ceeaceebfd6e7691896e630e16
access-control-allow-credentials: true
access-control-allow-origin: https://eus.rubiconproject.com
content-type: application/json; charset=UTF-8
content-length: 7
DNS

ice.360yield.com

Request

ice.360yield.com

IN A

Response

ice.360yield.com

IN CNAME

euw-ice.360yield.com

euw-ice.360yield.com

IN A

52.17.50.21

euw-ice.360yield.com

IN A

52.214.176.63

euw-ice.360yield.com

IN A

52.213.90.221

euw-ice.360yield.com

IN A

52.214.91.61

euw-ice.360yield.com

IN A

54.155.87.110

euw-ice.360yield.com

IN A

54.76.209.116

euw-ice.360yield.com

IN A

54.195.0.129

euw-ice.360yield.com

IN A

54.194.28.184
GET

https://ice.360yield.com/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-ae70djnRto9osU53oSwve0Rd4t1G_uMw4FdcPp9OHA&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F691%2F124%2F7%2F2.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

Request

GET /match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-ae70djnRto9osU53oSwve0Rd4t1G_uMw4FdcPp9OHA&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F691%2F124%2F7%2F2.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA HTTP/2.0
host: ice.360yield.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://en.softonic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: tuuid=f0da56e6-8ab0-4f1a-9894-7866974b49cf
cookie: tuuid_lu=1730864402

Response

HTTP/2.0 302

date: Wed, 06 Nov 2024 03:40:15 GMT
content-type: text/plain
content-length: 0
location: https://id5-sync.com/cq/691/124/7/2.gif?puid=f0da56e6-8ab0-4f1a-9894-7866974b49cf&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA
access-control-allow-origin: *
set-cookie: um=!313,Y1524D0wZlgVXVDIMPCOuKRH3WkynCRYou8baAtsZEQ0FokKcDAeG40z0aTU12hi5DMYRcTU9GxnN6Um,1738640415; Expires=Tue, 04 Feb 2025 03:40:15 GMT; Domain=.360yield.com; Path=/; SameSite=None; Secure; HttpOnly
set-cookie: umeh=!313,0,1793072415,-1; Expires=Tue, 04 Feb 2025 03:40:15 GMT; Domain=.360yield.com; Path=/; SameSite=None; Secure; HttpOnly
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
DNS

adclick.g.doubleclick.net

Request

adclick.g.doubleclick.net

IN A

Response

adclick.g.doubleclick.net

IN A

216.58.201.98
GET

https://adclick.g.doubleclick.net/pcs/click%3Fxai%3DAKAOjssL4AhZ_vR_-Ppqo_xER1GpY8xTYVGAT-NTgQpw1SKl_DxsOkTg9lR5WdnuNRouLC_-MDfXViIicja4WETgBGdwLwRNu1wChilsi_PzGR1IwqpNuoIBYAeJLCkD1OpIZTEEsqWy6gllbfQ7qhhNnQ_5g4ffyA6Ffp0-EckyrPhuOKte07MQnHcoloXmflujgWGsmch7RqGgAg3QzD3K4Kad0GwCxci1ItuYAhvUTVyaNIqAJmst9tjLXNGXkKzlEPGkOwy7j31ToD__xxIGLuTsFdOfOwW3s3eLKWXtI1DhJjMWzgNiGuxlmB0_3vnLgMWlMpplrwNHz7oxJQ4wbLmuvBVfkBalAe2S77fBbca99g1O9S4IxqZw_cvqUkpEtoH89sFYkrFwKNg1vCPITr432OZkLqtpG8hsVreVhfZ3Z7c5YKwLqjB1t6z7i8qIAoOL2vnJ8RGMzEYQGEpGUQGmtstaXsZ8qzo%26sai%3DAMfl-YTkMoac64U_VpNZj_rNYUkfTrztgjzXBi98G5NVZZW-C2bZknB0sA3fcmsNCOBI9YDuJ2NERNjtCnb9Xv8pxXx4f2Jar3Ga6kw-g0Kgw9DDhrBa17Js1860-5FWn9BeVrPpsUTKYCKGt7KdtxBQ%26sig%3DCg0ArKJSzPBRIPUR6GULEAE%26fbs_aeid%3D%255Bgw_fbsaeid%255D%26urlfix%3D1%26adurl%3Dhttps://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCG3hcGuUqZ46WKtWw2fcPm8Pc6AqgseC3YJOdrOfuDMCNtwEQASAAYLu-roPQCoIBF2NhLXB1Yi04MTMyODQ0OTQ5NDIxOTM2yAEJ4AIAqAMByAMCqgT8Ak_QcGk8_teSic-pe5lgxP0_CorClQau2dtzg-jt8WO3V6Xvf51d1xlt0zWSujX6WMNn45LaKRcJx3QY-pmozDIOsH9nBCylDz-JqtLmOBgzjtZ7TD9BU1aZmSE8jyW_u_oW-Fa4knDm6gEffaKM_yj-Nt0jG8Lfn3s0QFoSBvN66q6-lmdDgnxudBknMPmsYbiK2f7jJbGabj0x2d61xW6eIJyCtkStqUkM9xYrbBSqy4_AOPkk4MFjl3GvdEiVnHMLh24nLCV2t6lNLgUO_ZUggvBTwkCccRR0yAUlTMml4KpS51nzWKoEQXKv5QZw_qcXmvAgBM9KZbeDNigt1E-r_5Wn6ejL6FNkNRELIA9CLF-kDgYKr8_x6dBE8RONFRpa_S8u1PNOM8I2enpdDla40OikYcn_01EKzrXez3MKlsdYEja-QQGBl5VfL4VWLSxFGKcjXRJqhR8YG8EM7tZkPMULfmZLtS5htLizoIDJn91bKRLOB5Ww2JuH4AQBgAa_892W3ofk_HWgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggsCIDhgBAQATIHqoKA4J-AAToMgMADgICEgICUruADSL39wTpY4ObnsuTGiQP6CwIIAYAMAeINEwjPruiy5MaJAxVVWPYIHZshF63qDRMI4ZjpsuTGiQMVVVj2CB2bIRet0BUBgBcBshcCGAw%26num%3D1%26sig%3DAOD64_29dw9EzCaK_fT2XUhbTeYxEJGmkQ%26client%3Dca-pub-8132844949421936%26adurl%3Dhttps%3A%2F%2Frtb.searchsetting.com%2Fapp%2Frtbclick%3Fp%3DeHtFB03dVeF2_Kjx04h4ClO17qojHknAT2CTCm3P5TxbC7U30TJp2cOJ7vsgfC4ZNw-Rt_WPCUZYWp40gj4q0HL89mOH6i5FZ9djpDVIMZniKrwl4b-QFgqNREi8SR5NDbUoXrividJ_RZtPmoBjPNjKtRczJopCRPSHxfIbjOsFyusNrGHiwLTbRwrkbCcmbXBhFjmKw0JLVfigMJUrFbXk7RFDCurscn8MRRRujA8ZGjynTJMXvSYKJw-9NYwGVttKDQ6nqqn4WI8m85nnvxh83ysbbtsnrw309uST2zsEeJi9OO2I0FpnJKIJ2tV52Mq1FzMmikLsX4BiQV5bAGiP3kMbl4skvH1hiYXY1uAA48aHetuB0Pda3NbdYDel4KgbCjGx319FXbg7adSqFdYBadozPahxVGGO022OJPxYNs_h_dViUnIk-I5sW0_lUZlfGCaFHcg3P5BTS1B7GNLWyNNIN2_GI5yUYNKa6_9g0R1huLlliAlxsKB_LBxyDMWDEcIrEsluFClVyyFIA6tqCJWlIXuPiXimj-ytXsIJhccXI35do1o0ZQWr8yGfTnmBlX7ANpPcS12NHHdHqUf3uiJwzXxp1StMGW5Glm6eUdaZf__tAEhfs9IVa7UGhWO1CThYa57CHcMwSPELCo5wSmQCoGbDT6fGUO9OT511-z9ZcIdyD7WAE0F8xhp97MknbnV_6oBEgtO9XhhvraSHch0LvGYC_95z8D9wFKtln9XjM_iN4ZpUFJhiFvwTXf0IT5V8Zg3wN0c86X7ce4GEkEbbBCWx4aSYS5H6nBvK6hrwpuuId3eEpr7xGHEeTFm7oGo_JtEdYG5z0GGiJLlDekmI3yXXVMJfQUxTRmvCVT2jRDJntjVTG21svOJs1o-RxrxDYGYuwFPaFOOBI8d2Ioj2x2CVEH-oJUpmCHDymXvYok-cQwTbJKh7HYVGxfgN4GqbId2vhZqIJ1NOm4iLzNeaZZVtlVgbhj_Km2_714nWNeI1jPZl4oui10v56OCcdR9esCVcc9c6xUj0qYjp5C_dYmXAJ9a5v06CZhPKS3oyal67y8d2Ioj2x2CVEH-oJUpmCHADgGcm8WAF7vcjgcFVcPGzBYOGBQvhhoSrG90kzkTm2aYmHNvbu13t83UFLmcnPEl6Nzq28RS16QtMvfrLQcpZ0gsGRv65JEY7gCdb73lZt1qJXq8igHRzwb_-lV5QNSwlsqoZyyXiX8TUWVwnhfW9S1cqcIXy1ViqKXbIIjmwCczL8mZX3rzt9szGrZntFXle_71utToi_onqdBaW_dM3Ad1Zr2I07AgoHo64XafBwL4Q0B-M7iNJ%26cap%3DZyrlGgAKiw4I9lhVABchm0K4LW_QpCvprEuYDQ

Request

GET /pcs/click%3Fxai%3DAKAOjssL4AhZ_vR_-Ppqo_xER1GpY8xTYVGAT-NTgQpw1SKl_DxsOkTg9lR5WdnuNRouLC_-MDfXViIicja4WETgBGdwLwRNu1wChilsi_PzGR1IwqpNuoIBYAeJLCkD1OpIZTEEsqWy6gllbfQ7qhhNnQ_5g4ffyA6Ffp0-EckyrPhuOKte07MQnHcoloXmflujgWGsmch7RqGgAg3QzD3K4Kad0GwCxci1ItuYAhvUTVyaNIqAJmst9tjLXNGXkKzlEPGkOwy7j31ToD__xxIGLuTsFdOfOwW3s3eLKWXtI1DhJjMWzgNiGuxlmB0_3vnLgMWlMpplrwNHz7oxJQ4wbLmuvBVfkBalAe2S77fBbca99g1O9S4IxqZw_cvqUkpEtoH89sFYkrFwKNg1vCPITr432OZkLqtpG8hsVreVhfZ3Z7c5YKwLqjB1t6z7i8qIAoOL2vnJ8RGMzEYQGEpGUQGmtstaXsZ8qzo%26sai%3DAMfl-YTkMoac64U_VpNZj_rNYUkfTrztgjzXBi98G5NVZZW-C2bZknB0sA3fcmsNCOBI9YDuJ2NERNjtCnb9Xv8pxXx4f2Jar3Ga6kw-g0Kgw9DDhrBa17Js1860-5FWn9BeVrPpsUTKYCKGt7KdtxBQ%26sig%3DCg0ArKJSzPBRIPUR6GULEAE%26fbs_aeid%3D%255Bgw_fbsaeid%255D%26urlfix%3D1%26adurl%3Dhttps://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCG3hcGuUqZ46WKtWw2fcPm8Pc6AqgseC3YJOdrOfuDMCNtwEQASAAYLu-roPQCoIBF2NhLXB1Yi04MTMyODQ0OTQ5NDIxOTM2yAEJ4AIAqAMByAMCqgT8Ak_QcGk8_teSic-pe5lgxP0_CorClQau2dtzg-jt8WO3V6Xvf51d1xlt0zWSujX6WMNn45LaKRcJx3QY-pmozDIOsH9nBCylDz-JqtLmOBgzjtZ7TD9BU1aZmSE8jyW_u_oW-Fa4knDm6gEffaKM_yj-Nt0jG8Lfn3s0QFoSBvN66q6-lmdDgnxudBknMPmsYbiK2f7jJbGabj0x2d61xW6eIJyCtkStqUkM9xYrbBSqy4_AOPkk4MFjl3GvdEiVnHMLh24nLCV2t6lNLgUO_ZUggvBTwkCccRR0yAUlTMml4KpS51nzWKoEQXKv5QZw_qcXmvAgBM9KZbeDNigt1E-r_5Wn6ejL6FNkNRELIA9CLF-kDgYKr8_x6dBE8RONFRpa_S8u1PNOM8I2enpdDla40OikYcn_01EKzrXez3MKlsdYEja-QQGBl5VfL4VWLSxFGKcjXRJqhR8YG8EM7tZkPMULfmZLtS5htLizoIDJn91bKRLOB5Ww2JuH4AQBgAa_892W3ofk_HWgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggsCIDhgBAQATIHqoKA4J-AAToMgMADgICEgICUruADSL39wTpY4ObnsuTGiQP6CwIIAYAMAeINEwjPruiy5MaJAxVVWPYIHZshF63qDRMI4ZjpsuTGiQMVVVj2CB2bIRet0BUBgBcBshcCGAw%26num%3D1%26sig%3DAOD64_29dw9EzCaK_fT2XUhbTeYxEJGmkQ%26client%3Dca-pub-8132844949421936%26adurl%3Dhttps%3A%2F%2Frtb.searchsetting.com%2Fapp%2Frtbclick%3Fp%3DeHtFB03dVeF2_Kjx04h4ClO17qojHknAT2CTCm3P5TxbC7U30TJp2cOJ7vsgfC4ZNw-Rt_WPCUZYWp40gj4q0HL89mOH6i5FZ9djpDVIMZniKrwl4b-QFgqNREi8SR5NDbUoXrividJ_RZtPmoBjPNjKtRczJopCRPSHxfIbjOsFyusNrGHiwLTbRwrkbCcmbXBhFjmKw0JLVfigMJUrFbXk7RFDCurscn8MRRRujA8ZGjynTJMXvSYKJw-9NYwGVttKDQ6nqqn4WI8m85nnvxh83ysbbtsnrw309uST2zsEeJi9OO2I0FpnJKIJ2tV52Mq1FzMmikLsX4BiQV5bAGiP3kMbl4skvH1hiYXY1uAA48aHetuB0Pda3NbdYDel4KgbCjGx319FXbg7adSqFdYBadozPahxVGGO022OJPxYNs_h_dViUnIk-I5sW0_lUZlfGCaFHcg3P5BTS1B7GNLWyNNIN2_GI5yUYNKa6_9g0R1huLlliAlxsKB_LBxyDMWDEcIrEsluFClVyyFIA6tqCJWlIXuPiXimj-ytXsIJhccXI35do1o0ZQWr8yGfTnmBlX7ANpPcS12NHHdHqUf3uiJwzXxp1StMGW5Glm6eUdaZf__tAEhfs9IVa7UGhWO1CThYa57CHcMwSPELCo5wSmQCoGbDT6fGUO9OT511-z9ZcIdyD7WAE0F8xhp97MknbnV_6oBEgtO9XhhvraSHch0LvGYC_95z8D9wFKtln9XjM_iN4ZpUFJhiFvwTXf0IT5V8Zg3wN0c86X7ce4GEkEbbBCWx4aSYS5H6nBvK6hrwpuuId3eEpr7xGHEeTFm7oGo_JtEdYG5z0GGiJLlDekmI3yXXVMJfQUxTRmvCVT2jRDJntjVTG21svOJs1o-RxrxDYGYuwFPaFOOBI8d2Ioj2x2CVEH-oJUpmCHDymXvYok-cQwTbJKh7HYVGxfgN4GqbId2vhZqIJ1NOm4iLzNeaZZVtlVgbhj_Km2_714nWNeI1jPZl4oui10v56OCcdR9esCVcc9c6xUj0qYjp5C_dYmXAJ9a5v06CZhPKS3oyal67y8d2Ioj2x2CVEH-oJUpmCHADgGcm8WAF7vcjgcFVcPGzBYOGBQvhhoSrG90kzkTm2aYmHNvbu13t83UFLmcnPEl6Nzq28RS16QtMvfrLQcpZ0gsGRv65JEY7gCdb73lZt1qJXq8igHRzwb_-lV5QNSwlsqoZyyXiX8TUWVwnhfW9S1cqcIXy1ViqKXbIIjmwCczL8mZX3rzt9szGrZntFXle_71utToi_onqdBaW_dM3Ad1Zr2I07AgoHo64XafBwL4Q0B-M7iNJ%26cap%3DZyrlGgAKiw4I9lhVABchm0K4LW_QpCvprEuYDQ HTTP/2.0
host: adclick.g.doubleclick.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "0.1.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
x-client-data: CJKMywE=
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://04bad0e059b40130318c69ce114f650e.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: IDE=AHWqTUlUcXQCODVfbC40oKw8_zx494c1xEE8stfUjtZOVun_iN7rCWg-27PiFflxf5I
cookie: DSID=NO_DATA
DNS

rtb.searchsetting.com

Request

rtb.searchsetting.com

IN A

Response

rtb.searchsetting.com

IN A

172.67.218.56

rtb.searchsetting.com

IN A

104.21.94.15
GET

https://rtb.searchsetting.com/app/rtbclick?p=eHtFB03dVeF2_Kjx04h4ClO17qojHknAT2CTCm3P5TxbC7U30TJp2cOJ7vsgfC4ZNw-Rt_WPCUZYWp40gj4q0HL89mOH6i5FZ9djpDVIMZniKrwl4b-QFgqNREi8SR5NDbUoXrividJ_RZtPmoBjPNjKtRczJopCRPSHxfIbjOsFyusNrGHiwLTbRwrkbCcmbXBhFjmKw0JLVfigMJUrFbXk7RFDCurscn8MRRRujA8ZGjynTJMXvSYKJw-9NYwGVttKDQ6nqqn4WI8m85nnvxh83ysbbtsnrw309uST2zsEeJi9OO2I0FpnJKIJ2tV52Mq1FzMmikLsX4BiQV5bAGiP3kMbl4skvH1hiYXY1uAA48aHetuB0Pda3NbdYDel4KgbCjGx319FXbg7adSqFdYBadozPahxVGGO022OJPxYNs_h_dViUnIk-I5sW0_lUZlfGCaFHcg3P5BTS1B7GNLWyNNIN2_GI5yUYNKa6_9g0R1huLlliAlxsKB_LBxyDMWDEcIrEsluFClVyyFIA6tqCJWlIXuPiXimj-ytXsIJhccXI35do1o0ZQWr8yGfTnmBlX7ANpPcS12NHHdHqUf3uiJwzXxp1StMGW5Glm6eUdaZf__tAEhfs9IVa7UGhWO1CThYa57CHcMwSPELCo5wSmQCoGbDT6fGUO9OT511-z9ZcIdyD7WAE0F8xhp97MknbnV_6oBEgtO9XhhvraSHch0LvGYC_95z8D9wFKtln9XjM_iN4ZpUFJhiFvwTXf0IT5V8Zg3wN0c86X7ce4GEkEbbBCWx4aSYS5H6nBvK6hrwpuuId3eEpr7xGHEeTFm7oGo_JtEdYG5z0GGiJLlDekmI3yXXVMJfQUxTRmvCVT2jRDJntjVTG21svOJs1o-RxrxDYGYuwFPaFOOBI8d2Ioj2x2CVEH-oJUpmCHDymXvYok-cQwTbJKh7HYVGxfgN4GqbId2vhZqIJ1NOm4iLzNeaZZVtlVgbhj_Km2_714nWNeI1jPZl4oui10v56OCcdR9esCVcc9c6xUj0qYjp5C_dYmXAJ9a5v06CZhPKS3oyal67y8d2Ioj2x2CVEH-oJUpmCHADgGcm8WAF7vcjgcFVcPGzBYOGBQvhhoSrG90kzkTm2aYmHNvbu13t83UFLmcnPEl6Nzq28RS16QtMvfrLQcpZ0gsGRv65JEY7gCdb73lZt1qJXq8igHRzwb_-lV5QNSwlsqoZyyXiX8TUWVwnhfW9S1cqcIXy1ViqKXbIIjmwCczL8mZX3rzt9szGrZntFXle_71utToi_onqdBaW_dM3Ad1Zr2I07AgoHo64XafBwL4Q0B-M7iNJ&cap=ZyrlGgAKiw4I9lhVABchm0K4LW_QpCvprEuYDQ&gclid=EAIaIQobChMIjovqsuTGiQMVVVj2CB2bIRetEAEYASAAEgLKUPD_BwE

Request

GET /app/rtbclick?p=eHtFB03dVeF2_Kjx04h4ClO17qojHknAT2CTCm3P5TxbC7U30TJp2cOJ7vsgfC4ZNw-Rt_WPCUZYWp40gj4q0HL89mOH6i5FZ9djpDVIMZniKrwl4b-QFgqNREi8SR5NDbUoXrividJ_RZtPmoBjPNjKtRczJopCRPSHxfIbjOsFyusNrGHiwLTbRwrkbCcmbXBhFjmKw0JLVfigMJUrFbXk7RFDCurscn8MRRRujA8ZGjynTJMXvSYKJw-9NYwGVttKDQ6nqqn4WI8m85nnvxh83ysbbtsnrw309uST2zsEeJi9OO2I0FpnJKIJ2tV52Mq1FzMmikLsX4BiQV5bAGiP3kMbl4skvH1hiYXY1uAA48aHetuB0Pda3NbdYDel4KgbCjGx319FXbg7adSqFdYBadozPahxVGGO022OJPxYNs_h_dViUnIk-I5sW0_lUZlfGCaFHcg3P5BTS1B7GNLWyNNIN2_GI5yUYNKa6_9g0R1huLlliAlxsKB_LBxyDMWDEcIrEsluFClVyyFIA6tqCJWlIXuPiXimj-ytXsIJhccXI35do1o0ZQWr8yGfTnmBlX7ANpPcS12NHHdHqUf3uiJwzXxp1StMGW5Glm6eUdaZf__tAEhfs9IVa7UGhWO1CThYa57CHcMwSPELCo5wSmQCoGbDT6fGUO9OT511-z9ZcIdyD7WAE0F8xhp97MknbnV_6oBEgtO9XhhvraSHch0LvGYC_95z8D9wFKtln9XjM_iN4ZpUFJhiFvwTXf0IT5V8Zg3wN0c86X7ce4GEkEbbBCWx4aSYS5H6nBvK6hrwpuuId3eEpr7xGHEeTFm7oGo_JtEdYG5z0GGiJLlDekmI3yXXVMJfQUxTRmvCVT2jRDJntjVTG21svOJs1o-RxrxDYGYuwFPaFOOBI8d2Ioj2x2CVEH-oJUpmCHDymXvYok-cQwTbJKh7HYVGxfgN4GqbId2vhZqIJ1NOm4iLzNeaZZVtlVgbhj_Km2_714nWNeI1jPZl4oui10v56OCcdR9esCVcc9c6xUj0qYjp5C_dYmXAJ9a5v06CZhPKS3oyal67y8d2Ioj2x2CVEH-oJUpmCHADgGcm8WAF7vcjgcFVcPGzBYOGBQvhhoSrG90kzkTm2aYmHNvbu13t83UFLmcnPEl6Nzq28RS16QtMvfrLQcpZ0gsGRv65JEY7gCdb73lZt1qJXq8igHRzwb_-lV5QNSwlsqoZyyXiX8TUWVwnhfW9S1cqcIXy1ViqKXbIIjmwCczL8mZX3rzt9szGrZntFXle_71utToi_onqdBaW_dM3Ad1Zr2I07AgoHo64XafBwL4Q0B-M7iNJ&cap=ZyrlGgAKiw4I9lhVABchm0K4LW_QpCvprEuYDQ&gclid=EAIaIQobChMIjovqsuTGiQMVVVj2CB2bIRetEAEYASAAEgLKUPD_BwE HTTP/2.0
host: rtb.searchsetting.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
referer: https://04bad0e059b40130318c69ce114f650e.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Wed, 06 Nov 2024 03:40:17 GMT
content-length: 0
location: https://get.searchsetting.com/offer?cid=10706&pclid=55176880&ctag=3477315695&pubd=https%3A%2F%2Fen.softonic.com%2Fdownload%2Fmandela-invasion%2Fwindows%2Fpost-download&utm_campaign=110274&crid=3839&cr_gid=277
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=35DOFncBmsZ9ag%2F0vkD2tzQ317ALjM%2BylfWSHs6fWhOd5ZthC26cgofpc1Z%2BF5yEMfjq0bjA4Svc9paljgNKkBwNOAjZVL7V9UNyLQxbDilq7xtmYCHGMxtwiZreRoB1nbklEsnRPDI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8de20fad5f4993e2-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20496&sent=7&recv=9&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2409&delivery_rate=132791&cwnd=252&unsent_bytes=0&cid=fa0134affdcfb494&ts=286&x=0"
GET

https://get.searchsetting.com/offer?cid=10706&pclid=55176880&ctag=3477315695&pubd=https%3A%2F%2Fen.softonic.com%2Fdownload%2Fmandela-invasion%2Fwindows%2Fpost-download&utm_campaign=110274&crid=3839&cr_gid=277

Request

GET /offer?cid=10706&pclid=55176880&ctag=3477315695&pubd=https%3A%2F%2Fen.softonic.com%2Fdownload%2Fmandela-invasion%2Fwindows%2Fpost-download&utm_campaign=110274&crid=3839&cr_gid=277 HTTP/2.0
host: get.searchsetting.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
referer: https://04bad0e059b40130318c69ce114f650e.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:40:18 GMT
content-type: text/html; charset=utf-8
x-powered-by: Express
set-cookie: visitCounter=1; Max-Age=31536000; Domain=searchsetting.com; Path=/; Expires=Thu, 06 Nov 2025 03:40:18 GMT; Secure; SameSite=None
vary: Accept-Encoding
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7117poly9uqgtzL7bZwNvqH1%2FU7T8%2F9z6DhSPGrJ9U0eQqKJZNwV2Vz8opH%2BQWdd2aHDhrXPTzY1PxJXdNjUEy1LGuv3Cv0S30GDcciMWivK5ecsLTIRpJ0r9POKGzL2yINh0dyjaZQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8de20fb0e92093e2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20496&sent=10&recv=11&lost=0&retrans=1&sent_bytes=4251&recv_bytes=2610&delivery_rate=132791&cwnd=254&unsent_bytes=0&cid=fa0134affdcfb494&ts=1360&x=0"
DNS

get.searchsetting.com

Request

get.searchsetting.com

IN A

Response

get.searchsetting.com

IN A

104.21.94.15

get.searchsetting.com

IN A

172.67.218.56
GET

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&id=ZyrlBbmqPkgAAGCeAgrT-wAAE7oAAAAB&gpp=&gpp_sid=

Request

GET /dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&id=ZyrlBbmqPkgAAGCeAgrT-wAAE7oAAAAB&gpp=&gpp_sid= HTTP/1.1
Host: s.amazon-adsystem.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://ssum-sec.casalemedia.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8; ad-privacy=0

Response

HTTP/1.1 200 OK

Server: Server
Date: Wed, 06 Nov 2024 03:40:17 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: 2QMPGX42M8ZED6RTWJ73
Set-Cookie: ad-id=A3Inu0vO0E4ll33NxCO2Kh8; Domain=.amazon-adsystem.com; Expires=Tue, 01-Jul-2025 03:40:17 GMT; Path=/; Secure; HttpOnly; SameSite=None
Set-Cookie: ad-privacy=0; Domain=.amazon-adsystem.com; Expires=Tue, 01-Jan-2030 03:40:17 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
DNS

stats.securebrowser.com

Request

stats.securebrowser.com

IN A

Response

stats.securebrowser.com

IN A

104.20.86.8

stats.securebrowser.com

IN A

104.20.87.8
POST

https://stats.securebrowser.com/

Request

POST / HTTP/1.1
Content-Type: application/json
User-Agent: Debug NSIS Plugin/1.0.x.x
Host: stats.securebrowser.com
Content-Length: 331
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Wed, 06 Nov 2024 03:40:18 GMT
Content-Type: text/plain;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
Server: cloudflare
CF-RAY: 8de20fb4dbe993f2-LHR
DNS

cdnjs.cloudflare.com

Request

cdnjs.cloudflare.com

IN A

Response

cdnjs.cloudflare.com

IN A

104.17.25.14

cdnjs.cloudflare.com

IN A

104.17.24.14
DNS

js.sentry-cdn.com

Request

js.sentry-cdn.com

IN A

Response

js.sentry-cdn.com

IN A

151.101.194.217

js.sentry-cdn.com

IN A

151.101.66.217

js.sentry-cdn.com

IN A

151.101.2.217

js.sentry-cdn.com

IN A

151.101.130.217
GET

https://cdnjs.cloudflare.com/ajax/libs/materialize/0.99.0/css/materialize.min.css

Request

GET /ajax/libs/materialize/0.99.0/css/materialize.min.css HTTP/2.0
host: cdnjs.cloudflare.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://get.searchsetting.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 06 Nov 2024 03:40:18 GMT
content-type: text/css; charset=utf-8
content-length: 17541
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03efe-20198"
last-modified: Mon, 04 May 2020 16:12:46 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1746309
expires: Mon, 27 Oct 2025 03:40:18 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9KzwJbFmQUQDqWE7hXCI8VaBbRSTrxm%2B3Mt5Ux4MK5g3gUUK3xnkEiIurwFOPQ0oxzVGRlMbprlS6sxrWaQmtOq%2BUB6AF5OFDoWTIRqDEf55piPbZd7HHxJ3OrxY1I4Rllx%2FvLot"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8de20fb759c6653c-LHR
alt-svc: h3=":443"; ma=86400
DNS

chromewebstore.google.com

Request

chromewebstore.google.com

IN A

Response

chromewebstore.google.com

IN A

142.250.180.14
GET

https://chromewebstore.google.com/detail/ddhpienhbmchiiacjlbodjclefffccjp

Request

GET /detail/ddhpienhbmchiiacjlbodjclefffccjp HTTP/2.0
host: chromewebstore.google.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-ch-ua-arch: "x86"
sec-ch-ua-platform-version: "0.1.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://get.searchsetting.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: AEC=AVYB7cplzdJ7DsEO67ZY4dTqupmIWFKAb527KBClkiZxaIoY8F6uKMWLLg
cookie: SOCS=CAESHAgCEhJnd3NfMjAyNDEwMjktMF9SQzIaAmVuIAEaBgiA46q5Bg
cookie: __Secure-ENID=23.SE=GwjFNoRkRsS3C5YFuBjkRcBqTxMdPOKqoUScbCL1n6EnkZu13GfFcVvbtdVBuPbGbQAKhvQeAU_Cys72I-CM-VIXJif0bTm6vru9poIeJKyu1PCfwoHRFcnW6PYP--PfownPt8Zy_Z98hyDQiPhbPW9mQxf3nobssoK2tsPVse5mGPjhr_QTdnzkiuBsVWRv5kPY3Rp4gWfXef4OhaX-L3_9sbw
DNS

lh3.googleusercontent.com

Request

lh3.googleusercontent.com

IN A

Response

lh3.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

216.58.213.1
GET

https://lh3.googleusercontent.com/VDZcYeRKlvpjLMi_2r4KAXCLPpAcmrf1yO7XSR4OVUocUf9RBAr7pAD_ybxsF6ixwoAtb5AV_I-d4osqJShsseOTqg=s60

Request

GET /VDZcYeRKlvpjLMi_2r4KAXCLPpAcmrf1yO7XSR4OVUocUf9RBAr7pAD_ybxsF6ixwoAtb5AV_I-d4osqJShsseOTqg=s60 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "0.1.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJKMywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/kthxNShwMYLSZFOKTNPGLHvbrqlqgZ4P8nRvtOM2YvRsI_iN15aPS8-plCCn8H6jPpuWNS6yLjVcqQwJCAASb2iy=s275-w275-h175

Request

GET /kthxNShwMYLSZFOKTNPGLHvbrqlqgZ4P8nRvtOM2YvRsI_iN15aPS8-plCCn8H6jPpuWNS6yLjVcqQwJCAASb2iy=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "0.1.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJKMywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/I6ByzQtfEAV-6yO5A_-BqexUdJNCZ9igkp7qpQIV0dtCfn2jTr5nsQUGQQXdUw4wVKt0kWLUAUoFe5U6cObby_YRDJI=s275-w275-h175

Request

GET /I6ByzQtfEAV-6yO5A_-BqexUdJNCZ9igkp7qpQIV0dtCfn2jTr5nsQUGQQXdUw4wVKt0kWLUAUoFe5U6cObby_YRDJI=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "0.1.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJKMywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/0tA73KRuahqHSy1U_xTpiNWhUIeKmeZbhelGOYkT53kTjFYiE9cOJneiJV4wBb_cDzW6Z5_75o64oVib-Sb5FZso0g=s275-w275-h175

Request

GET /0tA73KRuahqHSy1U_xTpiNWhUIeKmeZbhelGOYkT53kTjFYiE9cOJneiJV4wBb_cDzW6Z5_75o64oVib-Sb5FZso0g=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "0.1.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJKMywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/FxedRkgkSuWZzFbUxGyXBA5sTm2UJNRvb4UUBHjjCdABm1dF0SddPxrVQXilhC0nanzz6cXUEApebyc140gK0sdVMBA=s275-w275-h175

Request

GET /FxedRkgkSuWZzFbUxGyXBA5sTm2UJNRvb4UUBHjjCdABm1dF0SddPxrVQXilhC0nanzz6cXUEApebyc140gK0sdVMBA=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "0.1.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJKMywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://lh3.googleusercontent.com/sXqrFJhwlJsMvvJjhSVy2ykEBnWq07nXuJOjNVx4MMRRZAM-lD49906qnccjpcuacrYtAzt05oXRzYzEIQR7p-qfWw=s275-w275-h175

Request

GET /sXqrFJhwlJsMvvJjhSVy2ykEBnWq07nXuJOjNVx4MMRRZAM-lD49906qnccjpcuacrYtAzt05oXRzYzEIQR7p-qfWw=s275-w275-h175 HTTP/2.0
host: lh3.googleusercontent.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "0.1.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJKMywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

region1.google-analytics.com

Request

region1.google-analytics.com

IN A

Response

region1.google-analytics.com

IN A

216.239.32.36

region1.google-analytics.com

IN A

216.239.34.36
DNS

region1.google-analytics.com

Request

region1.google-analytics.com

IN A
DNS

scone-pa.clients6.google.com

Request

scone-pa.clients6.google.com

IN A

Response

scone-pa.clients6.google.com

IN A

142.250.180.10
GET

https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.SGzW6IeCawI.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw%2Fm%3D__features__

Request

GET /static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.SGzW6IeCawI.O%2Fam%3DAACA%2Fd%3D1%2Frs%3DAHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw%2Fm%3D__features__ HTTP/2.0
host: scone-pa.clients6.google.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "0.1.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
x-client-data: CJKMywE=
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: AEC=AVYB7cplzdJ7DsEO67ZY4dTqupmIWFKAb527KBClkiZxaIoY8F6uKMWLLg
cookie: SOCS=CAESHAgCEhJnd3NfMjAyNDEwMjktMF9SQzIaAmVuIAEaBgiA46q5Bg
cookie: __Secure-ENID=23.SE=GwjFNoRkRsS3C5YFuBjkRcBqTxMdPOKqoUScbCL1n6EnkZu13GfFcVvbtdVBuPbGbQAKhvQeAU_Cys72I-CM-VIXJif0bTm6vru9poIeJKyu1PCfwoHRFcnW6PYP--PfownPt8Zy_Z98hyDQiPhbPW9mQxf3nobssoK2tsPVse5mGPjhr_QTdnzkiuBsVWRv5kPY3Rp4gWfXef4OhaX-L3_9sbw
cookie: NID=518=a4Sk2Ad5y8WJrOLdXFAZn7FjeIDFEenFBcth70xOx-wQ08NU94Zfjy30iIIRxj-86jPGp8vI-2-6ENUko9bxL8vvcPxEu4MUm4RlDk-4TqbY0jb6cpOqEsyvzEDNNKHhhXJiPnonVuzWHLGc1Rzp1j7fRMCSuDOzSeYLxlLx11944GKa9mcLSW01
DNS

ssl.gstatic.com

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

172.217.16.227
GET

https://ssl.gstatic.com/chrome/webstore/images/icon_48px.png

Request

GET /chrome/webstore/images/icon_48px.png HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "0.1.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CJKMywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://region1.google-analytics.com/g/collect?v=2&tid=G-KHZNC1Q6K0&gtm=45je4au0v9127140089za200&_p=1730864424209&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101823848~101878899~101878944~101925629&cid=881380093.1730864424&ul=en-us&sr=1280x720&uaa=x86&uab=64&uafvl=Chromium%3B106.0.5249.119%7CGoogle%2520Chrome%3B106.0.5249.119%7CNot%253BA%253DBrand%3B99.0.0.0&uamb=0&uam=&uap=Windows&uapv=0.1.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1730864424&sct=1&seg=0&dl=https%3A%2F%2Fchromewebstore.google.com%2Fdetail%2Fsearch-settings%2Fddhpienhbmchiiacjlbodjclefffccjp&dr=https%3A%2F%2Fget.searchsetting.com%2F&dt=Search%20Settings%20-%20Chrome%20Web%20Store&dp=%2Fdetail%2Fsearch-settings%2Fddhpienhbmchiiacjlbodjclefffccjp&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1126

Request

POST /g/collect?v=2&tid=G-KHZNC1Q6K0&gtm=45je4au0v9127140089za200&_p=1730864424209&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101823848~101878899~101878944~101925629&cid=881380093.1730864424&ul=en-us&sr=1280x720&uaa=x86&uab=64&uafvl=Chromium%3B106.0.5249.119%7CGoogle%2520Chrome%3B106.0.5249.119%7CNot%253BA%253DBrand%3B99.0.0.0&uamb=0&uam=&uap=Windows&uapv=0.1.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1730864424&sct=1&seg=0&dl=https%3A%2F%2Fchromewebstore.google.com%2Fdetail%2Fsearch-settings%2Fddhpienhbmchiiacjlbodjclefffccjp&dr=https%3A%2F%2Fget.searchsetting.com%2F&dt=Search%20Settings%20-%20Chrome%20Web%20Store&dp=%2Fdetail%2Fsearch-settings%2Fddhpienhbmchiiacjlbodjclefffccjp&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1126 HTTP/2.0
host: region1.google-analytics.com
content-length: 0
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "0.1.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://chromewebstore.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://region1.google-analytics.com/g/collect?v=2&tid=G-KHZNC1Q6K0&gtm=45je4au0v9127140089za200&_p=1730864424209&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101823848~101878899~101878944~101925629&cid=881380093.1730864424&ul=en-us&sr=1280x720&uaa=x86&uab=64&uafvl=Chromium%3B106.0.5249.119%7CGoogle%2520Chrome%3B106.0.5249.119%7CNot%253BA%253DBrand%3B99.0.0.0&uamb=0&uam=&uap=Windows&uapv=0.1.0&uaw=0&frm=0&pscdl=noapi&_eu=Ag&_s=2&sid=1730864424&sct=1&seg=0&dl=https%3A%2F%2Fchromewebstore.google.com%2Fdetail%2Fsearch-settings%2Fddhpienhbmchiiacjlbodjclefffccjp&dr=https%3A%2F%2Fget.searchsetting.com%2F&dt=Search%20Settings%20-%20Chrome%20Web%20Store&dp=%2Fdetail%2Fsearch-settings%2Fddhpienhbmchiiacjlbodjclefffccjp&en=view_item&_c=1&_ee=1&pr1=idddhpienhbmchiiacjlbodjclefffccjp~nmSearch%20Settings&ep.item_id=ddhpienhbmchiiacjlbodjclefffccjp&ep.item_name=Search%20Settings&ep.high_quality=false&ep.visible_to_public=true&ep.referrer=&ep.event_url=https%3A%2F%2Fchromewebstore.google.com%2Fdetail%2Fsearch-settings%2Fddhpienhbmchiiacjlbodjclefffccjp&_et=150&up.signed_in_user=false&up.signed_in_dasher_user=false&tfd=1284

Request

POST /g/collect?v=2&tid=G-KHZNC1Q6K0&gtm=45je4au0v9127140089za200&_p=1730864424209&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101823848~101878899~101878944~101925629&cid=881380093.1730864424&ul=en-us&sr=1280x720&uaa=x86&uab=64&uafvl=Chromium%3B106.0.5249.119%7CGoogle%2520Chrome%3B106.0.5249.119%7CNot%253BA%253DBrand%3B99.0.0.0&uamb=0&uam=&uap=Windows&uapv=0.1.0&uaw=0&frm=0&pscdl=noapi&_eu=Ag&_s=2&sid=1730864424&sct=1&seg=0&dl=https%3A%2F%2Fchromewebstore.google.com%2Fdetail%2Fsearch-settings%2Fddhpienhbmchiiacjlbodjclefffccjp&dr=https%3A%2F%2Fget.searchsetting.com%2F&dt=Search%20Settings%20-%20Chrome%20Web%20Store&dp=%2Fdetail%2Fsearch-settings%2Fddhpienhbmchiiacjlbodjclefffccjp&en=view_item&_c=1&_ee=1&pr1=idddhpienhbmchiiacjlbodjclefffccjp~nmSearch%20Settings&ep.item_id=ddhpienhbmchiiacjlbodjclefffccjp&ep.item_name=Search%20Settings&ep.high_quality=false&ep.visible_to_public=true&ep.referrer=&ep.event_url=https%3A%2F%2Fchromewebstore.google.com%2Fdetail%2Fsearch-settings%2Fddhpienhbmchiiacjlbodjclefffccjp&_et=150&up.signed_in_user=false&up.signed_in_dasher_user=false&tfd=1284 HTTP/2.0
host: region1.google-analytics.com
content-length: 0
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "0.1.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://chromewebstore.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://region1.google-analytics.com/g/collect?v=2&tid=G-KHZNC1Q6K0&gtm=45je4au0v9127140089za200&_p=1730864424209&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101823848~101878899~101878944~101925629&cid=881380093.1730864424&ul=en-us&sr=1280x720&frm=0&pscdl=noapi&uaa=x86&uab=64&uafvl=Chromium%3B106.0.5249.119%7CGoogle%2520Chrome%3B106.0.5249.119%7CNot%253BA%253DBrand%3B99.0.0.0&uamb=0&uam=&uap=Windows&uapv=0.1.0&uaw=0&_eu=AAg&_s=3&sid=1730864424&sct=1&seg=0&dl=https%3A%2F%2Fchromewebstore.google.com%2Fdetail%2Fsearch-settings%2Fddhpienhbmchiiacjlbodjclefffccjp&dr=https%3A%2F%2Fget.searchsetting.com%2F&dt=Search%20Settings%20-%20Chrome%20Web%20Store&dp=%2Fdetail%2Fsearch-settings%2Fddhpienhbmchiiacjlbodjclefffccjp&en=detail_page_view&_c=1&ep.item_id=ddhpienhbmchiiacjlbodjclefffccjp&ep.item_name=Search%20Settings&ep.high_quality=false&ep.visible_to_public=true&ep.referrer=&ep.event_url=https%3A%2F%2Fchromewebstore.google.com%2Fdetail%2Fsearch-settings%2Fddhpienhbmchiiacjlbodjclefffccjp&_et=1&tfd=1289

Request

POST /g/collect?v=2&tid=G-KHZNC1Q6K0&gtm=45je4au0v9127140089za200&_p=1730864424209&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101823848~101878899~101878944~101925629&cid=881380093.1730864424&ul=en-us&sr=1280x720&frm=0&pscdl=noapi&uaa=x86&uab=64&uafvl=Chromium%3B106.0.5249.119%7CGoogle%2520Chrome%3B106.0.5249.119%7CNot%253BA%253DBrand%3B99.0.0.0&uamb=0&uam=&uap=Windows&uapv=0.1.0&uaw=0&_eu=AAg&_s=3&sid=1730864424&sct=1&seg=0&dl=https%3A%2F%2Fchromewebstore.google.com%2Fdetail%2Fsearch-settings%2Fddhpienhbmchiiacjlbodjclefffccjp&dr=https%3A%2F%2Fget.searchsetting.com%2F&dt=Search%20Settings%20-%20Chrome%20Web%20Store&dp=%2Fdetail%2Fsearch-settings%2Fddhpienhbmchiiacjlbodjclefffccjp&en=detail_page_view&_c=1&ep.item_id=ddhpienhbmchiiacjlbodjclefffccjp&ep.item_name=Search%20Settings&ep.high_quality=false&ep.visible_to_public=true&ep.referrer=&ep.event_url=https%3A%2F%2Fchromewebstore.google.com%2Fdetail%2Fsearch-settings%2Fddhpienhbmchiiacjlbodjclefffccjp&_et=1&tfd=1289 HTTP/2.0
host: region1.google-analytics.com
content-length: 0
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-platform-version: "0.1.0"
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
sec-ch-ua-bitness: "64"
sec-ch-ua-model:
sec-ch-ua-wow64: ?0
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://chromewebstore.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

ogs.google.com

Request

ogs.google.com

IN A

Response

ogs.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

216.58.201.110
GET

https://ogs.google.com/widget/app/so?awwd=1&origin=https%3A%2F%2Fchromewebstore.google.com&cn=app&pid=269&spid=421&hl=en

Request

GET /widget/app/so?awwd=1&origin=https%3A%2F%2Fchromewebstore.google.com&cn=app&pid=269&spid=421&hl=en HTTP/2.0
host: ogs.google.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-full-version: "106.0.5249.119"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "0.1.0"
sec-ch-ua-model: ""
sec-ch-ua-bitness: "64"
sec-ch-ua-wow64: ?0
sec-ch-ua-full-version-list: "Chromium";v="106.0.5249.119", "Google Chrome";v="106.0.5249.119", "Not;A=Brand";v="99.0.0.0"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
x-client-data: CJKMywE=
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://chromewebstore.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: AEC=AVYB7cplzdJ7DsEO67ZY4dTqupmIWFKAb527KBClkiZxaIoY8F6uKMWLLg
cookie: SOCS=CAESHAgCEhJnd3NfMjAyNDEwMjktMF9SQzIaAmVuIAEaBgiA46q5Bg
cookie: __Secure-ENID=23.SE=GwjFNoRkRsS3C5YFuBjkRcBqTxMdPOKqoUScbCL1n6EnkZu13GfFcVvbtdVBuPbGbQAKhvQeAU_Cys72I-CM-VIXJif0bTm6vru9poIeJKyu1PCfwoHRFcnW6PYP--PfownPt8Zy_Z98hyDQiPhbPW9mQxf3nobssoK2tsPVse5mGPjhr_QTdnzkiuBsVWRv5kPY3Rp4gWfXef4OhaX-L3_9sbw
cookie: NID=518=a4Sk2Ad5y8WJrOLdXFAZn7FjeIDFEenFBcth70xOx-wQ08NU94Zfjy30iIIRxj-86jPGp8vI-2-6ENUko9bxL8vvcPxEu4MUm4RlDk-4TqbY0jb6cpOqEsyvzEDNNKHhhXJiPnonVuzWHLGc1Rzp1j7fRMCSuDOzSeYLxlLx11944GKa9mcLSW01
POST

https://stats.securebrowser.com/

Request

POST / HTTP/1.1
Content-Type: application/json
User-Agent: Debug NSIS Plugin/1.0.x.x
Host: stats.securebrowser.com
Content-Length: 331
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Wed, 06 Nov 2024 03:40:39 GMT
Content-Type: text/plain;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
Server: cloudflare
CF-RAY: 8de21037580d886e-LHR
DNS

crl.microsoft.com

Request

crl.microsoft.com

IN A

Response

crl.microsoft.com

IN CNAME

crl.www.ms.akadns.net

crl.www.ms.akadns.net

IN CNAME

a1363.dscg.akamai.net

a1363.dscg.akamai.net

IN A

2.19.252.143

a1363.dscg.akamai.net

IN A

2.19.252.157
GET

http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

Request

GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 11 Jul 2024 01:45:51 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com

Response

HTTP/1.1 200 OK

Content-Length: 1036
Content-Type: application/octet-stream
Content-MD5: 8M9bF5Tsp81z+cAg2quO8g==
Last-Modified: Thu, 26 Sep 2024 02:21:11 GMT
ETag: 0x8DCDDD1E3AF2C76
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 253815cb-701e-0042-16c3-0fee6a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 06 Nov 2024 03:40:49 GMT
Connection: keep-alive
DNS

www.google.co.uk

Request

www.google.co.uk

IN A

Response

www.google.co.uk

IN A

216.58.204.67
DNS

beacons.gcp.gvt2.com

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

172.217.169.3
DNS

google.com

Request

google.com

IN A

Response

google.com

IN A

142.250.200.14
DNS

region1.google-analytics.com

Request

region1.google-analytics.com

IN A

Response

region1.google-analytics.com

IN A

216.239.32.36

region1.google-analytics.com

IN A

216.239.34.36

216.58.201.100:443

https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

tls, http2

chrome.exe

2.6kB
47.3kB
33
47

HTTP Request

GET https://www.google.com/async/ddljson?async=ntp:2

HTTP Request

GET https://www.google.com/async/newtab_promos

HTTP Request

GET https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
216.58.201.110:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0

tls, http2

chrome.exe

2.5kB
47.5kB
29
41

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0
172.217.16.238:443

https://consent.google.com/save?continue=https://www.google.com/search?q%3Dmandela%2Bvirus%2Bdownload%2Bfree%26oq%3Dmandela%2Bvirus%2Bdownload%2Bfree%2B%26aqs%3Dchrome..69i57.7211j0j15%26sourceid%3Dchrome%26ie%3DUTF-8&gl=UK&m=0&pc=srp&x=5&src=2&hl=en&bl=gws_20241029-0_RC2&uxe=none&cm=2&set_eom=true

tls, http2

chrome.exe

4.2kB
10.6kB
21
23

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true

HTTP Request

POST https://consent.google.com/save?continue=https://www.google.com/search?q%3Dmandela%2Bvirus%2Bdownload%2Bfree%26oq%3Dmandela%2Bvirus%2Bdownload%2Bfree%2B%26aqs%3Dchrome..69i57.7211j0j15%26sourceid%3Dchrome%26ie%3DUTF-8&gl=UK&m=0&pc=srp&x=5&src=2&hl=en&bl=gws_20241029-0_RC2&uxe=none&cm=2&set_eom=true
207.241.224.2:443

https://archive.org/download/mandela-1.0.0-alpha/mandela/

tls, http2

chrome.exe

22.1kB
946.9kB
413
706

HTTP Request

GET https://archive.org/details/mandela-1.0.0-alpha

HTTP Response

200

HTTP Request

GET https://archive.org/includes/athena.js?v=ce75ede4

HTTP Request

GET https://archive.org/components/npm/lit/polyfill-support.js?v=ce75ede4

HTTP Request

GET https://archive.org/components/npm/@webcomponents/webcomponentsjs/webcomponents-bundle.js?v=ce75ede4

HTTP Request

GET https://archive.org/includes/build/js/ia-topnav.min.js?v=ce75ede4

HTTP Request

GET https://archive.org/includes/build/css/archive.min.css?v=ce75ede4

HTTP Request

GET https://archive.org/includes/build/js/details-carousel.min.js?v=ce75ede4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://archive.org/services/img/itch-io-backups

HTTP Request

GET https://archive.org/includes/fonts/Iconochive-Regular.woff?-ccsheb

HTTP Request

GET https://archive.org/services/img/itchiocollection

HTTP Response

200

HTTP Request

GET https://archive.org/images/glogo.jpg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://archive.org/download/mandela-1.0.0-alpha

HTTP Response

200

HTTP Request

GET https://archive.org/includes/build/js/archive.min.js?v=ce75ede4

HTTP Response

200

HTTP Request

GET https://archive.org/download/mandela-1.0.0-alpha/mandela/

HTTP Response

200
207.241.224.2:443

archive.org

tls

chrome.exe

1.1kB
8.9kB
11
13
207.241.225.195:443

https://athena.archive.org/0.gif?cache_bust=0.6345067043030617&server_ms=123&server_name=www14.us.archive.org&kind=pageview&timediff=0&locale=en-US&referrer=https%3A%2F%2Farchive.org%2Fdownload%2Fmandela-1.0.0-alpha&loadtime=180&nav_to_done_ms=2778&iaprop_fontSize=16px&iaprop_devicePixelRatio=1&iaprop_mediaType=software&service=ao_2&version=2&count=15

tls, http2

chrome.exe

4.8kB
13.1kB
33
36

HTTP Request

GET https://athena.archive.org/0.gif?kind=track_js&track_js_case=control&cache_bust=2134802236

HTTP Response

200

HTTP Request

GET https://athena.archive.org/0.gif?cache_bust=0.7632288259489204&kind=track_js&track_js_case=in_page_executes&service=ao_2&version=2&count=6

HTTP Request

GET https://athena.archive.org/0.gif?cache_bust=0.706157981798603&kind=track_js&track_js_case=external_executes&service=ao_2&version=2&count=6

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://athena.archive.org/0.gif?cache_bust=0.03694759618374355&server_ms=161&server_name=www14.us.archive.org&kind=pageview&timediff=0&locale=en-US&referrer=https%3A%2F%2Fwww.google.com%2F&loadtime=2971&nav_to_done_ms=3780&iaprop_fontSize=16px&iaprop_devicePixelRatio=1&iaprop_mediaType=software&iaprop_primaryCollection=itch-io-backups&service=ao_2&version=2&count=16

HTTP Response

200

HTTP Request

GET https://athena.archive.org/0.gif?kind=track_js&track_js_case=control&cache_bust=125704818

HTTP Response

200

HTTP Request

GET https://athena.archive.org/0.gif?cache_bust=0.08739403171123494&kind=track_js&track_js_case=in_page_executes&service=ao_2&version=2&count=6

HTTP Request

GET https://athena.archive.org/0.gif?cache_bust=0.5309890222637119&kind=track_js&track_js_case=external_executes&service=ao_2&version=2&count=6

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://athena.archive.org/0.gif?cache_bust=0.32479271981077296&server_ms=100&server_name=www14.us.archive.org&kind=pageview&timediff=0&locale=en-US&referrer=https%3A%2F%2Farchive.org%2Fdetails%2Fmandela-1.0.0-alpha&loadtime=1292&nav_to_done_ms=1776&iaprop_fontSize=16px&iaprop_devicePixelRatio=1&iaprop_mediaType=software&service=ao_2&version=2&count=15

HTTP Response

200

HTTP Request

GET https://athena.archive.org/0.gif?kind=track_js&track_js_case=control&cache_bust=1115683924

HTTP Request

GET https://athena.archive.org/0.gif?cache_bust=0.40099354432092094&kind=track_js&track_js_case=in_page_executes&service=ao_2&version=2&count=6

HTTP Request

GET https://athena.archive.org/0.gif?cache_bust=0.49006518429814805&kind=track_js&track_js_case=external_executes&service=ao_2&version=2&count=6

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://athena.archive.org/0.gif?cache_bust=0.6345067043030617&server_ms=123&server_name=www14.us.archive.org&kind=pageview&timediff=0&locale=en-US&referrer=https%3A%2F%2Farchive.org%2Fdownload%2Fmandela-1.0.0-alpha&loadtime=180&nav_to_done_ms=2778&iaprop_fontSize=16px&iaprop_devicePixelRatio=1&iaprop_mediaType=software&service=ao_2&version=2&count=15

HTTP Response

200
151.101.1.91:443

mandela-invasion.en.softonic.com

tls

chrome.exe

989 B
4.6kB
9
10
151.101.1.91:443

https://mandela-invasion.en.softonic.com/

tls, http2

chrome.exe

2.8kB
63.7kB
36
60

HTTP Request

GET https://mandela-invasion.en.softonic.com/

HTTP Response

200
151.101.65.91:443

https://di-images.sftcdn.net/t_auto/download_intent/softonic/avg-secure-browser/3

tls, http2

chrome.exe

2.8kB
24.1kB
25
36

HTTP Request

GET https://images.sftcdn.net/images/t_app-icon-s/p/9a8d84f2-99bf-4a32-ae54-a4c6a4c22b40/4178280428/mandela-invasion-icona.jpg

HTTP Request

GET https://images.sftcdn.net/images/t_app-cover-s,f_auto/p/9a8d84f2-99bf-4a32-ae54-a4c6a4c22b40/38336615/mandela-invasion-iePhN_.png

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://di-images.sftcdn.net/t_auto/download_intent/templates/avast-software-sro/avg-secure-browser/AVG_Secure_Browser

HTTP Request

GET https://di-images.sftcdn.net/t_auto/download_intent/softonic/avg-secure-browser/2

HTTP Request

GET https://di-images.sftcdn.net/t_auto/download_intent/softonic/avg-secure-browser/1

HTTP Request

GET https://di-images.sftcdn.net/t_auto/download_intent/softonic/avg-secure-browser/3

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
151.101.65.91:443

images.sftcdn.net

tls

chrome.exe

943 B
3.7kB
8
9
151.101.129.91:443

https://sc.sftcdn.net/scripts/23986-a9436.mjs

tls, http2

chrome.exe

4.2kB
122.5kB
62
105

HTTP Request

GET https://sc.sftcdn.net/fonts/5bba3-e5711.woff2

HTTP Request

GET https://sc.sftcdn.net/fonts/585ea-68c47.woff2

HTTP Request

GET https://sc.sftcdn.net/fonts/cb75f-83e1c.woff2

HTTP Request

GET https://sc.sftcdn.net/scripts/72c3f-d506e.mjs

HTTP Request

GET https://sc.sftcdn.net/scripts/23986-a9436.mjs

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
151.101.129.91:443

sc.sftcdn.net

tls

chrome.exe

943 B
4.2kB
8
9
151.101.129.91:443

sc.sftcdn.net

tls

chrome.exe

943 B
4.2kB
8
9
151.101.129.91:443

sc.sftcdn.net

tls

chrome.exe

943 B
4.2kB
8
9
151.101.129.91:443

https://sc.sftcdn.net/styles/40150-755d3.css

tls, http2

chrome.exe

2.1kB
27.1kB
21
31

HTTP Request

GET https://sc.sftcdn.net/styles/e1d66-e11a1.css

HTTP Request

GET https://sc.sftcdn.net/styles/40150-755d3.css

HTTP Response

200

HTTP Response

200
151.101.129.91:443

sc.sftcdn.net

tls

chrome.exe

943 B
4.2kB
8
9
150.171.28.10:443

bat.bing.com

tls

chrome.exe

1.3kB
7.9kB
9
13
151.101.129.91:443

sc.sftcdn.net

tls

chrome.exe

943 B
4.2kB
8
9
151.101.193.91:443

https://en.softonic.com/ads-download-url?appId=2d9f9134-96d0-11e6-bf8f-00163ec9f5fa&appUrl=https://www.avast.com/en-gb/lp-ppc-free-av%3Ffull_trSrc%3Dmmm_sft_dlp_000_119_h%26utm_source%3Dsoftonic%26utm_medium%3Dcpc%26utm_campaign%3Den-us_ava_dis_gen_pro_sft_dtp

tls, http2

chrome.exe

6.0kB
216.3kB
97
172

HTTP Request

GET https://rv-assets.softonic.com/publishers/softonic.js?modern=1

HTTP Request

GET https://rv-assets.softonic.com/prebid/softonic/prebid-client.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://en.softonic.com/ads-download-url?appId=2d9f9134-96d0-11e6-bf8f-00163ec9f5fa&appUrl=https://www.avast.com/en-gb/lp-ppc-free-av%3Ffull_trSrc%3Dmmm_sft_dlp_000_119_h%26utm_source%3Dsoftonic%26utm_medium%3Dcpc%26utm_campaign%3Den-us_ava_dis_gen_pro_sft_dtp

HTTP Response

200
151.101.193.91:443

rv-assets.softonic.com

tls

chrome.exe

989 B
4.6kB
9
10
18.245.175.44:443

https://sdk.privacy-center.org/a8ff32f4-78c7-4428-825d-0badb488b68b/loader.js?target=en.softonic.com

tls, http2

chrome.exe

2.1kB
28.9kB
21
29

HTTP Request

GET https://sdk.privacy-center.org/a8ff32f4-78c7-4428-825d-0badb488b68b/loader.js?target=en.softonic.com

HTTP Response

200
13.107.246.65:443

https://www.clarity.ms/s/0.7.53/clarity.js

tls, http2

chrome.exe

2.9kB
37.8kB
29
38

HTTP Request

GET https://www.clarity.ms/tag/n22abp4c18

HTTP Response

200

HTTP Request

GET https://www.clarity.ms/s/0.7.53/clarity.js

HTTP Response

200
108.157.7.75:443

https://c.amazon-adsystem.com/cdn/prod/config?src=3177&u=https%3A%2F%2Fmandela-invasion.en.softonic.com

tls, http2

chrome.exe

3.3kB
91.9kB
46
76

HTTP Request

GET https://c.amazon-adsystem.com/aax2/apstag.js

HTTP Response

200

HTTP Request

GET https://c.amazon-adsystem.com/cdn/prod/config?src=3177&u=https%3A%2F%2Fmandela-invasion.en.softonic.com

HTTP Response

200
216.58.212.206:443

https://syndicatedsearch.goog/afs/ads?psid=5593628202&channel=dsk_rscp_en_pp&iab_gdprApplies=true&client=softonic&r=m&iab_tcString=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&hl=en&rpbu=https%3A%2F%2Fen.softonic.com%2Fs%3Frscp%3D12345678%26platformId%3Dwindows%26styleId%3D5593628202&rpqp=q&type=3&rs_tt=c&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301432%2C17301436%2C17301542%2C17301266%2C72717107%2C49280903%2C72771954&format=r4&nocache=8311730864386269&num=0&output=afd_ads&domain_name=mandela-invasion.en.softonic.com&v=3&bsl=8&pac=2&u_his=3&u_tz=0&dt=1730864386271&u_w=1280&u_h=720&biw=1263&bih=592&psw=1263&psh=6072&frm=0&uio=-wi290&cont=rscontainer&drt=0&jsid=csa&jsv=691096265&rurl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&referer=https%3A%2F%2Fwww.google.com%2F

tls, http2

chrome.exe

3.8kB
16.2kB
20
23

HTTP Request

GET https://syndicatedsearch.goog/afs/ads/i/iframe.html

HTTP Request

GET https://syndicatedsearch.goog/afs/ads?adsafe=medium&psid=7097078552&channel=dsk_afs_en_pp&iab_gdprApplies=true&client=softonic&q=Mandela%20Invasion&r=m&iab_tcString=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&max_radlink_len=400&type=0&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301432%2C17301436%2C17301542%2C17301266%2C72717107%2C49280903%2C72771954&format=p2&ad=p2&nocache=8211730864386260&num=0&output=uds_ads_only&v=3&bsl=8&pac=2&u_his=3&u_tz=0&dt=1730864386261&u_w=1280&u_h=720&biw=1263&bih=592&psw=1263&psh=6060&frm=0&uio=-wi600&cont=middle-contextual-list-desktop&drt=0&jsid=csa&jsv=691096265&rurl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&referer=https%3A%2F%2Fwww.google.com%2F

HTTP Request

GET https://syndicatedsearch.goog/afs/ads?psid=5593628202&channel=dsk_rscp_en_pp&iab_gdprApplies=true&client=softonic&r=m&iab_tcString=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&hl=en&rpbu=https%3A%2F%2Fen.softonic.com%2Fs%3Frscp%3D12345678%26platformId%3Dwindows%26styleId%3D5593628202&rpqp=q&type=3&rs_tt=c&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301432%2C17301436%2C17301542%2C17301266%2C72717107%2C49280903%2C72771954&format=r4&nocache=8311730864386269&num=0&output=afd_ads&domain_name=mandela-invasion.en.softonic.com&v=3&bsl=8&pac=2&u_his=3&u_tz=0&dt=1730864386271&u_w=1280&u_h=720&biw=1263&bih=592&psw=1263&psh=6072&frm=0&uio=-wi290&cont=rscontainer&drt=0&jsid=csa&jsv=691096265&rurl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&referer=https%3A%2F%2Fwww.google.com%2F
104.22.75.216:443

https://btloader.com/tag?o=5633429348548608&upapi=true

tls, http2

chrome.exe

2.1kB
27.0kB
23
30

HTTP Request

GET https://btloader.com/tag?o=5633429348548608&upapi=true

HTTP Response

200
104.26.2.70:443

ad-delivery.net

chrome.exe

52 B
1
104.26.2.70:443

ad-delivery.net

tls, http2

chrome.exe

990 B
1.5kB
8
6
142.250.200.27:443

https://storage.googleapis.com/storage-proxy-assets/revamp-di-sft/corporate-logo-nb.svg

tls, http2

chrome.exe

1.9kB
13.2kB
15
17

HTTP Request

GET https://storage.googleapis.com/storage-proxy-assets/revamp-di-sft/corporate-logo-nb.svg
4.153.129.168:443

b.clarity.ms

tls

chrome.exe

932 B
5.6kB
9
8
104.26.2.70:443

https://ad-delivery.net/px.gif?ch=1&e=0.8281441677203303

tls, http2

chrome.exe

1.8kB
5.1kB
14
15

HTTP Request

GET https://ad-delivery.net/px.gif?ch=2

HTTP Request

GET https://ad-delivery.net/px.gif?ch=1&e=0.8281441677203303

HTTP Response

200

HTTP Response

200
130.211.23.194:443

https://api.btloader.com/country?o=5633429348548608

tls, http2

chrome.exe

1.7kB
5.9kB
13
13

HTTP Request

GET https://api.btloader.com/country?o=5633429348548608
104.26.7.141:443

https://api.btmessage.com/events/mw

tls, http2

chrome.exe

4.5kB
57.3kB
49
74

HTTP Request

GET https://cdn.btmessage.com/script/rlink.js?o=5633429348548608&bt_env=prod

HTTP Response

200

HTTP Request

GET https://api.btmessage.com/websiteconfig?bt_env=prod&o=5633429348548608&w=mandela-invasion.en.softonic.com&l=EN

HTTP Response

302

HTTP Request

GET https://api.btmessage.com/websiteconfig?bt_env=prod&o=5633429348548608&w=en.softonic.com&l=EN

HTTP Response

302

HTTP Request

GET https://api.btmessage.com/websiteconfig?bt_env=prod&o=5633429348548608&w=softonic.com&l=EN

HTTP Response

200

HTTP Request

GET https://api.btmessage.com/mw/state?bt_env=prod

HTTP Request

GET https://api.btmessage.com/mw/sign_pbm?w=5299385968099328&bt_env=prod

HTTP Response

204

HTTP Response

200

HTTP Request

GET https://cdn.btmessage.com/webfonts43j533.js

HTTP Response

200

HTTP Request

POST https://api.btmessage.com/events/mw

HTTP Response

204
108.157.7.75:443

https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js

tls, http2

chrome.exe

1.8kB
10.1kB
14
17

HTTP Request

GET https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js

HTTP Response

200
108.157.4.57:443

https://config.aps.amazon-adsystem.com/configs/3177

tls, http2

chrome.exe

1.7kB
7.6kB
13
14

HTTP Request

GET https://config.aps.amazon-adsystem.com/configs/3177

HTTP Response

200
172.67.38.106:443

https://cdn.id5-sync.com/api/1.0/id5-api.js

tls, http2

chrome.exe

2.1kB
34.0kB
23
34

HTTP Request

GET https://cdn.id5-sync.com/api/1.0/id5-api.js

HTTP Response

200
172.217.169.3:443

https://www.google.co.uk/pagead/1p-user-list/631321069/?random=1730864383908&cv=11&fst=1730862000000&bg=ffffff&guid=ON&async=1&gtm=45be4au0za200zb6335967&gcd=13l3l3l3l1l1&dma=0&tcfd=1000g&tag_exp=101823848~101878899~101878944~101925629&u_w=1280&u_h=720&url=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&hn=www.googleadservices.com&frm=0&tiba=Mandela%20Invasion%20-%20Download&npa=0&pscdl=noapi&auid=1883251844.1730864384&uaa=x86&uab=64&uafvl=Chromium%3B106.0.5249.119%7CGoogle%2520Chrome%3B106.0.5249.119%7CNot%253BA%253DBrand%3B99.0.0.0&uamb=0&uam=&uap=Windows&uapv=0.1.0&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7d2L1QRPwRGK309tmrUfilgssTDVqQ0w&random=1838632606&rmt_tld=1&ipr=y

tls, http2

chrome.exe

2.3kB
6.4kB
13
14

HTTP Request

GET https://www.google.co.uk/pagead/1p-user-list/631321069/?random=1730864383908&cv=11&fst=1730862000000&bg=ffffff&guid=ON&async=1&gtm=45be4au0za200zb6335967&gcd=13l3l3l3l1l1&dma=0&tcfd=1000g&tag_exp=101823848~101878899~101878944~101925629&u_w=1280&u_h=720&url=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&hn=www.googleadservices.com&frm=0&tiba=Mandela%20Invasion%20-%20Download&npa=0&pscdl=noapi&auid=1883251844.1730864384&uaa=x86&uab=64&uafvl=Chromium%3B106.0.5249.119%7CGoogle%2520Chrome%3B106.0.5249.119%7CNot%253BA%253DBrand%3B99.0.0.0&uamb=0&uam=&uap=Windows&uapv=0.1.0&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7d2L1QRPwRGK309tmrUfilgssTDVqQ0w&random=1838632606&rmt_tld=1&ipr=y
4.153.129.168:443

b.clarity.ms

tls

chrome.exe

886 B
5.6kB
8
8
139.45.197.253:443

notix.io

tls

chrome.exe

1.8kB
3.5kB
12
13
13.74.129.1:443

c.clarity.ms

tls

chrome.exe

840 B
6.7kB
7
8
4.153.129.168:443

b.clarity.ms

tls

chrome.exe

886 B
5.7kB
8
9
4.153.129.168:443

b.clarity.ms

tls

chrome.exe

886 B
5.7kB
8
9
104.26.2.70:443

https://ad-delivery.net/px.gif?ch=1&e=0.7880864706028838

tls, http2

chrome.exe

1.8kB
4.9kB
13
13

HTTP Request

GET https://ad-delivery.net/px.gif?ch=2

HTTP Response

304

HTTP Request

GET https://ad-delivery.net/px.gif?ch=1&e=0.7880864706028838

HTTP Response

200
13.32.145.66:443

https://api.privacy-center.org/v1/events

tls, http2

chrome.exe

1.7kB
7.8kB
13
16

HTTP Request

OPTIONS https://api.privacy-center.org/v1/events

HTTP Response

204
108.156.255.231:443

https://aax.amazon-adsystem.com/e/dtb/bid?src=3177&u=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=8I2RjkVm6NN9p&cb=1&ws=1280x609&v=24.910.1025&t=1000&slots=%5B%7B%22sd%22%3A%22bottom-leaderboard-1__ad%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%2C%22468x60%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FProgrampage%2FBTF_Leaderboard_First%22%7D%2C%7B%22sd%22%3A%22bottom-mpu-2__ad%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%2C%22300x180%22%2C%22300x150%22%2C%22250x250%22%2C%22200x200%22%2C%22180x150%22%2C%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FProgrampage%2FBTF_MPU_Second%22%7D%5D&sm=4added60-a844-42c5-a4d9-a874909f5060&gdpre=1&gdprc=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

tls, http2

chrome.exe

3.5kB
8.3kB
15
18

HTTP Request

GET https://aax.amazon-adsystem.com/e/dtb/bid?src=3177&u=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=8I2RjkVm6NN9p&cb=0&ws=1280x609&v=24.910.1025&t=1000&slots=%5B%7B%22sd%22%3A%22top-mpu-1__ad%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%2C%22300x180%22%2C%22300x150%22%2C%22250x250%22%2C%22200x200%22%2C%22180x150%22%2C%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FProgrampage%2FATF_MPU_First%22%7D%2C%7B%22sd%22%3A%22top-leaderboard-1__ad%22%2C%22s%22%3A%5B%221x1%22%2C%22970x250%22%2C%22970x90%22%2C%22960x90%22%2C%22950x90%22%2C%22728x90%22%2C%22500x90%22%2C%22468x90%22%2C%22468x60%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FProgrampage%2FATF_Leaderboard_First%22%7D%2C%7B%22sd%22%3A%22td-top-mpu-bf__ad%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x180%22%2C%22250x250%22%2C%22200x200%22%2C%22180x150%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FProgrampage%2FATF_MPU%22%7D%5D&gdpre=1&gdprc=CQHqu8AQHqu8AAHABBENBOFgAAAAAAAgAAiQAAADugBADLAHcAKSgAwABBUQpABgACCog6ADAAEFRCEAGAAIKiBIAMAAQVEA.YAAAAAQAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

HTTP Response

200

HTTP Request

GET https://aax.amazon-adsystem.com/e/dtb/bid?src=3177&u=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=8I2RjkVm6NN9p&cb=1&ws=1280x609&v=24.910.1025&t=1000&slots=%5B%7B%22sd%22%3A%22bottom-leaderboard-1__ad%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%2C%22468x60%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FProgrampage%2FBTF_Leaderboard_First%22%7D%2C%7B%22sd%22%3A%22bottom-mpu-2__ad%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%2C%22300x180%22%2C%22300x150%22%2C%22250x250%22%2C%22200x200%22%2C%22180x150%22%2C%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FProgrampage%2FBTF_MPU_Second%22%7D%5D&sm=4added60-a844-42c5-a4d9-a874909f5060&gdpre=1&gdprc=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

HTTP Response

200
104.18.36.155:443

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

tls, http2

chrome.exe

6.6kB
7.1kB
16
14

HTTP Request

POST https://htlb.casalemedia.com/openrtb/pbjs?s=805152

HTTP Response

200

HTTP Request

GET https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

HTTP Response

302

HTTP Request

GET https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

302
34.120.63.153:443

https://prebid.media.net/rtb/prebid?cid=8CUQ9KO7A

tls, http2

chrome.exe

5.6kB
7.4kB
15
16

HTTP Request

POST https://prebid.media.net/rtb/prebid?cid=8CUQ9KO7A
63.34.96.164:443

https://ad.360yield.com/pb

tls, http2

chrome.exe

7.3kB
6.8kB
21
19

HTTP Request

POST https://ad.360yield.com/pb

HTTP Response

204

HTTP Request

POST https://ad.360yield.com/pb

HTTP Response

204
185.64.189.112:443

hbopenbid.pubmatic.com

tls

chrome.exe

1.0kB
4.9kB
10
11
148.251.40.213:443

shb.richaudience.com

tls

chrome.exe

932 B
4.5kB
9
9
148.251.40.213:443

shb.richaudience.com

tls

chrome.exe

932 B
4.5kB
9
9
148.251.40.213:443

shb.richaudience.com

tls

chrome.exe

932 B
4.5kB
9
9
3.251.12.140:443

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3DSOVRN%26ttl%3D720%26uid%3D4b30a0b1f289a261ab592e1e53c126eb%26visitor%3D%24UID%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

tls, http2

chrome.exe

9.0kB
8.9kB
26
26

HTTP Request

POST https://ap.lijit.com/rtb/bid?src=prebid_prebid_8.39.0

HTTP Response

200

HTTP Request

POST https://ap.lijit.com/rtb/bid?src=prebid_prebid_8.39.0

HTTP Response

200

HTTP Request

GET https://ap.lijit.com/beacon/amazon?url=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

HTTP Response

302

HTTP Request

GET https://ap.lijit.com/pixel?redir=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3DSOVRN%26ttl%3D720%26uid%3D4b30a0b1f289a261ab592e1e53c126eb%26visitor%3D%24UID%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

307
34.248.111.137:443

id.crwdcntrl.net

tls

chrome.exe

2.1kB
5.6kB
14
15
141.95.33.120:443

https://id5-sync.com/api/config/prebid

tls, http2

chrome.exe

2.0kB
3.7kB
14
12

HTTP Request

POST https://id5-sync.com/api/config/prebid

HTTP Response

200
141.95.33.120:443

https://id5-sync.com/g/v2/691.json

tls, http2

chrome.exe

5.3kB
9.4kB
24
24

HTTP Request

GET https://id5-sync.com/bounce

HTTP Response

200

HTTP Request

POST https://id5-sync.com/gm/v3

HTTP Response

200

HTTP Request

GET https://id5-sync.com/i/691/8.gif?o=api&id5id=ID5*rQ--ILpTWKZDAjheu8ulP7cu1PIRLHfz_IreTPL1xwzWA_cHfYKnGlwzsWbGlw4Q1gLoLyDS0mChWgoby3FF1tYGm8yEHpaY3k4MD3ZGaBXWCQVB6ml7dumui2xu1lQk1hS5UGxYZBOggu2_A_cC2tYcs9eH5-cixpk7nuvfyGrWIET81WZbmbLdcpLylmQ41jBt3aHFTT7pBZrySC5fZNY-FonvBfoKgiNWU4ygcUvWQNQsoUUTucFrrqKyvlAc1koqxRBmIueGi3U-4sYpyNZM8KUEyxSuMl1G9qqgL3o&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=true

HTTP Request

POST https://id5-sync.com/g/v2/691.json

HTTP Response

302

HTTP Response

200
172.217.16.226:443

https://partner.googleadservices.com/gampad/cookie.js?domain=mandela-invasion.en.softonic.com&client=softonic&product=SAS&callback=__sasCookie&cookie_types=v1%2Cv2

tls, http2

chrome.exe

1.8kB
6.6kB
13
13

HTTP Request

GET https://partner.googleadservices.com/gampad/cookie.js?domain=mandela-invasion.en.softonic.com&client=softonic&product=SAS&callback=__sasCookie&cookie_types=v1%2Cv2
185.255.84.150:443

https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&PageUrl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&PageReferrer=https%3A%2F%2Fwww.google.com%2F&CanonicalUrl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F

tls, http2

chrome.exe

4.2kB
8.1kB
15
14

HTTP Request

POST https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&PageUrl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&PageReferrer=https%3A%2F%2Fwww.google.com%2F&CanonicalUrl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F

HTTP Response

200
141.95.33.120:443

https://lb.eu-1-id5-sync.com/lb/v1

tls, http2

chrome.exe

1.9kB
4.9kB
16
14

HTTP Request

GET https://lb.eu-1-id5-sync.com/lb/v1

HTTP Response

200

HTTP Request

GET https://lb.eu-1-id5-sync.com/lb/v1

HTTP Response

200
104.18.35.167:443

cdn-ima.33across.com

tls

chrome.exe

909 B
4.8kB
8
7
18.173.233.95:443

https://tags.crwdcntrl.net/lt/c/16589/sync.min.js

tls, http2

chrome.exe

1.9kB
19.1kB
18
22

HTTP Request

GET https://tags.crwdcntrl.net/lt/c/16589/sync.min.js

HTTP Response

200
216.58.213.1:443

https://tpc.googlesyndication.com/sodar/sodar2.js

tls, http2

chrome.exe

2.3kB
16.8kB
19
22

HTTP Request

GET https://ccef6d972b1c35c2366959a06ee4e8d8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

HTTP Request

GET https://tpc.googlesyndication.com/sodar/sodar2.js
18.154.63.35:80

http://crt.rootg2.amazontrust.com/rootg2.cer

http

chrome.exe

366 B
1.9kB
5
4

HTTP Request

GET http://crt.rootg2.amazontrust.com/rootg2.cer

HTTP Response

200
104.26.7.141:443

https://cdn.btmessage.com/assets/bt-rlink-storage-DJolxq7O.html

tls, http2

chrome.exe

1.8kB
4.8kB
12
11

HTTP Request

GET https://cdn.btmessage.com/assets/bt-rlink-storage-DJolxq7O.html

HTTP Response

200
18.154.63.35:80

http://crt.rootg2.amazontrust.com/rootg2.cer

http

chrome.exe

366 B
1.9kB
5
4

HTTP Request

GET http://crt.rootg2.amazontrust.com/rootg2.cer

HTTP Response

200
18.154.63.35:80

http://crt.rootg2.amazontrust.com/rootg2.cer

http

chrome.exe

366 B
1.9kB
5
4

HTTP Request

GET http://crt.rootg2.amazontrust.com/rootg2.cer

HTTP Response

200
172.217.169.46:443

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

tls, http2

chrome.exe

1.9kB
8.9kB
14
13

HTTP Request

POST https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM
216.239.34.36:443

https://region1.analytics.google.com/g/collect?v=2&tid=G-R5K71YRXMV&gtm=45je4au0v877889940z86335967za200zb6335967&_p=1730864383161&_gaz=1&gcs=G111&gcd=13v3r3r3r5l1&npa=0&dma=0&tcfd=1000g&tag_exp=101823848~101878899~101878944~101925629&gdid=dMTc4Zm&cid=1213229484.1730864387&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Chromium%3B106.0.5249.119%7CGoogle%2520Chrome%3B106.0.5249.119%7CNot%253BA%253DBrand%3B99.0.0.0&uamb=0&uam=&uap=Windows&uapv=0.1.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1730864386&sct=1&seg=0&dl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&dr=https%3A%2F%2Fwww.google.com%2F&dt=Mandela%20Invasion%20-%20Download&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_type=program_page&ep.site_language=en&ep.google_click_id=&ep.test_variant=&ep.pv=1&ep.program_id=9a8d84f2-99bf-4a32-ae54-a4c6a4c22b40&ep.program_platform=windows&ep.program_category=games&ep.program_subcategory=strategy&ep.program_sources=&ep.program_review_source=kdci-new-review&ep.program_download_type=internal_download&ep.program_licence=free&ep.program_review_modification_date=2022-05-30&ep.program_opinions=yes&ep.program_review_publication_date=2022-02-08&ep.program_has_button_buy=no&ep.program_has_button_download=yes&ep.program_has_gallery=yes&ep.program_has_offer=no&epn.program_user_score=8.857142857142858&ep.google_compliant=yes&ep.program_name=Mandela%20Invasion&ep.vertical_id=&ep.ecosystem_id=&ep.ad_session_id=88d12145-64c4-4cdf-8dc4-1d33a1ebfa13&ep.program_review_vecna=false&ep.w_signal=unknown%2CTOO.MNY.REQ&tfd=4095

tls, http2

chrome.exe

2.9kB
7.0kB
14
13

HTTP Request

POST https://region1.analytics.google.com/g/collect?v=2&tid=G-R5K71YRXMV&gtm=45je4au0v877889940z86335967za200zb6335967&_p=1730864383161&_gaz=1&gcs=G111&gcd=13v3r3r3r5l1&npa=0&dma=0&tcfd=1000g&tag_exp=101823848~101878899~101878944~101925629&gdid=dMTc4Zm&cid=1213229484.1730864387&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Chromium%3B106.0.5249.119%7CGoogle%2520Chrome%3B106.0.5249.119%7CNot%253BA%253DBrand%3B99.0.0.0&uamb=0&uam=&uap=Windows&uapv=0.1.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1730864386&sct=1&seg=0&dl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&dr=https%3A%2F%2Fwww.google.com%2F&dt=Mandela%20Invasion%20-%20Download&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_type=program_page&ep.site_language=en&ep.google_click_id=&ep.test_variant=&ep.pv=1&ep.program_id=9a8d84f2-99bf-4a32-ae54-a4c6a4c22b40&ep.program_platform=windows&ep.program_category=games&ep.program_subcategory=strategy&ep.program_sources=&ep.program_review_source=kdci-new-review&ep.program_download_type=internal_download&ep.program_licence=free&ep.program_review_modification_date=2022-05-30&ep.program_opinions=yes&ep.program_review_publication_date=2022-02-08&ep.program_has_button_buy=no&ep.program_has_button_download=yes&ep.program_has_gallery=yes&ep.program_has_offer=no&epn.program_user_score=8.857142857142858&ep.google_compliant=yes&ep.program_name=Mandela%20Invasion&ep.vertical_id=&ep.ecosystem_id=&ep.ad_session_id=88d12145-64c4-4cdf-8dc4-1d33a1ebfa13&ep.program_review_vecna=false&ep.w_signal=unknown%2CTOO.MNY.REQ&tfd=4095
66.102.1.154:443

https://stats.g.doubleclick.net/g/collect?v=2&tid=G-R5K71YRXMV&cid=1213229484.1730864387&gtm=45je4au0v877889940z86335967za200zb6335967&aip=1&dma=0&gcs=G111&gcd=13v3r3r3r5l1&npa=0&frm=0&tag_exp=101823848~101878899~101878944~101925629

tls, http2

chrome.exe

2.2kB
7.2kB
15
14

HTTP Request

POST https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-152357-1&cid=1213229484.1730864387&jid=33771198&gjid=1505923489&_gid=937552829.1730864387&_u=YCHAgEABAAQCAGAAI~&z=1005793472

HTTP Request

POST https://stats.g.doubleclick.net/g/collect?v=2&tid=G-R5K71YRXMV&cid=1213229484.1730864387&gtm=45je4au0v877889940z86335967za200zb6335967&aip=1&dma=0&gcs=G111&gcd=13v3r3r3r5l1&npa=0&frm=0&tag_exp=101823848~101878899~101878944~101925629
35.71.131.137:443

match.adsrvr.org

tls

chrome.exe

932 B
4.5kB
9
7
66.102.1.154:443

stats.g.doubleclick.net

tls

chrome.exe

931 B
4.8kB
9
7
172.217.169.67:443

https://beacons.gcp.gvt2.com/domainreliability/upload

tls, http2

chrome.exe

2.9kB
6.6kB
15
15

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload
142.250.180.1:443

https://cdn.ampproject.org/rtv/012406241625000/v0/amp-form-0.1.mjs

tls, http2

chrome.exe

4.3kB
125.0kB
63
98

HTTP Request

GET https://cdn.ampproject.org/rtv/012406241625000/amp4ads-v0.mjs

HTTP Request

GET https://cdn.ampproject.org/rtv/012406241625000/v0/amp-ad-exit-0.1.mjs

HTTP Request

GET https://cdn.ampproject.org/rtv/012406241625000/v0/amp-analytics-0.1.mjs

HTTP Request

GET https://cdn.ampproject.org/rtv/012406241625000/v0/amp-fit-text-0.1.mjs

HTTP Request

GET https://cdn.ampproject.org/rtv/012406241625000/v0/amp-form-0.1.mjs
142.250.180.1:443

cdn.ampproject.org

tls, http2

chrome.exe

1.1kB
12.8kB
12
13
142.250.180.1:443

cdn.ampproject.org

tls, http2

chrome.exe

1.1kB
12.8kB
12
13
142.250.180.1:443

cdn.ampproject.org

tls, http2

chrome.exe

1.1kB
12.8kB
12
13
142.250.180.1:443

cdn.ampproject.org

tls, http2

chrome.exe

1.1kB
12.8kB
12
13
185.64.189.112:443

hbopenbid.pubmatic.com

tls

chrome.exe

1.0kB
4.9kB
10
11
148.251.40.213:443

shb.richaudience.com

tls

chrome.exe

886 B
4.5kB
8
9
148.251.40.213:443

shb.richaudience.com

tls

chrome.exe

886 B
4.5kB
8
9
52.95.122.74:443

https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=2333261018016514337000

tls, http

chrome.exe

9.1kB
17.1kB
24
27

HTTP Request

GET https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&dl=gg_n-index_n-onetag_pm-db5_smrt_sovrn_3lift

HTTP Response

302

HTTP Request

GET https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&dl=gg_n-index_n-onetag_pm-db5_smrt_sovrn_3lift&dcc=t

HTTP Response

200

HTTP Request

GET https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=gg_n-index_n-onetag_pm-db5_smrt_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

HTTP Response

200

HTTP Request

GET https://aax-eu.amazon-adsystem.com/s/ecm3?gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&ex=index.com&id=ZyrlBbmqPkgAAGCeAgrT-wAAE7oAAAAB

HTTP Response

200

HTTP Request

GET https://aax-eu.amazon-adsystem.com/s/ecm3?id=Jno7ABZHcfCkY9miSFGVuR2Y&ex=sovrn.com&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

200

HTTP Request

GET https://aax-eu.amazon-adsystem.com/s/ecm3?ex=gg.com&id=e_1e527246-1ff7-4792-8838-14ef0c433cb2

HTTP Response

200

HTTP Request

GET https://aax-eu.amazon-adsystem.com/s/ecm3?ex=3lift.com&id=2333261018016514337000

HTTP Response

200
51.89.9.253:443

onetag-sys.com

tls

chrome.exe

863 B
2.9kB
7
5
54.229.148.225:443

rtb.gumgum.com

tls

chrome.exe

2.2kB
8.3kB
15
17
23.219.196.188:443

ads.pubmatic.com

tls

chrome.exe

4.1kB
30.0kB
27
38
35.71.131.137:443

match.adsrvr.org

tls

chrome.exe

886 B
4.5kB
8
8
142.250.187.194:443

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZyrlBbmqPkgAAGCeAgrT-wAAE7oAAAAB&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&us_privacy=&gdpr=1&gpp=&gpp_sid=

tls, http2

chrome.exe

2.2kB
7.6kB
14
14

HTTP Request

GET https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZyrlBbmqPkgAAGCeAgrT-wAAE7oAAAAB&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&us_privacy=&gdpr=1&gpp=&gpp_sid=
98.82.157.231:443

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&id=ZyrlBbmqPkgAAGCeAgrT-wAAE7oAAAAB&gpp=&gpp_sid=

tls, http

chrome.exe

2.2kB
7.7kB
12
13

HTTP Request

GET https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&id=ZyrlBbmqPkgAAGCeAgrT-wAAE7oAAAAB&gpp=&gpp_sid=

HTTP Response

200
37.157.4.29:443

c1.adform.net

tls

chrome.exe

886 B
5.2kB
8
9
3.209.70.78:443

sync.srv.stackadapt.com

tls

chrome.exe

4.9kB
10.3kB
17
17
185.89.210.82:443

secure.adnxs.com

tls

chrome.exe

4.5kB
11.9kB
20
19
178.32.210.230:443

ssbsync.smartadserver.com

tls

chrome.exe

909 B
3.9kB
8
6
35.214.136.108:443

x.bidswitch.net

tls

chrome.exe

909 B
3.4kB
8
7
52.48.206.11:443

https://ce.lijit.com/merge?pid=84&3pid=c:09e3e7b95390c57eaea582f5382fd7f4

tls, http2

chrome.exe

2.5kB
7.6kB
17
18

HTTP Request

GET https://ce.lijit.com/beacon/amazon?url=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

HTTP Response

200

HTTP Request

GET https://ce.lijit.com/merge?pid=84&3pid=c:09e3e7b95390c57eaea582f5382fd7f4

HTTP Response

204
76.223.111.18:443

https://eb2.3lift.com/getuid?ld=1&gdpr=1&cmp_cs=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&us_privacy=&redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID

tls, http2

chrome.exe

2.7kB
9.8kB
18
19

HTTP Request

GET https://eb2.3lift.com/getuid?redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

HTTP Response

302

HTTP Request

GET https://eb2.3lift.com/getuid?ld=1&gdpr=1&cmp_cs=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&us_privacy=&redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID

HTTP Response

302
35.214.136.108:443

x.bidswitch.net

tls

chrome.exe

863 B
3.4kB
7
7
35.71.131.137:443

match.adsrvr.org

tls

chrome.exe

886 B
4.5kB
8
9
37.157.4.29:443

c1.adform.net

tls

chrome.exe

886 B
5.2kB
8
9
3.209.70.78:443

sync.srv.stackadapt.com

tls

chrome.exe

884 B
420 B
7
6
35.214.136.108:443

x.bidswitch.net

tls

chrome.exe

863 B
3.4kB
7
7
211.120.53.204:443

tg.socdm.com

tls

chrome.exe

886 B
3.5kB
8
6
185.184.8.90:443

creativecdn.com

tls

chrome.exe

863 B
3.6kB
7
6
34.98.64.218:443

us-u.openx.net

tls

chrome.exe

961 B
4.8kB
9
8
185.184.8.90:443

creativecdn.com

tls

chrome.exe

863 B
3.6kB
7
6
34.248.206.39:443

pr-bh.ybp.yahoo.com

tls

chrome.exe

2.1kB
5.0kB
15
14
52.0.8.114:443

sync.ipredictive.com

tls

chrome.exe

2.3kB
6.5kB
12
11
35.171.195.136:443

aorta.clickagy.com

tls

chrome.exe

2.2kB
6.8kB
14
14
198.47.127.19:443

image6.pubmatic.com

tls

chrome.exe

1.0kB
4.9kB
10
11
69.173.156.148:443

https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

tls, http

chrome.exe

2.1kB
5.0kB
13
15

HTTP Request

GET https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

204
64.74.236.255:443

b1sync.zemanta.com

tls

chrome.exe

909 B
3.8kB
8
5
91.228.74.159:443

cms.quantserve.com

tls

chrome.exe

2.0kB
4.1kB
12
11
38.91.45.7:443

https://match.deepintent.com/usersync/142?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D

tls, http2

chrome.exe

1.8kB
6.8kB
13
13

HTTP Request

GET https://match.deepintent.com/usersync/142?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D

HTTP Response

200
178.32.210.230:443

ssbsync.smartadserver.com

tls

chrome.exe

863 B
3.9kB
7
6
208.93.169.131:443

bh.contextweb.com

tls

chrome.exe

961 B
5.4kB
9
8
211.120.53.204:443

tg.socdm.com

tls

chrome.exe

886 B
3.5kB
8
6
104.18.38.76:443

https://js-sec.indexww.com/um/ixmatch.html

tls, http2

chrome.exe

1.8kB
5.1kB
13
13

HTTP Request

GET https://js-sec.indexww.com/um/ixmatch.html

HTTP Response

200
92.123.240.21:443

https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUQ9KO7A&prvid=2034%2C2033%2C2055%2C2030%2C3020%2C251%2C331%2C233%2C2027%2C236%2C313%2C237%2C319%2C97%2C55%2C77%2C20000%2C3012%2C3011%2C182%2C460%2C462%2C201%2C246%2C126%2C203%2C108&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=1&gdprstring=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&coppa=0&usp_status=0&usp_consent=1

tls, http2

chrome.exe

2.5kB
18.7kB
19
24

HTTP Request

GET https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUQ9KO7A&prvid=2034%2C2033%2C2055%2C2030%2C3020%2C251%2C331%2C233%2C2027%2C236%2C313%2C237%2C319%2C97%2C55%2C77%2C20000%2C3012%2C3011%2C182%2C460%2C462%2C201%2C246%2C126%2C203%2C108&itype=PREBID&purpose1=1&gdprconsent=1&gdpr=1&gdprstring=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&coppa=0&usp_status=0&usp_consent=1

HTTP Response

200
23.215.239.190:443

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=medianet

tls, http2

chrome.exe

2.0kB
5.5kB
16
18

HTTP Request

GET https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum

HTTP Response

301

HTTP Request

GET https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=medianet

HTTP Response

301
148.251.20.249:443

sync.richaudience.com

tls

chrome.exe

955 B
4.7kB
9
10
185.255.84.153:443

https://visitor.omnitagjs.com/visitor/sync?name=RISE_CODES&ttl=720&uid=48b439bcf2930e6408d6e795f7f1cdd2&visitor=ocN42TY9kp_s&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

tls, http2

chrome.exe

6.7kB
11.5kB
29
26

HTTP Request

GET https://visitor.omnitagjs.com/visitor/isync?uid=19340f4f097d16f41f34fc0274981ca4&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

200

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?name=Xandr+%E2%80%93+Invest+DSP&ttl=720&uid=48d5713d5c563cba2049f505b2d944b6&visitor=7743239598165122675&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?name=Xandr+%E2%80%93+Invest+DSP+-+Banner&ttl=720&uid=75d56568a11564bfb79a01d2fa9fdb29&visitor=7743239598165122675&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?name=SOVRN&ttl=720&uid=4b30a0b1f289a261ab592e1e53c126eb&visitor=Jno7ABZHcfCkY9miSFGVuR2Y&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?uid=74a1ec3b61e72925193cfceeea1b0608&visitor=0-4b0f4650-bb81-5838-5502-a4aae365672c$ip$138.199.29.44&name=STACKADAPT&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?name=NATIVO&ttl=720&uid=0544850a0778385701c6899403bef718&visitor=NTV_USER_ID&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?uid=68c72dd412a8d0f3f6d2276db2509939&name=LOOPME&visitor=630e474c-39b1-4e7e-971f-617b8538d734&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?name=BIDINFLUENCE&uid=73a6fc4f48ca80f3b6c9454f77a18d8b&visitor=9bae63b62cd7a938f32556c5c6b6c3f3

HTTP Response

200

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?name=NEXXEN&ttl=720&uid=146e9da1fca8f0ce5e1ef0b5909cc4cd&visitor=RX-d6b290a7-9475-476c-9e96-018d198e6827-003&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

200

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?name=RISE_CODES&ttl=720&uid=48b439bcf2930e6408d6e795f7f1cdd2&visitor=ocN42TY9kp_s&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

200
34.247.233.198:443

https://usersync.gumgum.com/usersync?b=apn&i=7743239598165122675

tls, http

chrome.exe

1.9kB
6.6kB
13
16

HTTP Request

GET https://usersync.gumgum.com/usersync?b=apn&i=7743239598165122675

HTTP Response

200
34.247.233.198:443

https://usersync.gumgum.com/usersync?b=sta&i=Sw9GULuBWDhVAqSq42VnLIrHHSw

tls, http

chrome.exe

1.9kB
6.6kB
13
16

HTTP Request

GET https://usersync.gumgum.com/usersync?b=sta&i=Sw9GULuBWDhVAqSq42VnLIrHHSw

HTTP Response

200
35.214.136.108:443

x.bidswitch.net

tls

chrome.exe

863 B
3.4kB
7
7
92.123.242.2:443

https://eus.rubiconproject.com/usync.js

tls, http2

chrome.exe

2.5kB
18.0kB
23
30

HTTP Request

GET https://eus.rubiconproject.com/usync.html?p=gumgum

HTTP Request

GET https://eus.rubiconproject.com/usync.html?p=medianet

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://eus.rubiconproject.com/usync.js

HTTP Response

200
51.89.9.253:443

onetag-sys.com

tls

chrome.exe

863 B
2.9kB
7
5
35.71.131.137:443

match.adsrvr.org

tls

chrome.exe

886 B
4.5kB
8
7
67.202.105.24:443

https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0015a00003HljHyAAJ&ru=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3D33ACROSS%26ttl%3D720%26uid%3D2f9442d7df2189f76c8b593d5f54ce95%26visitor%3D33XUSERID33X%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

tls, http2

chrome.exe

2.5kB
7.1kB
15
14

HTTP Request

GET https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0015a00003HljHyAAJ&ru=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3D33ACROSS%26ttl%3D720%26uid%3D2f9442d7df2189f76c8b593d5f54ce95%26visitor%3D33XUSERID33X%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

204
3.209.5.252:443

api-2-0.spot.im

tls

chrome.exe

1.9kB
6.4kB
14
14
178.32.210.230:443

ssbsync.smartadserver.com

tls

chrome.exe

863 B
3.9kB
7
6
8.2.108.175:443

bc-sync.com

chrome.exe

152 B
120 B
3
3
46.228.174.117:443

sync.1rx.io

tls

chrome.exe

2.6kB
9.9kB
15
14
3.212.168.182:443

cs-server-s2s.yellowblue.io

tls

chrome.exe

2.6kB
9.5kB
16
18
2.20.12.70:443

https://player.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html?pid=62f53b2c7850d0786f227f64&r=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3DANIVIEW%26ttl%3D720%26uid%3De8ecb87ff2ef3a3b16ba16c51e7986ac%26visitor%3D%5BAV_UID%5D%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

tls, http

chrome.exe

2.7kB
7.4kB
12
13

HTTP Request

GET https://player.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html?pid=62f53b2c7850d0786f227f64&r=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3DANIVIEW%26ttl%3D720%26uid%3De8ecb87ff2ef3a3b16ba16c51e7986ac%26visitor%3D%5BAV_UID%5D%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

200
92.123.242.2:443

eus.rubiconproject.com

tls

chrome.exe

1.1kB
4.7kB
10
10
8.2.108.175:443

bc-sync.com

chrome.exe

152 B
120 B
3
3
3.209.5.252:443

api-2-0.spot.im

tls

chrome.exe

1.1kB
6.2kB
11
11
46.228.174.117:443

sync.1rx.io

tls

chrome.exe

1.1kB
6.7kB
10
9
35.214.205.154:443

https://csync.loopme.me/?pubid=11480&redirect=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fuid%3D68c72dd412a8d0f3f6d2276db2509939%26name%3DLOOPME%26visitor%3D%7Bdevice_id%7D&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

tls, http2

chrome.exe

2.0kB
5.0kB
12
11

HTTP Request

GET https://csync.loopme.me/?pubid=11480&redirect=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fuid%3D68c72dd412a8d0f3f6d2276db2509939%26name%3DLOOPME%26visitor%3D%7Bdevice_id%7D&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

307
185.64.191.214:443

image8.pubmatic.com

tls

chrome.exe

955 B
4.9kB
9
11
204.62.12.209:443

https://sync-service.net/ssp?token=0K3iZk8wcIw5&pl=bi&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

tls, http

chrome.exe

2.0kB
4.6kB
9
10

HTTP Request

GET https://sync-service.net/ssp?token=0K3iZk8wcIw5&pl=bi&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

302
52.31.108.193:443

jadserve.postrelease.com

tls

chrome.exe

2.5kB
7.1kB
14
15
2.23.220.28:443

https://cs.media.net/cksync?type=g&cs=8&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&google_gid=CAESEIX401_NKXS-u7-kU4MVVmw&google_cver=1

tls, http2

chrome.exe

2.7kB
25.4kB
24
32

HTTP Request

GET https://hbx.media.net/pubcid.php?itype=HB&cb=window.advBidxc.mnetCoRtusId

HTTP Response

200

HTTP Request

GET https://cs.media.net/cksync?type=g&cs=8&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&google_gid=CAESEIX401_NKXS-u7-kU4MVVmw&google_cver=1

HTTP Response

200
178.250.1.11:443

gum.criteo.com

tls

chrome.exe

909 B
3.4kB
8
5
35.244.174.68:443

https://id.rlcdn.com/711333.gif?&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

tls, http2

chrome.exe

2.0kB
7.5kB
14
15

HTTP Request

GET https://id.rlcdn.com/711333.gif?&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA
34.98.64.218:443

us-u.openx.net

tls

chrome.exe

909 B
3.6kB
8
7
35.214.136.108:443

x.bidswitch.net

tls

chrome.exe

863 B
3.4kB
7
6
35.71.131.137:443

match.adsrvr.org

tls

chrome.exe

886 B
4.5kB
8
7
2.23.220.28:443

https://c21lg-d.media.net/log?logid=kfk&evtid=cs&origin=1&pvgid=data-con&ovsid=0420b624-c0f5-4dca-8cf5-bc06d32ba0e6&cs=15&vsid=3738659910494091000V10

tls, http

chrome.exe

2.9kB
6.5kB
13
16

HTTP Request

GET https://c21lg-d.media.net/log?logid=kfk&evtid=cs&del=1&vsid=3738659910494091000V10&origin=1&flt=0&pvgid[]=data-p&pvgid[]=data-b&pvgid[]=data-t&pvgid[]=data-sov&pvgid[]=data-r1&pvgid[]=data-pb&pvgid[]=data-k&pvgid[]=data-tx&pvgid[]=data-ct&pvgid[]=data-xu

HTTP Response

200

HTTP Request

GET https://c21lg-d.media.net/log?logid=kfk&evtid=cs&origin=1&pvgid=data-con&ovsid=0420b624-c0f5-4dca-8cf5-bc06d32ba0e6&cs=15&vsid=3738659910494091000V10

HTTP Response

200
192.132.33.69:443

bttrack.com

tls

chrome.exe

2.5kB
9.5kB
19
24
192.132.33.69:443

bttrack.com

tls

chrome.exe

1.2kB
8.6kB
12
15
172.240.45.96:443

sync.aniview.com

tls

chrome.exe

955 B
4.5kB
9
8
89.207.16.204:443

medianet-match.dotomi.com

tls

chrome.exe

909 B
3.7kB
8
7
69.173.156.149:443

https://token.rubiconproject.com/khaos.json?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

tls, http

chrome.exe

4.1kB
6.5kB
16
19

HTTP Request

GET https://token.rubiconproject.com/khaos.json?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

HTTP Response

200

HTTP Request

GET https://token.rubiconproject.com/khaos.json?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

HTTP Response

200

HTTP Request

GET https://token.rubiconproject.com/khaos.json?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

HTTP Response

200
178.250.1.9:443

dis.criteo.com

tls

chrome.exe

915 B
4.0kB
8
6
46.228.174.117:443

sync.targeting.unrulymedia.com

tls

chrome.exe

2.3kB
6.9kB
14
13
185.89.210.82:443

secure.adnxs.com

tls

chrome.exe

2.4kB
3.1kB
12
10
23.215.239.190:443

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17184&endpoint=us-east

tls, http2

chrome.exe

1.9kB
1.4kB
12
13

HTTP Request

GET https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17184&endpoint=us-east

HTTP Response

301
172.240.45.96:443

sync.aniview.com

tls

chrome.exe

955 B
4.5kB
9
9
92.123.242.2:443

https://eus.rubiconproject.com/usync.html?p=17184&endpoint=us-east

tls, http2

chrome.exe

1.9kB
1.7kB
12
14

HTTP Request

GET https://eus.rubiconproject.com/usync.html?p=17184&endpoint=us-east

HTTP Response

200
34.36.216.150:443

pixel-sync.sitescout.com

tls

chrome.exe

909 B
3.5kB
8
6
34.247.233.198:443

https://usersync.gumgum.com/usersync?b=vnt&i=0f888dcc-cb3e-4d62-917c-cb57b8329fc4

tls, http

chrome.exe

1.9kB
6.9kB
13
17

HTTP Request

GET https://usersync.gumgum.com/usersync?b=vnt&i=0f888dcc-cb3e-4d62-917c-cb57b8329fc4

HTTP Response

200
35.214.136.108:443

x.bidswitch.net

tls

chrome.exe

863 B
3.4kB
7
7
35.214.136.108:443

x.bidswitch.net

tls

chrome.exe

863 B
3.4kB
7
6
3.251.12.140:443

https://ap.lijit.com/pixel?gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&redir=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11607%26uid%3D%24UID

tls, http2

chrome.exe

2.7kB
1.8kB
14
12

HTTP Request

GET https://ap.lijit.com/pixel?us_privacy=&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&redir=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D%26biddername%3D18%26key%3D%24UID

HTTP Response

307

HTTP Request

GET https://ap.lijit.com/pixel?gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&redir=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11607%26uid%3D%24UID

HTTP Response

307
172.240.45.96:443

sync.aniview.com

tls

chrome.exe

909 B
4.5kB
8
9
198.47.127.19:443

image6.pubmatic.com

tls

chrome.exe

1.0kB
4.9kB
10
11
178.32.210.230:443

ssbsync.smartadserver.com

tls

chrome.exe

863 B
3.9kB
7
6
35.214.136.108:443

x.bidswitch.net

tls

chrome.exe

863 B
3.4kB
7
7
35.71.131.137:443

match.adsrvr.org

tls

chrome.exe

886 B
4.5kB
8
8
35.214.205.154:443

https://csync.loopme.me/?pubid=11362&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&redirect=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11571%26id%3D%7Bdevice_id%7D

tls, http2

chrome.exe

2.5kB
2.8kB
12
13

HTTP Request

GET https://csync.loopme.me/?pubid=11466&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D24%26external_user_id%3D%7Bviewer_token%7D&us_privacy=&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gpp=&gpp_sid=

HTTP Response

307

HTTP Request

GET https://csync.loopme.me/?pubid=11362&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&redirect=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11571%26id%3D%7Bdevice_id%7D

HTTP Response

307
63.215.202.140:443

casale-match.dotomi.com

tls

chrome.exe

863 B
3.6kB
7
6
151.101.130.49:443

sync-tm.everesttech.net

tls

chrome.exe

886 B
5.1kB
8
9
104.18.38.76:443

https://cdn.indexww.com/ht/htw-pixel.gif?ZyrlBbmqPkgAAGCeAgrT.wAA%265050=&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

tls, http2

chrome.exe

1.9kB
3.7kB
12
10

HTTP Request

GET https://cdn.indexww.com/ht/htw-pixel.gif?ZyrlBbmqPkgAAGCeAgrT.wAA%265050=&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

200
3.248.27.53:443

pm.w55c.net

tls

chrome.exe

3.3kB
9.1kB
12
13
34.246.139.66:443

match.prod.bidr.io

tls

chrome.exe

3.1kB
6.5kB
12
10
208.93.169.131:443

bh.contextweb.com

tls

chrome.exe

909 B
4.9kB
8
7
185.64.191.214:443

image8.pubmatic.com

tls

chrome.exe

1.0kB
4.9kB
10
11
18.195.234.25:443

match.sharethrough.com

tls

chrome.exe

863 B
3.5kB
7
5
3.212.168.182:443

cs-server-s2s.yellowblue.io

tls

chrome.exe

2.7kB
1.9kB
15
13
2.20.12.107:443

https://cdn-download.avgbrowser.com/avg/avg_secure_browser_setup.exe?nouac=1&cid=9228

tls, http

chrome.exe

110.1kB
6.3MB
2363
4541

HTTP Request

GET https://cdn-download.avgbrowser.com/avg/avg_secure_browser_setup.exe?nouac=1&cid=9228

HTTP Response

200
2.20.12.107:443

cdn-download.avgbrowser.com

tls

chrome.exe

1.1kB
5.6kB
10
11
104.26.7.141:443

cdn.btmessage.com

tls, http2

chrome.exe

940 B
1.5kB
7
6
108.157.7.75:443

c.amazon-adsystem.com

tls, http2

chrome.exe

897 B
734 B
7
7
150.171.28.10:443

bat.bing.com

tls

chrome.exe

1.3kB
7.9kB
9
13
13.107.246.65:443

https://www.clarity.ms/tag/n22abp4c18

tls, http2

chrome.exe

2.4kB
1.9kB
11
10

HTTP Request

GET https://www.clarity.ms/tag/n22abp4c18

HTTP Response

200
163.70.151.21:443

connect.facebook.net

tls

chrome.exe

2.9kB
69.8kB
39
58
104.22.75.216:443

https://btloader.com/tag?o=5633429348548608&upapi=true

tls, http2

chrome.exe

1.6kB
1.4kB
10
9

HTTP Request

GET https://btloader.com/tag?o=5633429348548608&upapi=true

HTTP Response

304
108.156.255.231:443

https://aax.amazon-adsystem.com/e/dtb/bid?src=3177&u=https%3A%2F%2Fen.softonic.com%2Fdownload%2Fmandela-invasion%2Fwindows%2Fpost-download&pid=v4UIsHqAp4snf&cb=0&ws=1280x552&v=24.910.1025&t=1000&slots=%5B%7B%22sd%22%3A%22top-mpu-2__ad%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%2C%22300x180%22%2C%22300x150%22%2C%22250x250%22%2C%22200x200%22%2C%22180x150%22%2C%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FPostDownload%2FATF_MPU_Second%22%7D%2C%7B%22sd%22%3A%22top-leaderboard-1__ad%22%2C%22s%22%3A%5B%221x1%22%2C%22970x250%22%2C%22970x90%22%2C%22960x90%22%2C%22950x90%22%2C%22728x90%22%2C%22500x90%22%2C%22468x90%22%2C%22468x60%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FPostDownload%2FATF_Leaderboard_First%22%7D%2C%7B%22sd%22%3A%22td-top-mpu-bf__ad%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x180%22%2C%22250x250%22%2C%22200x200%22%2C%22180x150%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FPostDownload%2FATF_MPU%22%7D%5D&pj=%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22platform%22%3A%7B%22brand%22%3A%22Windows%22%7D%2C%22browsers%22%3A%5B%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%5B%22106%22%5D%7D%2C%7B%22brand%22%3A%22Google+Chrome%22%2C%22version%22%3A%5B%22106%22%5D%7D%2C%7B%22brand%22%3A%22Not%3BA%3DBrand%22%2C%22version%22%3A%5B%2299%22%5D%7D%5D%7D%7D%7D&sm=9ab0359c-cdc4-4111-87ee-a11cf8dd16ca&gdpre=1&gdprc=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

tls, http2

chrome.exe

5.3kB
3.6kB
18
19

HTTP Request

GET https://aax.amazon-adsystem.com/e/dtb/bid?src=3177&u=https%3A%2F%2Fmandela-invasion.en.softonic.com%2Fdownload&pr=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&pid=F65XXwizcbQuS&cb=0&ws=1280x552&v=24.910.1025&t=1000&slots=%5B%7B%22sd%22%3A%22top-mpu-1__ad%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%2C%22300x180%22%2C%22300x150%22%2C%22250x250%22%2C%22200x200%22%2C%22180x150%22%2C%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FDownload%2FATF_MPU_First%22%7D%2C%7B%22sd%22%3A%22top-leaderboard-1__ad%22%2C%22s%22%3A%5B%221x1%22%2C%22970x250%22%2C%22970x90%22%2C%22960x90%22%2C%22950x90%22%2C%22728x90%22%2C%22500x90%22%2C%22468x90%22%2C%22468x60%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FDownload%2FATF_Leaderboard_First%22%7D%2C%7B%22sd%22%3A%22td-top-mpu-bf__ad%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x180%22%2C%22250x250%22%2C%22200x200%22%2C%22180x150%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FDownload%2FATF_MPU%22%7D%5D&sm=4added60-a844-42c5-a4d9-a874909f5060&gdpre=1&gdprc=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

HTTP Response

200

HTTP Request

GET https://aax.amazon-adsystem.com/e/dtb/bid?src=3177&u=https%3A%2F%2Fmandela-invasion.en.softonic.com%2Fdownload&pr=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&pid=F65XXwizcbQuS&cb=1&ws=1280x552&v=24.910.1025&t=1000&slots=%5B%7B%22sd%22%3A%22bottom-leaderboard-1__ad%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%2C%22468x60%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FDownload%2FBTF_Leaderboard_First%22%7D%5D&sm=4added60-a844-42c5-a4d9-a874909f5060&gdpre=1&gdprc=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&vm=%7B%22ids%22%3A%7B%22id5%22%3A%22ID5*PQaQzypadknTCxaxK8KL0Ccn-h2BJVkcbIPwo2L86ePWA20snZ5npnV9pTaFOcoE1gKBgs3RvLAE0UDoSKADGdYGt388ta-x906GccY3xCTWCQbECCR86Z96mYSBoUoh1hSOzw99JFRrkHOZqbY7vdYcNL-Ofil0LA9RLwIy3wPWICoti5MaDuwZgnHvzulf1jC2W6BgGgJBcRSK5gNQwtY-_whFlMgpYhD6kOscYrPWQHUcUFYzD27TwoECqkbp1kq4beCWJn_9lmIqvoY4BtZMI7XenJ2_zuQm_cPP784%22%7D%7D

HTTP Response

200

HTTP Request

GET https://aax.amazon-adsystem.com/e/dtb/bid?src=3177&u=https%3A%2F%2Fen.softonic.com%2Fdownload%2Fmandela-invasion%2Fwindows%2Fpost-download&pid=v4UIsHqAp4snf&cb=0&ws=1280x552&v=24.910.1025&t=1000&slots=%5B%7B%22sd%22%3A%22top-mpu-2__ad%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%2C%22300x180%22%2C%22300x150%22%2C%22250x250%22%2C%22200x200%22%2C%22180x150%22%2C%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FPostDownload%2FATF_MPU_Second%22%7D%2C%7B%22sd%22%3A%22top-leaderboard-1__ad%22%2C%22s%22%3A%5B%221x1%22%2C%22970x250%22%2C%22970x90%22%2C%22960x90%22%2C%22950x90%22%2C%22728x90%22%2C%22500x90%22%2C%22468x90%22%2C%22468x60%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FPostDownload%2FATF_Leaderboard_First%22%7D%2C%7B%22sd%22%3A%22td-top-mpu-bf__ad%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x180%22%2C%22250x250%22%2C%22200x200%22%2C%22180x150%22%5D%2C%22sn%22%3A%22%2F5302%2Fdesktop%2Fdesktop-Web-en%2FApps%2FPostDownload%2FATF_MPU%22%7D%5D&pj=%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22platform%22%3A%7B%22brand%22%3A%22Windows%22%7D%2C%22browsers%22%3A%5B%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%5B%22106%22%5D%7D%2C%7B%22brand%22%3A%22Google+Chrome%22%2C%22version%22%3A%5B%22106%22%5D%7D%2C%7B%22brand%22%3A%22Not%3BA%3DBrand%22%2C%22version%22%3A%5B%2299%22%5D%7D%5D%7D%7D%7D&sm=9ab0359c-cdc4-4111-87ee-a11cf8dd16ca&gdpre=1&gdprc=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

HTTP Response

200
185.64.189.112:443

hbopenbid.pubmatic.com

tls

chrome.exe

1.0kB
4.9kB
10
11
63.34.96.164:443

https://ad.360yield.com/pb

tls, http2

chrome.exe

9.6kB
2.0kB
22
18

HTTP Request

POST https://ad.360yield.com/pb

HTTP Response

400

HTTP Request

POST https://ad.360yield.com/pb

HTTP Response

204

HTTP Request

POST https://ad.360yield.com/pb

HTTP Response

400
148.251.40.213:443

shb.richaudience.com

tls

chrome.exe

886 B
4.5kB
8
9
148.251.40.213:443

shb.richaudience.com

tls

chrome.exe

886 B
4.5kB
8
9
148.251.40.213:443

shb.richaudience.com

tls

chrome.exe

886 B
4.5kB
8
9
3.251.12.140:443

https://ap.lijit.com/rtb/bid?src=prebid_prebid_8.39.0

tls, http2

chrome.exe

11.3kB
7.8kB
32
26

HTTP Request

POST https://ap.lijit.com/rtb/bid?src=prebid_prebid_8.39.0

HTTP Response

200

HTTP Request

POST https://ap.lijit.com/rtb/bid?src=prebid_prebid_8.39.0

HTTP Response

200

HTTP Request

GET https://ap.lijit.com/beacon?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&informer=13461259

HTTP Response

302

HTTP Request

GET https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Request

GET https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

302

HTTP Response

302

HTTP Request

GET https://ap.lijit.com/pixel?redir=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3DSOVRN%26ttl%3D720%26uid%3D4b30a0b1f289a261ab592e1e53c126eb%26visitor%3D%24UID%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

307

HTTP Request

POST https://ap.lijit.com/rtb/bid?src=prebid_prebid_8.39.0

HTTP Response

200
185.255.84.150:443

https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fen.softonic.com%2Fdownload%2Fmandela-invasion%2Fwindows%2Fpost-download&PageUrl=https%3A%2F%2Fen.softonic.com%2Fdownload%2Fmandela-invasion%2Fwindows%2Fpost-download&PageReferrer=https%3A%2F%2Fen.softonic.com%2Fdownload%2Fmandela-invasion%2Fwindows%2Fpost-download

tls, http2

chrome.exe

7.4kB
2.7kB
17
14

HTTP Request

POST https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2Fdownload&PageUrl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2Fdownload&PageReferrer=https%3A%2F%2Fmandela-invasion.en.softonic.com%2F&CanonicalUrl=https%3A%2F%2Fmandela-invasion.en.softonic.com%2Fdownload

HTTP Response

200

HTTP Request

POST https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fen.softonic.com%2Fdownload%2Fmandela-invasion%2Fwindows%2Fpost-download&PageUrl=https%3A%2F%2Fen.softonic.com%2Fdownload%2Fmandela-invasion%2Fwindows%2Fpost-download&PageReferrer=https%3A%2F%2Fen.softonic.com%2Fdownload%2Fmandela-invasion%2Fwindows%2Fpost-download

HTTP Response

200
216.58.213.1:443

https://04bad0e059b40130318c69ce114f650e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

tls, http2

chrome.exe

2.3kB
12.6kB
19
21

HTTP Request

GET https://5f9ca2ac9e594db0da2c77bc41c36353.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

HTTP Request

GET https://04bad0e059b40130318c69ce114f650e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
104.26.2.70:443

https://ad-delivery.net/px.gif?ch=2

tls, http2

chrome.exe

2.2kB
3.9kB
16
17

HTTP Request

GET https://ad-delivery.net/px.gif?ch=1&e=0.8512960495046087

HTTP Request

GET https://ad-delivery.net/px.gif?ch=2

HTTP Response

200

HTTP Response

304

HTTP Request

GET https://ad-delivery.net/px.gif?ch=1&e=0.5963525431037089

HTTP Request

GET https://ad-delivery.net/px.gif?ch=2

HTTP Response

200

HTTP Response

304
52.95.122.74:443

https://aax-eu.amazon-adsystem.com/s/x/ae12848777b41970a5f2?gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

tls, http

chrome.exe

4.8kB
5.5kB
12
12

HTTP Request

GET https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&dl=n-onetag_pm-db5_smrt

HTTP Response

200

HTTP Request

GET https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=smrt_n-onetag_pm-db5&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

HTTP Response

200

HTTP Request

GET https://aax-eu.amazon-adsystem.com/s/x/ae12848777b41970a5f2?gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

200
4.153.129.168:443

b.clarity.ms

tls

chrome.exe

886 B
5.7kB
8
9
4.153.129.168:443

b.clarity.ms

tls

chrome.exe

886 B
5.7kB
8
9
172.67.74.232:443

https://api.btmessage.com/events/mw

tls, http2

chrome.exe

4.0kB
9.6kB
27
32

HTTP Request

GET https://api.btmessage.com/mw/state?bt_env=prod

HTTP Response

204

HTTP Request

POST https://api.btmessage.com/events/mw

HTTP Response

204

HTTP Request

GET https://api.btmessage.com/websiteconfig?bt_env=prod&o=5633429348548608&w=en.softonic.com&l=EN

HTTP Response

302

HTTP Request

GET https://api.btmessage.com/websiteconfig?bt_env=prod&o=5633429348548608&w=softonic.com&l=EN

HTTP Response

200

HTTP Request

GET https://api.btmessage.com/mw/state?bt_env=prod

HTTP Request

GET https://api.btmessage.com/mw/sign_pbm?w=5299385968099328&bt_env=prod

HTTP Response

204

HTTP Response

200

HTTP Request

POST https://api.btmessage.com/events/mw

HTTP Response

204
4.153.129.168:443

b.clarity.ms

tls

chrome.exe

886 B
5.7kB
8
9
4.153.129.168:443

b.clarity.ms

tls

chrome.exe

886 B
5.6kB
8
8
51.89.9.253:443

onetag-sys.com

tls

chrome.exe

863 B
2.9kB
7
5
178.32.210.230:443

ssbsync.smartadserver.com

tls

chrome.exe

863 B
3.9kB
7
6
23.219.196.188:443

ads.pubmatic.com

tls

chrome.exe

2.8kB
13.4kB
19
24
163.70.151.35:443

www.facebook.com

tls

chrome.exe

2.3kB
3.6kB
14
12
163.70.151.35:443

www.facebook.com

tls

chrome.exe

943 B
3.0kB
8
7
104.26.2.70:443

https://ad-delivery.net/px.gif?ch=1&e=0.799573025697111

tls, http2

chrome.exe

2.1kB
4.0kB
15
15

HTTP Request

GET https://ad-delivery.net/px.gif?ch=2

HTTP Response

304

HTTP Request

GET https://ad-delivery.net/px.gif?ch=1&e=0.8418542900934511

HTTP Response

200

HTTP Request

GET https://ad-delivery.net/px.gif?ch=2

HTTP Response

304

HTTP Request

GET https://ad-delivery.net/px.gif?ch=1&e=0.799573025697111

HTTP Response

200
13.74.129.1:443

c.clarity.ms

tls

chrome.exe

840 B
6.7kB
7
8
139.45.197.253:443

notix.io

tls

chrome.exe

1.8kB
3.5kB
13
13
172.217.169.66:443

https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202410310101&st=env

tls, http2

chrome.exe

2.0kB
19.9kB
18
23

HTTP Request

GET https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202410310101&st=env
198.47.127.19:443

image6.pubmatic.com

tls

chrome.exe

1.0kB
4.9kB
10
11
142.250.179.225:443

https://ep2.adtrafficquality.google/sodar/sodar2.js

tls, http2

chrome.exe

1.9kB
13.4kB
16
18

HTTP Request

GET https://ep2.adtrafficquality.google/sodar/sodar2.js
148.251.40.213:443

shb.richaudience.com

tls

chrome.exe

886 B
4.5kB
8
9
185.64.189.112:443

hbopenbid.pubmatic.com

tls

chrome.exe

955 B
4.9kB
9
11
185.255.84.153:443

https://visitor.omnitagjs.com/visitor/sync?name=BIDINFLUENCE&uid=73a6fc4f48ca80f3b6c9454f77a18d8b&visitor=b3c9ca0a885e708befb2997d1e1a6492

tls, http2

chrome.exe

6.6kB
5.6kB
26
24

HTTP Request

GET https://visitor.omnitagjs.com/visitor/isync?uid=19340f4f097d16f41f34fc0274981ca4&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

200

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?name=Xandr+%E2%80%93+Invest+DSP&ttl=720&uid=48d5713d5c563cba2049f505b2d944b6&visitor=7743239598165122675&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?name=Xandr+%E2%80%93+Invest+DSP+-+Banner&ttl=720&uid=75d56568a11564bfb79a01d2fa9fdb29&visitor=7743239598165122675&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?uid=68c72dd412a8d0f3f6d2276db2509939&name=LOOPME&visitor=630e474c-39b1-4e7e-971f-617b8538d734&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?name=SOVRN&ttl=720&uid=4b30a0b1f289a261ab592e1e53c126eb&visitor=Jno7ABZHcfCkY9miSFGVuR2Y&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?name=NATIVO&ttl=720&uid=0544850a0778385701c6899403bef718&visitor=NTV_USER_ID&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?name=NEXXEN&ttl=720&uid=146e9da1fca8f0ce5e1ef0b5909cc4cd&visitor=RX-d6b290a7-9475-476c-9e96-018d198e6827-003&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

200

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?name=RISE_CODES&ttl=720&uid=48b439bcf2930e6408d6e795f7f1cdd2&visitor=ocN42TY9kp_s&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?uid=74a1ec3b61e72925193cfceeea1b0608&visitor=0-4b0f4650-bb81-5838-5502-a4aae365672c$ip$138.199.29.44&name=STACKADAPT&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?name=BIDINFLUENCE&uid=73a6fc4f48ca80f3b6c9454f77a18d8b&visitor=b3c9ca0a885e708befb2997d1e1a6492

HTTP Response

200

HTTP Response

200

HTTP Response

200
148.251.20.249:443

sync.richaudience.com

tls

chrome.exe

909 B
4.6kB
8
8
104.18.38.76:443

js-sec.indexww.com

tls, http2

chrome.exe

935 B
936 B
7
5
52.48.206.11:443

https://ce.lijit.com/merge?pid=97&3pid=RX-d6b290a7-9475-476c-9e96-018d198e6827-003

tls, http2

chrome.exe

3.8kB
8.1kB
22
24

HTTP Request

GET https://ce.lijit.com/beacon?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&informer=13461259

HTTP Response

200

HTTP Request

GET https://ce.lijit.com/merge?pid=92&3pid=7743239598165122675&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

200

HTTP Request

GET https://ce.lijit.com/merge?pid=84&3pid=c:09e3e7b95390c57eaea582f5382fd7f4

HTTP Request

GET https://ce.lijit.com/merge?3pid=AAE3oU7OVcoAABWvTcgUPA&pid=85&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

204

HTTP Response

200

HTTP Request

GET https://ce.lijit.com/merge?pid=102&3pid=d92d9148-6b1e-56c0-a34f-d5683fc0698b

HTTP Response

204

HTTP Request

GET https://ce.lijit.com/merge?pid=97&3pid=RX-d6b290a7-9475-476c-9e96-018d198e6827-003

HTTP Response

204
178.250.1.11:443

gum.criteo.com

tls

chrome.exe

863 B
3.5kB
7
6
35.171.195.136:443

aorta.clickagy.com

tls

chrome.exe

1.9kB
1.2kB
11
10
185.184.8.90:443

creativecdn.com

tls

chrome.exe

863 B
3.6kB
7
6
178.32.210.230:443

ssbsync.smartadserver.com

tls

chrome.exe

863 B
3.9kB
7
6
69.173.156.148:443

https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

tls, http

chrome.exe

2.3kB
5.1kB
13
16

HTTP Request

GET https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

204
35.214.136.108:443

x.bidswitch.net

tls

chrome.exe

863 B
3.4kB
7
7
208.93.169.131:443

bh.contextweb.com

tls

chrome.exe

909 B
4.9kB
8
7
185.89.210.212:443

ib.adnxs.com

tls

chrome.exe

3.7kB
8.2kB
15
16
91.228.74.159:443

cms.quantserve.com

tls

chrome.exe

1.8kB
786 B
10
8
46.228.174.117:443

sync.1rx.io

tls

chrome.exe

2.8kB
9.8kB
15
17
34.98.64.218:443

us-u.openx.net

tls

chrome.exe

863 B
3.5kB
7
6
23.215.239.190:443

secure-assets.rubiconproject.com

tls

chrome.exe

1.1kB
879 B
8
7
80.77.87.216:443

cs.krushmedia.com

tls

chrome.exe

2.3kB
6.6kB
10
12
34.91.62.186:443

um.simpli.fi

tls

chrome.exe

886 B
4.6kB
8
8
154.59.122.79:443

https://ums.acuityplatform.com/tum?umid=27&uid=Jno7ABZHcfCkY9miSFGVuR2Y&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

tls, http

chrome.exe

2.1kB
6.2kB
13
12

HTTP Request

GET https://ums.acuityplatform.com/tum?umid=27&uid=Jno7ABZHcfCkY9miSFGVuR2Y&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

204
18.66.248.129:443

https://s.ad.smaato.net/c/?adExInit=sovrn&gdpr=&gdpr_consent=&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D108%263pid%3D%24UID&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

tls, http2

chrome.exe

2.0kB
7.1kB
13
15

HTTP Request

GET https://s.ad.smaato.net/c/?adExInit=sovrn&gdpr=&gdpr_consent=&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D108%263pid%3D%24UID&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

204
34.246.139.66:443

match.prod.bidr.io

tls

chrome.exe

2.0kB
1.2kB
9
8
35.71.131.137:443

data.adsrvr.org

tls

chrome.exe

886 B
4.5kB
8
8
2.23.220.28:443

https://c21lg-d.media.net/log?logid=kfk&evtid=cs&del=1&vsid=3738659910494091000V10&origin=1&flt=0&pvgid[]=data-p&pvgid[]=data-b&pvgid[]=data-t&pvgid[]=data-sov&pvgid[]=data-r1&pvgid[]=data-pb&pvgid[]=data-k&pvgid[]=data-tx&pvgid[]=data-ct&pvgid[]=data-xu

tls, http

chrome.exe

2.0kB
1.3kB
9
9

HTTP Request

GET https://c21lg-d.media.net/log?logid=kfk&evtid=cs&del=1&vsid=3738659910494091000V10&origin=1&flt=0&pvgid[]=data-p&pvgid[]=data-b&pvgid[]=data-t&pvgid[]=data-sov&pvgid[]=data-r1&pvgid[]=data-pb&pvgid[]=data-k&pvgid[]=data-tx&pvgid[]=data-ct&pvgid[]=data-xu

HTTP Response

200
89.207.16.204:443

medianet-match.dotomi.com

tls

chrome.exe

863 B
3.7kB
7
7
34.98.64.218:443

us-u.openx.net

tls

chrome.exe

863 B
3.6kB
7
7
178.250.1.9:443

dis.criteo.com

tls

chrome.exe

863 B
3.5kB
7
6
35.214.136.108:443

x.bidswitch.net

tls

chrome.exe

961 B
4.6kB
9
8
35.71.131.137:443

match.adsrvr.org

tls

chrome.exe

886 B
4.5kB
8
9
69.173.156.149:443

https://token.rubiconproject.com/khaos.json?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

tls, http

chrome.exe

2.2kB
5.6kB
13
16

HTTP Request

GET https://token.rubiconproject.com/khaos.json?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

HTTP Response

200
18.154.63.117:443

https://sync.serverbid.com/syncs/audio.html?gdpr={{.GDPR}}&gdpr_consent={{.GDPRConsent}}&us_privacy={{.USPrivacy}}&gpp={{.GPP}}&gpp_sid={{.GPPSID}}&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

tls, http2

chrome.exe

2.0kB
7.2kB
12
14

HTTP Request

GET https://sync.serverbid.com/syncs/audio.html?gdpr={{.GDPR}}&gdpr_consent={{.GDPRConsent}}&us_privacy={{.USPrivacy}}&gpp={{.GPP}}&gpp_sid={{.GPPSID}}&gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

200
34.36.216.150:443

pixel-sync.sitescout.com

tls

chrome.exe

863 B
3.5kB
7
7
46.228.164.11:443

https://ad.turn.com/r/cs?pid=45&id=RX-d6b290a7-9475-476c-9e96-018d198e6827-003&rndcb=2823041597

tls, http2

chrome.exe

1.8kB
7.5kB
15
14

HTTP Request

GET https://ad.turn.com/r/cs?pid=45&id=RX-d6b290a7-9475-476c-9e96-018d198e6827-003&rndcb=2823041597

HTTP Response

302
3.212.168.182:443

cs-server-s2s.yellowblue.io

tls

chrome.exe

2.4kB
3.6kB
13
13
172.217.16.230:443

https://s0.2mdn.net/dot.gif?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

tls, http2

chrome.exe

2.0kB
6.5kB
13
12

HTTP Request

GET https://s0.2mdn.net/dot.gif?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA
82.145.213.8:443

t.adx.opera.com

tls

chrome.exe

892 B
4.4kB
8
7
51.89.9.253:443

onetag-sys.com

tls

chrome.exe

863 B
2.9kB
7
5
67.202.105.24:443

https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0015a00003HljHyAAJ&ru=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3D33ACROSS%26ttl%3D720%26uid%3D2f9442d7df2189f76c8b593d5f54ce95%26visitor%3D33XUSERID33X%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

tls, http2

chrome.exe

2.3kB
838 B
11
8

HTTP Request

GET https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0015a00003HljHyAAJ&ru=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3D33ACROSS%26ttl%3D720%26uid%3D2f9442d7df2189f76c8b593d5f54ce95%26visitor%3D33XUSERID33X%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

204
178.32.210.230:443

ssbsync.smartadserver.com

tls

chrome.exe

863 B
3.9kB
7
6
82.145.213.8:443

t.adx.opera.com

tls

chrome.exe

892 B
4.4kB
8
7
35.214.136.108:443

x.bidswitch.net

tls

chrome.exe

863 B
3.4kB
7
6
8.2.108.175:443

bc-sync.com

chrome.exe

152 B
120 B
3
3
35.71.131.137:443

match.adsrvr.org

tls

chrome.exe

886 B
4.5kB
8
8
185.64.191.214:443

image8.pubmatic.com

tls

chrome.exe

1.0kB
4.9kB
10
11
3.209.5.252:443

api-2-0.spot.im

tls

chrome.exe

1.6kB
770 B
11
10
35.214.205.154:443

https://csync.loopme.me/?pubid=11480&redirect=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fuid%3D68c72dd412a8d0f3f6d2276db2509939%26name%3DLOOPME%26visitor%3D%7Bdevice_id%7D&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

tls, http2

chrome.exe

2.0kB
1.8kB
11
10

HTTP Request

GET https://csync.loopme.me/?pubid=11480&redirect=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fuid%3D68c72dd412a8d0f3f6d2276db2509939%26name%3DLOOPME%26visitor%3D%7Bdevice_id%7D&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

307
3.209.70.78:443

sync.srv.stackadapt.com

tls

chrome.exe

2.6kB
1.6kB
10
7
69.173.151.100:443

pixel-us-east.rubiconproject.com

tls

chrome.exe

2.1kB
4.2kB
10
10
52.31.108.193:443

jadserve.postrelease.com

tls

chrome.exe

2.3kB
1.4kB
11
10
204.62.12.209:443

https://sync-service.net/ssp?token=0K3iZk8wcIw5&pl=bi&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

tls, http

chrome.exe

2.0kB
1.2kB
8
6

HTTP Request

GET https://sync-service.net/ssp?token=0K3iZk8wcIw5&pl=bi&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

302
192.132.33.69:443

bttrack.com

tls

chrome.exe

2.3kB
9.2kB
17
22
98.82.157.231:443

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&id=ZyrlBbmqPkgAAGCeAgrT-wAAE7oAAAAB&gpp=&gpp_sid=

tls, http

chrome.exe

2.0kB
1.5kB
8
6

HTTP Request

GET https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&id=ZyrlBbmqPkgAAGCeAgrT-wAAE7oAAAAB&gpp=&gpp_sid=

HTTP Response

200
35.71.131.137:443

match.adsrvr.org

tls

chrome.exe

886 B
4.5kB
8
8
151.101.130.49:443

sync-tm.everesttech.net

tls

chrome.exe

886 B
5.1kB
8
9
35.214.136.108:443

x.bidswitch.net

tls

chrome.exe

863 B
3.4kB
7
7
63.215.202.140:443

casale-match.dotomi.com

tls

chrome.exe

863 B
3.7kB
7
7
37.157.4.29:443

c1.adform.net

tls

chrome.exe

886 B
5.2kB
8
9
193.0.160.131:443

p.rfihub.com

tls

chrome.exe

2.1kB
8.3kB
11
14
46.228.174.117:443

sync.targeting.unrulymedia.com

tls

chrome.exe

2.3kB
2.1kB
11
11
172.64.150.63:443

https://s.tribalfusion.com/z/i.match?p=b20&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com/crum%3Fcm_dsp_id%3D131%26external_user_id%3D%24TF_USER_ID_ENC%24&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_user_id=ZyrlBbmqPkgAAGCeAgrT.wAA

tls, http2

chrome.exe

2.7kB
4.7kB
15
15

HTTP Request

GET https://a.tribalfusion.com/i.match?p=b20&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com/crum%3Fcm_dsp_id%3D131%26external_user_id%3D%24TF_USER_ID_ENC%24&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_user_id=ZyrlBbmqPkgAAGCeAgrT.wAA

HTTP Response

302

HTTP Request

GET https://s.tribalfusion.com/z/i.match?p=b20&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com/crum%3Fcm_dsp_id%3D131%26external_user_id%3D%24TF_USER_ID_ENC%24&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_user_id=ZyrlBbmqPkgAAGCeAgrT.wAA

HTTP Response

302
8.2.108.175:443

bc-sync.com

chrome.exe

152 B
120 B
3
3
185.64.191.214:443

image8.pubmatic.com

tls

chrome.exe

1.0kB
4.9kB
10
11
18.195.234.25:443

match.sharethrough.com

tls

chrome.exe

863 B
3.5kB
7
5
208.93.169.131:443

bh.contextweb.com

tls

chrome.exe

909 B
4.9kB
8
8
108.157.7.75:443

https://c.amazon-adsystem.com/cdn/prod/config?src=3177&u=https%3A%2F%2Fen.softonic.com

tls, http2

chrome.exe

1.7kB
1.9kB
12
12

HTTP Request

GET https://c.amazon-adsystem.com/cdn/prod/config?src=3177&u=https%3A%2F%2Fen.softonic.com

HTTP Response

200
150.171.28.10:443

bat.bing.com

tls

chrome.exe

1.3kB
7.9kB
9
13
13.107.246.65:443

https://www.clarity.ms/tag/n22abp4c18

tls, http2

chrome.exe

2.4kB
2.2kB
12
11

HTTP Request

GET https://www.clarity.ms/tag/n22abp4c18

HTTP Response

200
104.22.75.216:443

https://btloader.com/tag?o=5633429348548608&upapi=true

tls, http2

chrome.exe

1.6kB
1.7kB
10
9

HTTP Request

GET https://btloader.com/tag?o=5633429348548608&upapi=true

HTTP Response

304
18.173.233.7:443

https://js.adscale.de/map.js

tls, http2

chrome.exe

1.7kB
10.3kB
14
16

HTTP Request

GET https://js.adscale.de/map.js

HTTP Response

200
104.26.3.63:443

https://wct.softonic.com/track/update-session

tls, http2

chrome.exe

11.7kB
37.8kB
48
64

HTTP Request

GET https://wct.softonic.com/wct.js?type=session

HTTP Response

200

HTTP Request

GET https://wct.softonic.com/wct.js?type=auto-tagging

HTTP Response

200

HTTP Request

POST https://wct.softonic.com/track/update-session

HTTP Response

200
141.95.33.120:443

https://id5-sync.com/api/config/prebid

tls, http2

chrome.exe

1.9kB
3.6kB
14
11

HTTP Request

POST https://id5-sync.com/api/config/prebid

HTTP Response

200
104.18.35.167:443

cdn-ima.33across.com

tls

chrome.exe

909 B
4.8kB
8
7
185.64.189.112:443

hbopenbid.pubmatic.com

tls

chrome.exe

1.0kB
4.9kB
10
11
148.251.40.213:443

shb.richaudience.com

tls

chrome.exe

886 B
4.5kB
8
9
148.251.40.213:443

shb.richaudience.com

tls

chrome.exe

886 B
4.5kB
8
8
108.157.7.75:443

https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js

tls, http2

chrome.exe

1.6kB
1.3kB
11
9

HTTP Request

GET https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js

HTTP Response

304
141.95.33.120:443

https://lb.eu-1-id5-sync.com/lb/v1

tls, http2

chrome.exe

1.8kB
4.5kB
15
19

HTTP Request

GET https://lb.eu-1-id5-sync.com/lb/v1

HTTP Request

GET https://lb.eu-1-id5-sync.com/lb/v1

HTTP Response

200
104.26.3.63:443

https://wct.softonic.com/wct.js?type=pattern&uid=s3czDT

tls, http2

chrome.exe

2.6kB
11.1kB
18
22

HTTP Request

GET https://wct.softonic.com/track/session?data=91hBSvNB6iczPn2CFjclIidnXqtnZyJn0adnYCZmYCtm34Im0iZmWqdn2GdmZCtmUeJlIzMi6icCIz2xIWcBSvNB6iYyIz2xIWIi3GZm0ydoWmZnX4cn4qtoYiZmXitmUiJlXe0rIOJiHD2xIWIiW4cmUGZmUGdm0qJn4aZm3eJlX4smUydoZqJn4aZm3eJlX4smtDKi6iYCN9vyN9Li7PJiZvwAR92BJjclIiIoIixzYjxzMvMCIWIiU9wAZjxz2bJmLq3CLrxySbJmL0cmYuszLjNzWitjTaJmLiJl04smWitjU9wAZfMDULemYusySvgzUfwtWitjKf2BS52DVrKi6iszSrxA09vzNfgCIWIi2mJl3mtngjtjPjxyMf2uWitjW4cmUaJl2atmgjtjL12BYH2qWitjP82AJv2rWitjLTwASbJmLmKmLWutuH0sOaJmLyZmUCZm1yKmLqxAljwzxvgBWbxqWitjPqJn4bJmLi0mLqJnUL2vWitjcntjX4InWitju5emYuYC39gzUL2vOaJmLaJl1yKmLegBSLMEV1Ki6isy1jclIqwyVXMB39gzTq3CVbNrYuYC39gzUL2DgjtjU9wAZfMDULwlHXwzK5wyTzKmLqwyVXMB39gzgjtjT92yUmwAU9gDM92CU4wzgjtjgjtjbntjZbhD0HMi6icBYvNiSiYn4mdn2GdmZCtmUqdo0KJmYmtmYeJi6iczPn2zIWIiurKEJnZCIOJiKLwDIWIi2udn5adn0ydoWmZnXiIoIqwAZjYE

HTTP Response

200

HTTP Request

GET https://wct.softonic.com/wct.js?type=pattern&uid=s3czDT

HTTP Response

200
3.125.98.251:443

ih.adscale.de

tls

chrome.exe

2.2kB
6.4kB
14
14
4.153.129.168:443

b.clarity.ms

tls

chrome.exe

886 B
5.7kB
8
9
151.101.65.91:443

prs.sftcdn.net

tls

chrome.exe

939 B
3.7kB
8
9
151.101.65.91:443

https://prs.sftcdn.net/softoniccom/ZxDYxIF3NbkBXqTq_warrobots.png?auto=format,compress

tls, http2

chrome.exe

10.3kB
444.5kB
185
335

HTTP Request

GET https://prs.sftcdn.net/softoniccom/Zfm7NQ4qyfNhFypo_herowarsprismic.jpg?auto=format,compress

HTTP Request

GET https://prs.sftcdn.net/softoniccom/ZkYu7Col0Zci9N2M_startrek2.png?auto=format,compress

HTTP Request

GET https://prs.sftcdn.net/softoniccom/ZmK4JJm069VX1iZj_riseofkingdoms-1655145831689.jpg?auto=format,compress

HTTP Request

GET https://prs.sftcdn.net/softoniccom/1b0fa9d4-d0c9-4893-aa60-2205403306d6_EN_282x388_WT_02.jpg?auto=compress,format

HTTP Request

GET https://prs.sftcdn.net/softoniccom/ZlWTI6WtHYXtT1oh_500x600.jpg?auto=format,compress

HTTP Request

GET https://prs.sftcdn.net/softoniccom/65917734-ab3a-483b-89ec-0996285bd220_stormshot.png?auto=format,compress

HTTP Request

GET https://prs.sftcdn.net/softoniccom/ZhO67hrFxhpPBXWc_seaofconquest.jpg?auto=format,compress

HTTP Request

GET https://prs.sftcdn.net/softoniccom/ZxDYxIF3NbkBXqTq_warrobots.png?auto=format,compress

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
151.101.65.91:443

prs.sftcdn.net

tls

chrome.exe

939 B
3.7kB
8
9
151.101.65.91:443

prs.sftcdn.net

tls

chrome.exe

939 B
3.7kB
8
9
151.101.65.91:443

prs.sftcdn.net

tls

chrome.exe

939 B
3.7kB
8
9
151.101.65.91:443

prs.sftcdn.net

tls

chrome.exe

939 B
3.7kB
8
9
52.95.122.74:443

https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=smrt_n-onetag_pm-db5&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

tls, http

chrome.exe

3.8kB
4.6kB
12
12

HTTP Request

GET https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&dl=n-onetag_pm-db5_smrt

HTTP Response

200

HTTP Request

GET https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=smrt_n-onetag_pm-db5&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

HTTP Response

200
4.153.129.168:443

b.clarity.ms

tls

chrome.exe

886 B
5.6kB
8
8
51.89.9.253:443

onetag-sys.com

tls

chrome.exe

863 B
2.9kB
7
5
178.32.210.230:443

ssbsync.smartadserver.com

tls

chrome.exe

863 B
3.9kB
7
6
23.88.8.125:443

push-sdk.com

tls

chrome.exe

2.9kB
20.3kB
23
27
4.153.129.168:443

b.clarity.ms

tls

chrome.exe

886 B
5.7kB
8
9
4.153.129.168:443

b.clarity.ms

tls

chrome.exe

886 B
5.6kB
8
8
141.95.33.120:443

https://id5-sync.com/bounce

tls, http2

chrome.exe

2.0kB
3.3kB
13
11

HTTP Request

GET https://id5-sync.com/bounce

HTTP Response

200
157.90.33.72:443

uidsync.net

tls

chrome.exe

1.7kB
6.5kB
13
14
157.90.33.72:443

uidsync.net

tls

chrome.exe

1.8kB
6.8kB
13
15
13.74.129.1:443

c.clarity.ms

tls

chrome.exe

840 B
6.7kB
7
7
139.45.197.253:443

notix.io

tls

chrome.exe

1.8kB
3.3kB
12
10
52.116.53.150:443

8proof.com

tls

chrome.exe

1.7kB
5.8kB
10
10
198.47.127.19:443

image6.pubmatic.com

tls

chrome.exe

955 B
4.9kB
9
11
185.255.84.153:443

https://visitor.omnitagjs.com/visitor/sync?name=RISE_CODES&ttl=720&uid=48b439bcf2930e6408d6e795f7f1cdd2&visitor=ocN42TY9kp_s&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

tls, http2

chrome.exe

6.5kB
5.3kB
25
22

HTTP Request

GET https://visitor.omnitagjs.com/visitor/isync?uid=19340f4f097d16f41f34fc0274981ca4&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

200

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?name=SOVRN&ttl=720&uid=4b30a0b1f289a261ab592e1e53c126eb&visitor=Jno7ABZHcfCkY9miSFGVuR2Y&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

200

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?name=Xandr+%E2%80%93+Invest+DSP+-+Banner&ttl=720&uid=75d56568a11564bfb79a01d2fa9fdb29&visitor=7743239598165122675&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?name=NATIVO&ttl=720&uid=0544850a0778385701c6899403bef718&visitor=NTV_USER_ID&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?name=Xandr+%E2%80%93+Invest+DSP&ttl=720&uid=48d5713d5c563cba2049f505b2d944b6&visitor=7743239598165122675&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?uid=68c72dd412a8d0f3f6d2276db2509939&name=LOOPME&visitor=630e474c-39b1-4e7e-971f-617b8538d734&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?name=BIDINFLUENCE&uid=73a6fc4f48ca80f3b6c9454f77a18d8b&visitor=29ccc1ff30684fb910da4140e3b9d531

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?name=NEXXEN&ttl=720&uid=146e9da1fca8f0ce5e1ef0b5909cc4cd&visitor=RX-d6b290a7-9475-476c-9e96-018d198e6827-003&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?uid=74a1ec3b61e72925193cfceeea1b0608&visitor=0-4b0f4650-bb81-5838-5502-a4aae365672c$ip$138.199.29.44&name=STACKADAPT&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Request

GET https://visitor.omnitagjs.com/visitor/sync?name=RISE_CODES&ttl=720&uid=48b439bcf2930e6408d6e795f7f1cdd2&visitor=ocN42TY9kp_s&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
23.219.196.188:443

ads.pubmatic.com

tls

chrome.exe

884 B
429 B
7
6
104.18.38.76:443

js-sec.indexww.com

tls, http2

chrome.exe

941 B
1.5kB
7
6
148.251.20.249:443

sync.richaudience.com

tls

chrome.exe

909 B
4.7kB
8
9
3.251.12.140:443

https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

tls, http2

chrome.exe

4.0kB
3.6kB
17
15

HTTP Request

GET https://ap.lijit.com/beacon?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&informer=13461259

HTTP Response

302

HTTP Request

GET https://ap.lijit.com/pixel?redir=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3DSOVRN%26ttl%3D720%26uid%3D4b30a0b1f289a261ab592e1e53c126eb%26visitor%3D%24UID%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

307

HTTP Request

GET https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Request

GET https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

302

HTTP Response

302
52.48.206.11:443

https://ce.lijit.com/merge?pid=102&3pid=d92d9148-6b1e-56c0-a34f-d5683fc0698b

tls, http2

chrome.exe

2.9kB
5.7kB
17
17

HTTP Request

GET https://ce.lijit.com/beacon?gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&informer=13461259

HTTP Response

200

HTTP Request

GET https://ce.lijit.com/merge?pid=84&3pid=c:09e3e7b95390c57eaea582f5382fd7f4

HTTP Response

204

HTTP Request

GET https://ce.lijit.com/merge?pid=102&3pid=d92d9148-6b1e-56c0-a34f-d5683fc0698b

HTTP Response

204
67.202.105.24:443

https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0015a00003HljHyAAJ&ru=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3D33ACROSS%26ttl%3D720%26uid%3D2f9442d7df2189f76c8b593d5f54ce95%26visitor%3D33XUSERID33X%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

tls, http2

chrome.exe

2.3kB
878 B
11
9

HTTP Request

GET https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0015a00003HljHyAAJ&ru=https%3A%2F%2Fvisitor.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3D33ACROSS%26ttl%3D720%26uid%3D2f9442d7df2189f76c8b593d5f54ce95%26visitor%3D33XUSERID33X%26gdpr%3D1%26gdpr_consent%3DCQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA&gdpr=1&gdpr_consent=CQHqu8AQHqu8AAHABBENBOFsAP_gAAAgAAiQI4IBYCRMQSEBMGhHAIIEYIAUwBhgIEAgAgAAgAABABoAIIwAECAgAAwAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAEAACQAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABAAAgAAIQAIAAAwAAgAAIAAAAIAAAAAAAgAIAAAAAAAAAAAAAAAAgAAAAAEAAAAAABAEA7oAQAywB3ACkoAMAAQVEKQAYAAgqIOgAwABBUQhABgACCogSADAAEFRAAAA.f_wAAAQAAAAA

HTTP Response

204
185.89.210.82:443

secure.adnxs.com

tls

chrome.exe

3.2kB
4.0kB
14
12
8.2.108.175:443

bc-sync.com

chrome.exe

152 B
120 B
3
3
46.228.174.117:443

sync.1rx.io

tls

chrome.exe

2.6kB
8.5kB
15
16
35.214.136.108:443

x.bidswitch.net

tls

chrome.exe

863 B
3.4kB
7
7

8.8.8.8:53

www.google.com

dns

chrome.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

216.58.201.100
8.8.8.8:53

ogads-pa.googleapis.com

dns

chrome.exe

69 B
325 B
1
1

DNS Request

ogads-pa.googleapis.com

DNS Response

142.250.178.10

142.250.187.234

142.250.180.10

172.217.169.10

216.58.212.202

216.58.212.234

172.217.169.42

142.250.200.42

142.250.187.202

142.250.179.234

216.58.204.74

142.250.200.10

172.217.169.74

216.58.213.10

172.217.16.234

216.58.201.106
8.8.8.8:53

apis.google.com

dns

chrome.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

216.58.201.110
8.8.8.8:53

play.google.com

dns

chrome.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

172.217.16.238
224.0.0.251:5353

chrome.exe

408 B
6
216.58.201.100:443

www.google.com

https

chrome.exe

32.3kB
977.1kB
215
852
172.217.16.238:443

play.google.com

https

chrome.exe

5.2kB
7.3kB
9
11
8.8.8.8:53

consent.google.com

dns

chrome.exe

64 B
80 B
1
1

DNS Request

consent.google.com

DNS Response

172.217.16.238
8.8.8.8:53

archive.org

dns

chrome.exe

57 B
73 B
1
1

DNS Request

archive.org

DNS Response

207.241.224.2
8.8.8.8:53

athena.archive.org

dns

chrome.exe

64 B
132 B
1
1

DNS Request

athena.archive.org

DNS Response

207.241.225.195
8.8.8.8:53

content-autofill.googleapis.com

dns

chrome.exe

77 B
317 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

216.58.201.106

172.217.169.74

142.250.178.10

142.250.179.234

172.217.169.10

142.250.187.202

142.250.180.10

142.250.187.234

172.217.16.234

216.58.212.234

142.250.200.42

172.217.169.42

216.58.212.202

142.250.200.10

216.58.204.74
216.58.201.100:443

www.google.com

https

chrome.exe

24.0kB
107.9kB
150
215
172.217.16.238:443

consent.google.com

https

chrome.exe

5.3kB
2.8kB
10
9
8.8.8.8:53

mandela-invasion.en.softonic.com

dns

chrome.exe

78 B
175 B
1
1

DNS Request

mandela-invasion.en.softonic.com

DNS Response

151.101.1.91

151.101.193.91

151.101.129.91

151.101.65.91
8.8.8.8:53

sdk.privacy-center.org

dns

chrome.exe

68 B
132 B
1
1

DNS Request

sdk.privacy-center.org

DNS Response

18.245.175.44

18.245.175.80

18.245.175.23

18.245.175.74
8.8.8.8:53

sc.sftcdn.net

dns

chrome.exe

59 B
153 B
1
1

DNS Request

sc.sftcdn.net

DNS Response

151.101.129.91

151.101.193.91

151.101.1.91

151.101.65.91
8.8.8.8:53

images.sftcdn.net

dns

chrome.exe

63 B
157 B
1
1

DNS Request

images.sftcdn.net

DNS Response

151.101.65.91

151.101.193.91

151.101.1.91

151.101.129.91
8.8.8.8:53

rv-assets.softonic.com

dns

chrome.exe

68 B
165 B
1
1

DNS Request

rv-assets.softonic.com

DNS Response

151.101.193.91

151.101.129.91

151.101.1.91

151.101.65.91
8.8.8.8:53

bat.bing.com

dns

chrome.exe

58 B
152 B
1
1

DNS Request

bat.bing.com

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

securepubads.g.doubleclick.net

dns

chrome.exe

76 B
92 B
1
1

DNS Request

securepubads.g.doubleclick.net

DNS Response

142.250.178.2
8.8.8.8:53

www.clarity.ms

dns

chrome.exe

60 B
223 B
1
1

DNS Request

www.clarity.ms

DNS Response

13.107.246.65
8.8.8.8:53

c.amazon-adsystem.com

dns

chrome.exe

67 B
126 B
1
1

DNS Request

c.amazon-adsystem.com

DNS Response

108.157.7.75
8.8.8.8:53

syndicatedsearch.goog

dns

chrome.exe

67 B
83 B
1
1

DNS Request

syndicatedsearch.goog

DNS Response

216.58.212.206
151.101.129.91:443

rv-assets.softonic.com

https

chrome.exe

8.5kB
54.0kB
43
59
8.8.8.8:53

btloader.com

dns

chrome.exe

58 B
106 B
1
1

DNS Request

btloader.com

DNS Response

104.22.75.216

104.22.74.216

172.67.41.60
151.101.1.91:443

rv-assets.softonic.com

https

chrome.exe

35.1kB
109.2kB
86
119
8.8.8.8:53

ad-delivery.net

dns

chrome.exe

61 B
109 B
1
1

DNS Request

ad-delivery.net

DNS Response

104.26.2.70

104.26.3.70

172.67.69.19
8.8.8.8:53

di-images.sftcdn.net

dns

chrome.exe

66 B
160 B
1
1

DNS Request

di-images.sftcdn.net

DNS Response

151.101.65.91

151.101.1.91

151.101.129.91

151.101.193.91
8.8.8.8:53

storage.googleapis.com

dns

chrome.exe

68 B
324 B
1
1

DNS Request

storage.googleapis.com

DNS Response

142.250.200.27

216.58.212.219

216.58.212.251

172.217.169.59

142.250.187.251

172.217.169.27

216.58.201.123

172.217.16.251

142.250.200.59

142.250.178.27

216.58.213.27

142.250.187.219

142.250.179.251

216.58.204.91

172.217.169.91

142.250.180.27
8.8.8.8:53

b.clarity.ms

dns

chrome.exe

58 B
139 B
1
1

DNS Request

b.clarity.ms

DNS Response

4.153.129.168
8.8.8.8:53

api.btloader.com

dns

chrome.exe

62 B
78 B
1
1

DNS Request

api.btloader.com

DNS Response

130.211.23.194
8.8.8.8:53

cdn.btmessage.com

dns

chrome.exe

63 B
111 B
1
1

DNS Request

cdn.btmessage.com

DNS Response

104.26.7.141

172.67.74.232

104.26.6.141
18.245.175.44:443

sdk.privacy-center.org

https

chrome.exe

7.5kB
172.8kB
73
149
8.8.8.8:53

config.aps.amazon-adsystem.com

dns

chrome.exe

76 B
140 B
1
1

DNS Request

config.aps.amazon-adsystem.com

DNS Response

108.157.4.57

108.157.4.96

108.157.4.51

108.157.4.88
8.8.8.8:53

api.btmessage.com

dns

chrome.exe

63 B
111 B
1
1

DNS Request

api.btmessage.com

DNS Response

172.67.74.232

104.26.7.141

104.26.6.141
8.8.8.8:53

googleads.g.doubleclick.net

dns

chrome.exe

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

142.250.200.34
8.8.8.8:53

cdn.id5-sync.com

dns

chrome.exe

62 B
110 B
1
1

DNS Request

cdn.id5-sync.com

DNS Response

172.67.38.106

104.22.52.86

104.22.53.86
130.211.23.194:443

api.btloader.com

https

chrome.exe

3.4kB
5.9kB
17
17
8.8.8.8:53

www.google.co.uk

dns

chrome.exe

62 B
78 B
1
1

DNS Request

www.google.co.uk

DNS Response

172.217.169.3
8.8.8.8:53

c.clarity.ms

dns

chrome.exe

58 B
145 B
1
1

DNS Request

c.clarity.ms

DNS Response

13.74.129.1
151.101.65.91:443

di-images.sftcdn.net

https

chrome.exe

18.2kB
241.9kB
89
214
8.8.8.8:53

notix.io

dns

chrome.exe

54 B
86 B
1
1

DNS Request

notix.io

DNS Response

139.45.197.253

139.45.197.227
8.8.8.8:53

api.privacy-center.org

dns

chrome.exe

68 B
132 B
1
1

DNS Request

api.privacy-center.org

DNS Response

13.32.145.66

13.32.145.94

13.32.145.80

13.32.145.62
8.8.8.8:53

aax.amazon-adsystem.com

dns

chrome.exe

69 B
201 B
1
1

DNS Request

aax.amazon-adsystem.com

DNS Response

108.156.255.231
8.8.8.8:53

id.crwdcntrl.net

dns

chrome.exe

62 B
190 B
1
1

DNS Request

id.crwdcntrl.net

DNS Response

34.248.111.137

34.255.252.80

79.125.104.96

52.30.238.153

63.34.182.190

52.16.238.77

54.74.74.210

52.31.95.82
8.8.8.8:53

id5-sync.com

dns

chrome.exe

58 B
218 B
1
1

DNS Request

id5-sync.com

DNS Response

141.95.33.120

162.19.138.120

162.19.138.117

162.19.138.83

141.95.98.64

162.19.138.116

162.19.138.118

162.19.138.119

141.95.98.65

162.19.138.82
8.8.8.8:53

shb.richaudience.com

dns

chrome.exe

66 B
82 B
1
1

DNS Request

shb.richaudience.com

DNS Response

148.251.40.213
8.8.8.8:53

ap.lijit.com

dns

chrome.exe

58 B
310 B
1
1

DNS Request

ap.lijit.com

DNS Response

3.251.12.140

34.248.60.30

54.72.109.97

52.208.38.213

54.229.5.123

54.154.104.195

54.77.26.93

54.194.86.99
8.8.8.8:53

prebid.media.net

dns

chrome.exe

62 B
78 B
1
1

DNS Request

prebid.media.net

DNS Response

34.120.63.153
8.8.8.8:53

ad.360yield.com

dns

chrome.exe

61 B
229 B
1
1

DNS Request

ad.360yield.com

DNS Response

63.34.96.164

34.240.65.73

52.213.90.221

52.211.200.66

63.32.237.175

52.210.107.17

34.243.135.213

52.215.71.87
8.8.8.8:53

htlb.casalemedia.com

dns

chrome.exe

66 B
98 B
1
1

DNS Request

htlb.casalemedia.com

DNS Response

104.18.36.155

172.64.151.101
8.8.8.8:53

hbopenbid.pubmatic.com

dns

chrome.exe

68 B
146 B
1
1

DNS Request

hbopenbid.pubmatic.com

DNS Response

185.64.189.112
8.8.8.8:53

hb-api.omnitagjs.com

dns

chrome.exe

66 B
125 B
1
1

DNS Request

hb-api.omnitagjs.com

DNS Response

185.255.84.150

185.255.84.151
8.8.8.8:53

partner.googleadservices.com

dns

chrome.exe

74 B
90 B
1
1

DNS Request

partner.googleadservices.com

DNS Response

172.217.16.226
8.8.8.8:53

lb.eu-1-id5-sync.com

dns

chrome.exe

66 B
226 B
1
1

DNS Request

lb.eu-1-id5-sync.com

DNS Response

141.95.33.120

141.95.98.64

162.19.138.119

162.19.138.120

162.19.138.118

141.95.98.65

162.19.138.83

162.19.138.117

162.19.138.82

162.19.138.116
8.8.8.8:53

cdn-ima.33across.com

dns

chrome.exe

66 B
151 B
1
1

DNS Request

cdn-ima.33across.com

DNS Response

104.18.35.167

172.64.152.89
8.8.8.8:53

tags.crwdcntrl.net

dns

chrome.exe

64 B
128 B
1
1

DNS Request

tags.crwdcntrl.net

DNS Response

18.173.233.95

18.173.233.47

18.173.233.119

18.173.233.10
8.8.8.8:53

ccef6d972b1c35c2366959a06ee4e8d8.safeframe.googlesyndication.com

dns

chrome.exe

110 B
169 B
1
1

DNS Request

ccef6d972b1c35c2366959a06ee4e8d8.safeframe.googlesyndication.com

DNS Response

216.58.213.1
13.32.145.66:443

api.privacy-center.org

https

chrome.exe

10.3kB
10.0kB
24
19
216.58.212.206:443

syndicatedsearch.goog

https

chrome.exe

7.9kB
70.3kB
59
88
8.8.8.8:53

crt.rootg2.amazontrust.com

dns

chrome.exe

72 B
136 B
1
1

DNS Request

crt.rootg2.amazontrust.com

DNS Response

18.154.63.35

18.154.63.76

18.154.63.114

18.154.63.32
8.8.8.8:53

crt.rootg2.amazontrust.com

dns

chrome.exe

72 B
136 B
1
1

DNS Request

crt.rootg2.amazontrust.com

DNS Response

18.154.63.35

18.154.63.114

18.154.63.76

18.154.63.32
8.8.8.8:53

ampcid.google.com

dns

chrome.exe

63 B
79 B
1
1

DNS Request

ampcid.google.com

DNS Response

172.217.169.46
8.8.8.8:53

tpc.googlesyndication.com

dns

chrome.exe

71 B
87 B
1
1

DNS Request

tpc.googlesyndication.com

DNS Response

216.58.213.1
172.217.169.3:443

www.google.co.uk

https

chrome.exe

7.7kB
7.8kB
22
23
216.58.213.1:443

tpc.googlesyndication.com

https

chrome.exe

14.0kB
746.2kB
149
618
8.8.8.8:53

stats.g.doubleclick.net

dns

chrome.exe

69 B
133 B
1
1

DNS Request

stats.g.doubleclick.net

DNS Response

66.102.1.154

66.102.1.156

66.102.1.157

66.102.1.155
8.8.8.8:53

region1.analytics.google.com

dns

chrome.exe

74 B
106 B
1
1

DNS Request

region1.analytics.google.com

DNS Response

216.239.34.36

216.239.32.36
8.8.8.8:53

match.adsrvr.org

dns

chrome.exe

62 B
126 B
1
1

DNS Request

match.adsrvr.org

DNS Response

35.71.131.137

15.197.193.217

52.223.40.198

3.33.220.150
8.8.8.8:53

beacons.gcp.gvt2.com

dns

chrome.exe

66 B
112 B
1
1

DNS Request

beacons.gcp.gvt2.com

DNS Response

172.217.169.67
8.8.8.8:53

cdn.ampproject.org

dns

chrome.exe

64 B
106 B
1
1

DNS Request

cdn.ampproject.org

DNS Response

142.250.180.1
104.18.36.155:443

htlb.casalemedia.com

https

chrome.exe

33.8kB
22.3kB
58
53
34.120.63.153:443

prebid.media.net

https

chrome.exe

18.5kB
11.2kB
30
27
8.8.8.8:53

en.softonic.com

dns

chrome.exe

61 B
158 B
1
1

DNS Request

en.softonic.com

DNS Response

151.101.65.91

151.101.193.91

151.101.1.91

151.101.129.91
8.8.8.8:53

aax-eu.amazon-adsystem.com

dns

chrome.exe

72 B
88 B
1
1

DNS Request

aax-eu.amazon-adsystem.com

DNS Response

52.95.122.74
8.8.8.8:53

onetag-sys.com

dns

chrome.exe

60 B
156 B
1
1

DNS Request

onetag-sys.com

DNS Response

51.89.9.253

51.89.9.252

51.89.9.251

51.89.9.254

51.75.86.98

51.38.120.206
8.8.8.8:53

rtb.gumgum.com

dns

chrome.exe

60 B
188 B
1
1

DNS Request

rtb.gumgum.com

DNS Response

54.229.148.225

52.210.26.144

34.255.154.106

54.171.11.232

34.240.152.87

52.18.231.111

54.246.147.81

34.246.79.237
8.8.8.8:53

ssum-sec.casalemedia.com

dns

chrome.exe

70 B
102 B
1
1

DNS Request

ssum-sec.casalemedia.com

DNS Response

172.64.151.101

104.18.36.155
8.8.8.8:53

ads.pubmatic.com

dns

chrome.exe

62 B
145 B
1
1

DNS Request

ads.pubmatic.com

DNS Response

23.219.196.188
8.8.8.8:53

cm.g.doubleclick.net

dns

chrome.exe

66 B
82 B
1
1

DNS Request

cm.g.doubleclick.net

DNS Response

142.250.187.194
8.8.8.8:53

s.amazon-adsystem.com

dns

chrome.exe

67 B
83 B
1
1

DNS Request

s.amazon-adsystem.com

DNS Response

98.82.157.231
8.8.8.8:53

dsum-sec.casalemedia.com

dns

chrome.exe

70 B
102 B
1
1

DNS Request

dsum-sec.casalemedia.com

DNS Response

104.18.36.155

172.64.151.101
8.8.8.8:53

secure.adnxs.com

dns

chrome.exe

62 B
323 B
1
1

DNS Request

secure.adnxs.com

DNS Response

185.89.210.82

185.89.210.122

185.89.210.244

185.89.211.116

185.89.210.153

185.89.211.84

185.89.210.180

185.89.210.141

185.89.210.46

185.89.210.20

185.89.210.90

185.89.210.212
8.8.8.8:53

x.bidswitch.net

dns

chrome.exe

61 B
104 B
1
1

DNS Request

x.bidswitch.net

DNS Response

35.214.136.108
8.8.8.8:53

sync.srv.stackadapt.com

dns

chrome.exe

69 B
197 B
1
1

DNS Request

sync.srv.stackadapt.com

DNS Response

3.209.70.78

3.224.31.74

3.211.176.3

52.204.245.185

52.71.201.14

3.210.226.4

52.23.28.143

34.239.13.157
8.8.8.8:53

c1.adform.net

dns

chrome.exe

59 B
192 B
1
1

DNS Request

c1.adform.net

DNS Response

37.157.4.29

37.157.5.141

37.157.5.84

37.157.5.132

37.157.5.87

37.157.4.28
8.8.8.8:53

ssbsync.smartadserver.com

dns

chrome.exe

71 B
474 B
1
1

DNS Request

ssbsync.smartadserver.com

DNS Response

178.32.210.230

149.202.238.101

178.32.197.52

178.32.197.53

217.182.178.229

164.132.25.181

178.32.210.231

51.178.195.213

5.196.111.69

91.134.110.132

91.134.110.133

51.178.195.212

5.135.209.100

217.182.178.228

164.132.25.180

5.196.111.68

149.202.238.100

5.135.209.101
8.8.8.8:53

ce.lijit.com

dns

chrome.exe

58 B
243 B
1
1

DNS Request

ce.lijit.com

DNS Response

52.48.206.11

18.202.15.55

63.33.3.88

34.249.172.33

3.248.125.109

34.250.71.26
142.250.187.194:443

cm.g.doubleclick.net

https

chrome.exe

7.8kB
14.6kB
33
40
8.8.8.8:53

eb2.3lift.com

dns

chrome.exe

59 B
112 B
1
1

DNS Request

eb2.3lift.com

DNS Response

76.223.111.18

13.248.245.213
8.8.8.8:53

tg.socdm.com

dns

chrome.exe

58 B
398 B
1
1

DNS Request

tg.socdm.com

DNS Response

211.120.53.204

211.120.53.206

211.120.53.203

124.146.153.167

124.146.153.154

124.146.153.169

124.146.153.151

211.120.53.202

124.146.153.168

211.120.53.205

211.120.53.192

124.146.153.153

211.120.53.193

124.146.153.164

124.146.153.166

124.146.153.152

124.146.153.165

124.146.153.163

124.146.153.170

124.146.153.162
8.8.8.8:53

creativecdn.com

dns

chrome.exe

61 B
77 B
1
1

DNS Request

creativecdn.com

DNS Response

185.184.8.90
8.8.8.8:53

us-u.openx.net

dns

chrome.exe

60 B
92 B
1
1

DNS Request

us-u.openx.net

DNS Response

34.98.64.218

35.244.159.8
8.8.8.8:53

pixel-eu.rubiconproject.com

dns

chrome.exe

73 B
157 B
1
1

DNS Request

pixel-eu.rubiconproject.com

DNS Response

69.173.156.148

69.173.156.149
8.8.8.8:53

aorta.clickagy.com

dns

chrome.exe

64 B
192 B
1
1

DNS Request

aorta.clickagy.com

DNS Response

35.171.195.136

34.203.58.160

44.218.158.12

100.29.20.208

54.87.53.92

3.220.200.140

3.221.17.52

3.219.10.209
8.8.8.8:53

pr-bh.ybp.yahoo.com

dns

chrome.exe

65 B
173 B
1
1

DNS Request

pr-bh.ybp.yahoo.com

DNS Response

34.248.206.39

52.49.108.45

54.76.90.176

34.251.102.64
8.8.8.8:53

match.deepintent.com

dns

chrome.exe

66 B
146 B
1
1

DNS Request

match.deepintent.com

DNS Response

38.91.45.7

169.197.150.8

8.18.47.7

169.197.150.7
8.8.8.8:53

sync.ipredictive.com

dns

chrome.exe

66 B
194 B
1
1

DNS Request

sync.ipredictive.com

DNS Response

52.0.8.114

34.228.205.35

107.20.90.72

3.214.53.170

107.21.226.44

3.219.15.152

18.214.221.59

18.232.192.117
8.8.8.8:53

cms.quantserve.com

dns

chrome.exe

64 B
174 B
1
1

DNS Request

cms.quantserve.com

DNS Response

91.228.74.159

91.228.74.166

91.228.74.244

91.228.74.200
8.8.8.8:53

b1sync.zemanta.com

dns

chrome.exe

64 B
164 B
1
1

DNS Request

b1sync.zemanta.com

DNS Response

64.74.236.255
8.8.8.8:53

image6.pubmatic.com

dns

chrome.exe

65 B
142 B
1
1

DNS Request

image6.pubmatic.com

DNS Response

198.47.127.19
8.8.8.8:53

bh.contextweb.com

dns

chrome.exe

63 B
129 B
1
1

DNS Request

bh.contextweb.com

DNS Response

208.93.169.131
8.8.8.8:53

visitor.omnitagjs.com

dns

chrome.exe

67 B
127 B
1
1

DNS Request

visitor.omnitagjs.com

DNS Response

185.255.84.153

185.255.84.152
8.8.8.8:53

sync.richaudience.com

dns

chrome.exe

67 B
83 B
1
1

DNS Request

sync.richaudience.com

DNS Response

148.251.20.249
8.8.8.8:53

contextual.media.net

dns

chrome.exe

66 B
82 B
1
1

DNS Request

contextual.media.net

DNS Response

92.123.240.21
8.8.8.8:53

js-sec.indexww.com

dns

chrome.exe

64 B
96 B
1
1

DNS Request

js-sec.indexww.com

DNS Response

104.18.38.76

172.64.149.180
8.8.8.8:53

secure-assets.rubiconproject.com

dns

chrome.exe

78 B
183 B
1
1

DNS Request

secure-assets.rubiconproject.com

DNS Response

23.215.239.190
8.8.8.8:53

usersync.gumgum.com

dns

chrome.exe

65 B
113 B
1
1

DNS Request

usersync.gumgum.com

DNS Response

34.247.233.198

34.247.205.196

52.210.15.1
8.8.8.8:53

eus.rubiconproject.com

dns

chrome.exe

68 B
165 B
1
1

DNS Request

eus.rubiconproject.com

DNS Response

92.123.242.2
8.8.8.8:53

cs-server-s2s.yellowblue.io

dns

chrome.exe

73 B
201 B
1
1

DNS Request

cs-server-s2s.yellowblue.io

DNS Response

3.212.168.182

107.22.211.243

18.211.232.251

3.92.159.128

54.243.219.7

18.211.222.87

18.214.7.230

44.214.212.182
8.8.8.8:53

player.aniview.com

dns

chrome.exe

64 B
175 B
1
1

DNS Request

player.aniview.com

DNS Response

2.20.12.70

2.20.12.106
8.8.8.8:53

ssc-cms.33across.com

dns

chrome.exe

66 B
118 B
1
1

DNS Request

ssc-cms.33across.com

DNS Response

67.202.105.24

67.202.105.22
8.8.8.8:53

api-2-0.spot.im

dns

chrome.exe

61 B
240 B
1
1

DNS Request

api-2-0.spot.im

DNS Response

3.209.5.252

3.230.232.213

54.81.69.212

3.209.55.215

54.85.140.28

44.215.165.164
8.8.8.8:53

bc-sync.com

dns

chrome.exe

57 B
73 B
1
1

DNS Request

bc-sync.com

DNS Response

8.2.108.175
8.8.8.8:53

sync.1rx.io

dns

chrome.exe

57 B
73 B
1
1

DNS Request

sync.1rx.io

DNS Response

46.228.174.117
8.8.8.8:53

image8.pubmatic.com

dns

chrome.exe

65 B
146 B
1
1

DNS Request

image8.pubmatic.com

DNS Response

185.64.191.214
8.8.8.8:53

csync.loopme.me

dns

chrome.exe

61 B
309 B
1
1

DNS Request

csync.loopme.me

DNS Response

35.214.205.154

35.214.236.216

35.214.149.211

35.214.151.172

35.214.235.191

35.214.161.124

35.214.132.236

35.214.185.77

35.214.209.225

35.214.216.122

35.214.214.217

35.214.210.232
8.8.8.8:53

jadserve.postrelease.com

dns

chrome.exe

70 B
151 B
1
1

DNS Request

jadserve.postrelease.com

DNS Response

52.31.108.193

52.18.167.44
8.8.8.8:53

sync-service.net

dns

chrome.exe

62 B
78 B
1
1

DNS Request

sync-service.net

DNS Response

204.62.12.209
8.8.8.8:53

hbx.media.net

dns

chrome.exe

59 B
75 B
1
1

DNS Request

hbx.media.net

DNS Response

2.23.220.28
8.8.8.8:53

gum.criteo.com

dns

chrome.exe

60 B
107 B
1
1

DNS Request

gum.criteo.com

DNS Response

178.250.1.11
8.8.8.8:53

id.rlcdn.com

dns

chrome.exe

58 B
74 B
1
1

DNS Request

id.rlcdn.com

DNS Response

35.244.174.68
8.8.8.8:53

c21lg-d.media.net

dns

chrome.exe

63 B
148 B
1
1

DNS Request

c21lg-d.media.net

DNS Response

2.23.220.28
8.8.8.8:53

bttrack.com

dns

chrome.exe

57 B
105 B
1
1

DNS Request

bttrack.com

DNS Response

192.132.33.69

192.132.33.68

192.132.33.67
8.8.8.8:53

medianet-match.dotomi.com

dns

chrome.exe

71 B
147 B
1
1

DNS Request

medianet-match.dotomi.com

DNS Response

89.207.16.204
8.8.8.8:53

cs.media.net

dns

chrome.exe

58 B
74 B
1
1

DNS Request

cs.media.net

DNS Response

2.23.220.28
8.8.8.8:53

sync.aniview.com

dns

chrome.exe

62 B
109 B
1
1

DNS Request

sync.aniview.com

DNS Response

172.240.45.96
8.8.8.8:53

dis.criteo.com

dns

chrome.exe

60 B
110 B
1
1

DNS Request

dis.criteo.com

DNS Response

178.250.1.9
8.8.8.8:53

token.rubiconproject.com

dns

chrome.exe

70 B
151 B
1
1

DNS Request

token.rubiconproject.com

DNS Response

69.173.156.149

69.173.156.148
8.8.8.8:53

sync.targeting.unrulymedia.com

dns

chrome.exe

76 B
117 B
1
1

DNS Request

sync.targeting.unrulymedia.com

DNS Response

46.228.174.117
216.239.34.36:443

region1.analytics.google.com

https

chrome.exe

9.5kB
8.5kB
27
29
8.8.8.8:53

pixel-sync.sitescout.com

dns

chrome.exe

70 B
86 B
1
1

DNS Request

pixel-sync.sitescout.com

DNS Response

34.36.216.150
8.8.8.8:53

match.prod.bidr.io

dns

chrome.exe

64 B
176 B
1
1

DNS Request

match.prod.bidr.io

DNS Response

34.246.139.66

3.248.173.67

54.170.20.205

34.248.243.155

52.16.65.27

54.247.20.233

54.155.111.174
8.8.8.8:53

casale-match.dotomi.com

dns

chrome.exe

69 B
145 B
1
1

DNS Request

casale-match.dotomi.com

DNS Response

63.215.202.140
8.8.8.8:53

pm.w55c.net

dns

chrome.exe

57 B
123 B
1
1

DNS Request

pm.w55c.net

DNS Response

3.248.27.53

54.171.131.187

99.80.216.230
8.8.8.8:53

sync-tm.everesttech.net

dns

chrome.exe

69 B
223 B
1
1

DNS Request

sync-tm.everesttech.net

DNS Response

151.101.130.49

151.101.2.49

151.101.194.49

151.101.66.49
8.8.8.8:53

cdn.indexww.com

dns

chrome.exe

61 B
93 B
1
1

DNS Request

cdn.indexww.com

DNS Response

104.18.38.76

172.64.149.180
8.8.8.8:53

ib.adnxs.com

dns

chrome.exe

58 B
319 B
1
1

DNS Request

ib.adnxs.com

DNS Response

185.89.210.212

185.89.210.82

185.89.210.46

185.89.210.20

185.89.210.153

185.89.211.116

185.89.210.180

185.89.210.244

185.89.211.84

185.89.210.122

185.89.210.90

185.89.210.141
8.8.8.8:53

match.sharethrough.com

dns

chrome.exe

68 B
121 B
1
1

DNS Request

match.sharethrough.com

DNS Response

18.195.234.25
8.8.8.8:53

cdn-download.avgbrowser.com

dns

chrome.exe

73 B
189 B
1
1

DNS Request

cdn-download.avgbrowser.com

DNS Response

2.20.12.107

2.20.12.82
151.101.129.91:443

en.softonic.com

https

chrome.exe

1.6kB
3.9kB
4
5
8.8.8.8:53

connect.facebook.net

dns

chrome.exe

66 B
114 B
1
1

DNS Request

connect.facebook.net

DNS Response

163.70.151.21
8.8.8.8:53

5f9ca2ac9e594db0da2c77bc41c36353.safeframe.googlesyndication.com

dns

chrome.exe

110 B
169 B
1
1

DNS Request

5f9ca2ac9e594db0da2c77bc41c36353.safeframe.googlesyndication.com

DNS Response

216.58.213.1
163.70.151.21:443

connect.facebook.net

https

chrome.exe

4.7kB
48.5kB
27
49
8.8.8.8:53

www.facebook.com

dns

chrome.exe

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

163.70.151.35
8.8.8.8:53

ep1.adtrafficquality.google

dns

chrome.exe

73 B
89 B
1
1

DNS Request

ep1.adtrafficquality.google

DNS Response

172.217.169.66
8.8.8.8:53

ep2.adtrafficquality.google

dns

chrome.exe

73 B
89 B
1
1

DNS Request

ep2.adtrafficquality.google

DNS Response

142.250.179.225
142.250.179.225:443

ep2.adtrafficquality.google

https

chrome.exe

4.3kB
13.7kB
15
18
92.123.240.21:443

contextual.media.net

https

chrome.exe

6.0kB
32.8kB
24
38
8.8.8.8:53

cs.krushmedia.com

dns

chrome.exe

63 B
79 B
1
1

DNS Request

cs.krushmedia.com

DNS Response

80.77.87.216
8.8.8.8:53

um.simpli.fi

dns

chrome.exe

58 B
106 B
1
1

DNS Request

um.simpli.fi

DNS Response

34.91.62.186

35.204.158.49

35.204.74.118
8.8.8.8:53

s.ad.smaato.net

dns

chrome.exe

61 B
125 B
1
1

DNS Request

s.ad.smaato.net

DNS Response

18.66.248.129

18.66.248.84

18.66.248.81

18.66.248.116
8.8.8.8:53

ums.acuityplatform.com

dns

chrome.exe

68 B
84 B
1
1

DNS Request

ums.acuityplatform.com

DNS Response

154.59.122.79
8.8.8.8:53

data.adsrvr.org

dns

chrome.exe

61 B
145 B
1
1

DNS Request

data.adsrvr.org

DNS Response

35.71.131.137

52.223.40.198

15.197.193.217

3.33.220.150
172.217.169.66:443

ep1.adtrafficquality.google

https

chrome.exe

3.6kB
8.2kB
10
13
8.8.8.8:53

sync.serverbid.com

dns

chrome.exe

64 B
171 B
1
1

DNS Request

sync.serverbid.com

DNS Response

18.154.63.117

18.154.63.17

18.154.63.18

18.154.63.20
8.8.8.8:53

ad.turn.com

dns

chrome.exe

57 B
105 B
1
1

DNS Request

ad.turn.com

DNS Response

46.228.164.11
8.8.8.8:53

s0.2mdn.net

dns

chrome.exe

57 B
73 B
1
1

DNS Request

s0.2mdn.net

DNS Response

172.217.16.230
8.8.8.8:53

t.adx.opera.com

dns

chrome.exe

61 B
104 B
1
1

DNS Request

t.adx.opera.com

DNS Response

82.145.213.8
2.20.12.70:443

player.aniview.com

https

chrome.exe

1.9kB
5.5kB
9
12
8.8.8.8:53

pixel-us-east.rubiconproject.com

dns

chrome.exe

78 B
151 B
1
1

DNS Request

pixel-us-east.rubiconproject.com

DNS Response

69.173.151.100
35.244.174.68:443

id.rlcdn.com

https

chrome.exe

2.6kB
6.3kB
10
12
8.8.8.8:53

p.rfihub.com

dns

chrome.exe

58 B
148 B
1
1

DNS Request

p.rfihub.com

DNS Response

193.0.160.131
8.8.8.8:53

a.tribalfusion.com

dns

chrome.exe

64 B
96 B
1
1

DNS Request

a.tribalfusion.com

DNS Response

172.64.150.63

104.18.37.193
8.8.8.8:53

s.tribalfusion.com

dns

chrome.exe

64 B
96 B
1
1

DNS Request

s.tribalfusion.com

DNS Response

172.64.150.63

104.18.37.193
163.70.151.35:443

www.facebook.com

https

chrome.exe

5.4kB
6.0kB
16
22
8.8.8.8:53

wct.softonic.com

dns

chrome.exe

62 B
139 B
1
1

DNS Request

wct.softonic.com

DNS Response

104.26.3.63

172.67.74.173

104.26.2.63
8.8.8.8:53

js.adscale.de

dns

chrome.exe

59 B
166 B
1
1

DNS Request

js.adscale.de

DNS Response

18.173.233.7

18.173.233.112

18.173.233.13

18.173.233.106
8.8.8.8:53

04bad0e059b40130318c69ce114f650e.safeframe.googlesyndication.com

dns

chrome.exe

110 B
169 B
1
1

DNS Request

04bad0e059b40130318c69ce114f650e.safeframe.googlesyndication.com

DNS Response

216.58.213.1
8.8.8.8:53

ih.adscale.de

dns

chrome.exe

59 B
107 B
1
1

DNS Request

ih.adscale.de

DNS Response

3.125.98.251

3.67.112.80

18.195.17.219
8.8.8.8:53

prs.sftcdn.net

dns

chrome.exe

60 B
154 B
1
1

DNS Request

prs.sftcdn.net

DNS Response

151.101.65.91

151.101.193.91

151.101.129.91

151.101.1.91
8.8.8.8:53

push-sdk.com

dns

chrome.exe

58 B
186 B
1
1

DNS Request

push-sdk.com

DNS Response

23.88.8.125

178.63.248.56

178.63.248.57

157.90.33.72

157.90.33.121

157.90.33.68

23.88.8.123

157.90.33.122
8.8.8.8:53

uidsync.net

dns

chrome.exe

57 B
185 B
1
1

DNS Request

uidsync.net

DNS Response

157.90.33.72

23.88.8.125

157.90.33.68

157.90.33.122

178.63.248.56

157.90.33.121

178.63.248.57

23.88.8.123
8.8.8.8:53

8proof.com

dns

chrome.exe

56 B
72 B
1
1

DNS Request

8proof.com

DNS Response

52.116.53.150
142.250.200.27:443

storage.googleapis.com

https

chrome.exe

5.1kB
57.0kB
31
50
151.101.65.91:443

prs.sftcdn.net

https

chrome.exe

2.5kB
5.5kB
9
8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
fe590b580de164dddfa57ecb5cf1c84a

SHA1
2ee2a324d197d414bfd1b73f0c97e5b66447de90

SHA256
c0e41d64717903e1372f3aa07fe5fe74012596025bd2a7d57d7fb1f21f33209c

SHA512
16bdceddb8e05d01b1fca9885c613d2b417c046a16a657edb3f74d7f44bb048bb7dce8fccc556183ce3355daac2e8f3ac5bbd12cdded9971a257097e701a11aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50f374f7a886182e7a500f68c04ffeee

SHA1
2a6e04cfb6d279950b1c5fcc5c7c04157b224986

SHA256
e7ff24548fc9ba9426921c5c66583e043897c34290bc80cd162ca272e65c657b

SHA512
de7d5fd034b09c5ccd83c4ff65706c71f2ed07b7e2a6304b03d009ee249db2e6ff42d7812af5178c637993ba6c92a34a331b7b9531c460721a33d237159469a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1afdd8fbb4127dd241ea7a7225020a4e

SHA1
b76f29ac9df36dbf254c5c059c377e5d80114e8c

SHA256
6fc50838ee71f0b57cdca9ccf666d6bd6760c736ebbbc2dfbb04b96c4d648b23

SHA512
ada6aad71adfbcce912c76892b859c3fa2978d0647fe44cd8b2ff21d21c43d43be162c7e9b322a5e163941045fde23bd50130f0bcb19d882b7946447ab174fea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c9e7af9518dd990ba02119af59df946e

SHA1
10b5b8ff6ce3c9d4b3ebed6d73fb6858d321017a

SHA256
6e30a1fb738dd75c2219aa68fdc656a17af69d1ba347b8777a12ce8afd79c997

SHA512
28d8b51331309f509ef5b1bfaceb8e2b42ed543823929a69b524e2a2a4a841187923ec7df3e772c443d08d09816239b85a1087c95c826d94411983a5820c8c09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4ea98dfa4bd9782328e65f43636cb2f

SHA1
0f67b1e7d05f438f1a8b81c7bc23057a07e89187

SHA256
8917fd1affe0495f3aacab21c4e6e83ded1e283ea3e05aa157a1b59050c5286c

SHA512
b517b14509988a6962dbc7a8fd039dcb1e1fb757b280e2ce1d6e1fd5f949bd71c7d2ce913e1446e2348a4b93a6525a6d048fe45a8680b797f38ba0638a5dc93a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fadba51fc0fcfe25dcaa74da9e77b9d0

SHA1
c910ff984b6a5c1836fca9f4fdec292fbb4b3f31

SHA256
505fd6a8ca09e719787d91f95f1ade9f7defdd3be32eabd279380b8ec5f09437

SHA512
d12698326ab2c4ef23b497f59ba444953cca3c0e7c48b5c0a9b9f3743a5e1c6becd9ef4e182ae512014b943457e00dda8f450ae1d0fe449eead5ba9a09057d3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c02622db667e1b49b4b076308c989286

SHA1
0b39e3298b41bcab199ede57bc1ee9a604a8a7ab

SHA256
db5e7969780c85e49475cbf37a7a068c7ee90630e3172c48df162bd7d61c2ba3

SHA512
4619b49f1a4ceed733968b5160999528a3b34cb7ec49e99f93ba3b9c8661bfb56390f5bea9bb8a5dd0ee5f22dfd3fd2795f7e17545c92d827bb29ca16281564f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82ac1abea5d89ce3cd95ebb129d3aa51

SHA1
813f5f1cc495d44f7dc5822378cb6f2cd821fc71

SHA256
cf495b7352c5be07b03a631ecc9a4785bc559e5f119f66a7e4eb9eae64bb3451

SHA512
ba54385afefba2c865b3abcfecb22399cbb7f32fe1460f8ecac523e0bdf093242f61ff4167b0e155a9d1b41bb9ff78088febffca325ca2349b937149f41fed6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04bb32b198d983d1f1741a4856bb6854

SHA1
133b1c8957ffb0589579d00253fa4a0b1ded5337

SHA256
65e18c7df97af8c4d550dcc885724f3fb779404f6cd50f60e4719c40fd560b31

SHA512
0044c78812cc9278cebcfe794b02ad4612ba7b45db08066a877ec9bfbc61bdd27479871764792e7399ca72fe21e4bf9cc7eb0ae0894fc823d69da4cde57c81f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
050cb325875729a0159f030df21c37c8

SHA1
4eb9090223d3f97bc4c6445ba6025d5fc0d2d63d

SHA256
f999a2445180952be29e3dfab4ed58374ef531f562b3b35842fce5f4cc8e8727

SHA512
0b56eb5406aabd821557b2fd23889a6b6f9390d4720263373e8741c9038c9663490beaef541aeb26f0a632be8f84f05d2fd78b5caba65f9aba14b394a591fe64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a868b8f3219041c650543e4288c22cc5

SHA1
558096497bad1ce747ec412883db93ea3afa21d5

SHA256
ead34ca9d6f396086dafda09f04d0ddc8c1b664f1e45a023811a938d393a2865

SHA512
828d5e72dd5c3d802188a261571ed5df3e8e839e92442e23dc192d7ccefcfd768863a3143148eb9c47c305b640b17f0b37d8ca21db95903172ec08b460a1f7a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca43a2278a6a3f131b72439216f47aac

SHA1
8e57f5052d21a8537ed0c6289a8227be2b18cbec

SHA256
c922300aec9f0cab1b08e3ebd5be442380b5e31042b697b55c9da1e61eced504

SHA512
f343d010f2b71487a65ec89077b506e0fb3a4d41a1552656932dffb6babcc41450170afb898f2f021828976ed85cf5006a77df33d73721953f6ea7f09354e68e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c113c54610514ccf248e99cc4f2360d

SHA1
198b57bb4e07f335878c2807f063d56f29b153e0

SHA256
5fbcb7a7ac5e4d15dafad6ef94a257739cb5abe39399f943e8d299567e58c626

SHA512
84a2e4d6a73413622b33053cfcfc707ce47ebffc72552d4f7752b063b0dd7df24a13faa89fda8dd57c0ff785120c9b1399b158fa636cd2a4f0c9d5c9213e41b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c331e23f1a593cf2039eabdba0bc59f7

SHA1
1471afd01bd8672eeb23ea706a8d1eb66cef6d4a

SHA256
67c7c5cfc16060652aba509d53079e0c6d38f656e449d9b45f3a8dd2cb6c8966

SHA512
623e380f90c29a8d54b6d9e380dbd4487df13459b16b0d83e24697c846d6870e27fe73f6d539474b23b7fe6c0ee95c98a7de1eaa1bea41f5d5e9965975581434

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6941f499fcab06aacc68c34fa520ac18

SHA1
209070ff07d3d634f83264a180c6da875ac5a6b7

SHA256
c6783dce9ba0adcf1176b910397841d508d7180bce79b55daa9fcf2eb136d28f

SHA512
b13d94a6b0c81208430e6ceb82ad7ed14a1f283e28891f2d9adfbb9a52e15b4962604834ba7e79e56a046a4ab072dc7ab354d377734e7025fdd7a062e94ae720

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f990e76b830f5227b9fbbebf5742e268

SHA1
d10d9d07d2126f5de942a3cd3637532cba6247a5

SHA256
b053d55a2b750fe124aedeaa1af29ad21f4ddda60b77cbbbfa38979c25fa20fc

SHA512
480ebf2ec4ce51df5f725ed906fda36e119b8aff62d7a2c010dc83bb40d7c3231892b6df2d1c7e7f61aeb5511ceb64bb5d9ada44eea72c44eda488691d069de3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8aeb9130656bcdf521db152c2fa9c28b

SHA1
39c0216a5d04b6afbcd51b8dab77c9010d197c90

SHA256
1a0f6785d5d335e46e01594a069b7acc3e0e9f244e9ec60452607a612758bb35

SHA512
36d99b29d86c2bb2d0b6f477f471b27f05e3e503443baeb864ea6b8a1e17c235cd524ce8f062bd13ba7048c891b9a75e47c59211e908c718f9dc25ce077b8c96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7b7abd23cac6fae096c7c07c40681da

SHA1
be1067af217dcc40404ea2b8a43bd885145c9021

SHA256
cb3cccb3607fe2cf8c874b874b9b65d9c6455a505b8c9752a8670933d2112542

SHA512
bad40a85a7e50862834c607a6a109c0db8f57b17c88c03992a3286111fe9a6cb52c6031e66a81df57dd53bd4c7a56055275a56da0c18ab685deacbbacafe37aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eaca91d6c963b42d22e49c78396cdb4b

SHA1
63053de44d1873e7a560c858ca7f0aae8a188e05

SHA256
c87c38bfc7288cecfcef2ba9e37947d70e8987b2701bd1ca3c8c2d92508747ad

SHA512
9ba33391ccaa966530faf6592096fd422b0f82f28fafb9cb091206d85703298f1946c2e859f0067719ed1df4808b53a59b30e04d642fd38c6b71d32a243de883

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2a1e8439c16c5429e7468724763ed5e

SHA1
0a0287b8f5e83ebcf154d9e71bce028857252f2e

SHA256
a01a0c971478eb9d132cf4223a7b62acbfd6cc3a7fbe4f78e5fb57b9a7001f2b

SHA512
f70fca01f7a237a9c1f6f0c866207b047fa2438d20e15b0e4208c53cfb41b615dba95d3faf617b300c7b4e5cae421fa165ab7c93f7716733471e17a312d489d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
becd0ae47fd1c13d277ebadb7e2439fb

SHA1
d898ee086d43ff0fe059ed32ed6293bc3faccb38

SHA256
5e2d4213727d223e086ad34d0a3cf37226a75ee800c3bd9c61d1aeed786e6fb6

SHA512
3c9b53a2ca3be15b1669bbb4a23c7868719a3d27309e6688cbfe9e05388d5ae66812c807d118b28a8b2ae85744349211bb4d6741987f24bed163f5754438bb51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
386b75852b8219a24fe202c46c80ba1c

SHA1
50ae9f13db675f9c0a4c2c60a0c181ecc4ca99a3

SHA256
2ecb6e2c0dcf33fd07192ec80418ecd92da8c5e4c458e470f0caa9f0429040cd

SHA512
74a5911a7b9b83a9f83ba9d719a655ad1c7b57163ab7c5058877c89fbeca4a9d81856f345f730cdd34da1678beb76bbc44de5907beaa2cf5d44cbf6f1e022fc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
953613ac75a0c3c8ea3f15af7be65a3d

SHA1
6021f753052d0f8c0be0dc26eaff2b2404d11ce5

SHA256
2a8c6fec2e483b17ae01d1a1a50d97972c84a837c04128b32be53c2ec5acdcf3

SHA512
8298c8f34b5e0a74aa6b59cb22f1d9dc174d7bb8084b7786b44688ed48c1979fdf7947f1363aba18040a4f69eaa536413eef099fdc399a429b61f64f008534f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f7a4b75458189acf3c183825934d6d9

SHA1
3fe033748ca7a3be4bd398833e4592983d1bfd74

SHA256
8312ee601fb53b91a2796e610be29b6d8af08ab8ac9435ddc2a62a895ec32ae4

SHA512
30d10b253968912798c5b9c4cf3dda32a546a7b8044a878b581b7e9d5e72dca71477eb8f687e95a1a8e4f5d8d1ac0eeb87053e8e1240493ef8d17199d942c8c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
03ca9facc6d41016779c8cc7a5d41432

SHA1
6330c5649b7d9bf24ce0993ceb33381cd0152be9

SHA256
a99015ebfbf31e646063bce4a3d639fa08909042e0436643b181a54330e2a33a

SHA512
49a91ce67dbbd09159e739ca0fd767800c0bc358d943e80ca9844446105fe1e8db1a63e68aa9123d25ac558640b2c7b630dcfe2d1fa331d00fee20ea84380ba9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21dce1c9318fc280939a67d160f524c1

SHA1
ff2c8f2d7089ae192eda3b9b34fc85752316f123

SHA256
4a6707265c756e7a1f761c1b77f1e3096276cfe4e724cf4edd412e759111047e

SHA512
84c4b112242d7018c9aba89fe9f0ee21122b276568995253951c621c22d93086d26606509085ad124f8cff21610426050ee15bd96775319a7142f6bc225cf136

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
114f9f5542007e73de690c5352c2990c

SHA1
cda0138a81ca6b46a2b6bbfd092c863f550a8bab

SHA256
b38ee36662acde8373eaa9c0af437ff0cb661fdc92ea12e257009e83a03436ba

SHA512
2b0892d5b0a5f5cc53693fac014e9eb98cf50f558237ae7903c0036d1bd19ff93944e1336217c6e9d5374729b5b1d58a37ac798c20303434b87369a71d35ab94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27cfb413dbea35825bef7dc35b591bf6

SHA1
9e05a3027fa0dc68792a376ffdac3723043826a2

SHA256
f2cd6d38a03b232fa7a9274bc2c0cf47199176c6034e902f90efc678e08733c3

SHA512
6ff8e3ef8f627c35f0d4072b4920c4cd39571523ec29d419bc5c02484631683154cc9d0da4f1258cc3606077502b766aa168280522de5118f45384fa2ffdd86a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb8fd340089eca6894ba664f8ec9aa04

SHA1
0ef91eb5c72f7c53b0283444234457a5dba097bd

SHA256
2d04a8d68984ff01a2b553ae8db134326e5b625ac852447ef0a08169ee4766c9

SHA512
af0a3f7a6b2703c88599e742f3a7ecc7ff35c7960b79c6a516a4e3ab3eb6636a224d8772f4381abe47d69ed9adf8f66df325ab9596486bbc508c9c7700a4ce0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3999bc207a3842aefd81b195c88da0fc

SHA1
bf862a35fcd0c1bb766ba7495970d5fb86fcfd7e

SHA256
499f9cd2a17a4ed000e86dbe79de8a507d25ff99795c9834d520c86328810531

SHA512
322e18df5982f1a755c01ca91ecf26480cdf4b4ac9217f99562020b50480fd81a082a4f45668f7589c447f786793b0ce7fbea3e35c920f9113a6c1b059214d96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7eb8d17248ccd2ccc82af709e5bf9ba

SHA1
502f88011cbbc1db9d17b1f548930c9f04894793

SHA256
e96b62be97076dcbe3362b048f867f9fc9e4b7dcc6255237d28bbfe5db744c70

SHA512
d3451f51a574fad57aea87c1c572035ee50f7243e97d4efa23c0421593d24dc85b78d5560f2c6c5521ba25e0c0eb1a96e055ae7cfd9079b2f661c10f930c7650

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d89a6ff908e0be53c1ca191fd7bf83c3

SHA1
65fa2478f912210379379402bcc888e9810134d5

SHA256
aca4064e6f506f311c82a4629357564502303cc4f14df08a3da3f53880f159d9

SHA512
102b6db8ffdcd1eb096499cf90b2065544b5df51a920a2846e85bbd62a430fe24803b1a10ed66e9079feda7d806093b824b9216758962f67106577c648c99cb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d71dc38fba8d75629f4a97eb86664ec2

SHA1
9a79520525e6e41a315866980d74e30b7cc5ba0b

SHA256
f97b80f7cf6ae74840fc56effc57414a8acbeaeae2546e39f58b544d4b3173a9

SHA512
60dd4187a8ac40f610f241f3079f4315721da3304e6e3218aa13a5f232f9f8208800ed04327f75b0c0695d97e33713b1e12d059b99afd5d4f362c223451ccff4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b3e25f233423736e01be7ceca05f8c9

SHA1
5ff9a1dd31a8d2796ba4dbaef52bfd741edb5ced

SHA256
8cf18a7718bfff78be96b5ecd9d863d5b02ac97e9fd7e42cb02f91459f703c74

SHA512
d9b49bce4ce26ce02d2b5847ac02aae3debf7b4415d99fc4cb6755b45e422ee0f2dcdb455f194e30269d419b194b38bfb448f1a9cc9eb81811aad258b67dcd86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e081b5cd4d84e70e2bb52575e217e19c

SHA1
44316418a9cea1a2c1bd5c9b9ab10fd75be6bd2b

SHA256
4c386a373beb8d726b5736240a17215cdfd73818e7840d5eebf4ec1a9e30e1dd

SHA512
65ab278b5075cc7d8f7caf4bd620ff2a7901720751dc9249b272f0fe837b4bb8869804e7b1422b4768b9ed28b8325b4e4fa54e47b1f54ddb952b3250419c1712

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf5dbe79d6a3e439f16015001c4252c0

SHA1
e9eb427c276d135167a9d4f77ba25f261a30a603

SHA256
9146f3bd26fe3f0587a4f172169a923e4f7467ea505373cca4c8f3dc7f17158e

SHA512
9136870665acb8f38566255c13a36681c4173baa3610a30848a59de752fba326cad7530e60dbe009b347f2ddd395425df29b20df518421f631117cb7d05a6992

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
744637d98ab3aab23d3f2704d0018bc9

SHA1
effac60c433729bc3f26a918924162ab53ae9ce3

SHA256
63365fcbbebee371bfe81299b41df58132dbcdab9641854ec5357bef232bc6ef

SHA512
965ddb5b4e0b7cc7ab6ee461b581c3206b44893e805494f623d37f1bb5f9c7326351c40c9a7f7a69942ac8ca4fbe9744481870626fa9bc30a831557c6834cdc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0bde423af40a486f697ae1837dee990c

SHA1
d231237fbbe11c57c62eef38870a75cc8681c05b

SHA256
723faa6bcbd666fb322732b8fffed51744e98308f4093074ee02c503a22f420d

SHA512
32e307c83749f50fccae1f7c20acee9ae772bdcb8c0956a77fc44aaaa11c723bc277a1da14d471868636b847b71395b206c1b6acaf0b17bcd5ea9f6a42f53b07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14c7da52c062c8f1c5c97d7fe1c8771e

SHA1
92cffc401c9b97b19463b92c8e4ebee29d1cce03

SHA256
a2004eb2467ef6cefb028337b5d6a712cf9c0c63aae1adc89a020f44197e4c79

SHA512
043a5d78d18a37e63b495380c51129de8ca9502081140f96ffdad8ee455f03c2e042b3275dbc60656fce365f8c12655b1a69d6d292a0ec840276d2503f5f4eb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae40910faf38596874008c780d55b0e8

SHA1
44d6f9f28f9e27a8522d67b70ad33c2f6760244a

SHA256
2ff5ec5f3efd559d351732471b591e064cdca8be52493938f957dceb76be66b1

SHA512
1fc9f29fbecd395bc21d7ac934a06778464628de4355e3c1d4bc432241ac73f81277aa69df39323d5f7a7e71a7b73cb875fc8a5785378b763e21db900691b080

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c314becaa6bc3afbb5043c9411bc2872

SHA1
92fd6dea8f889e1cb556140b8dc3b544b39201e4

SHA256
7281e4e04c782e6cad8093e6361b6d4450a37376a95af8c43e21a8415c2b1b2e

SHA512
c1241e29ffb504c573bb9b495c7ed5a5dca5e8a274672e65fd7991fc49728d2d86d2cd4e0026cf34a61727f7b1f701ebbdb9055c78cd85a500e914384c1dc0d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b0f623fa593e948a37f0ec38001214e

SHA1
656d2b343fac9f20145772e76d3999a4513a217b

SHA256
abe7254ff350c44cbc1a11a9d5b15994209e44cbce8701f87dc19bc3e2807175

SHA512
4dc858c5857abe46d78f8385910de7c73936990078c6b216783e7a6204c75ab042913d85926150f7de30dba0c769fd06356d295d8f37d7e5fe8d2fd50eb1ee51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a6585f5aa801613ccc3e013b306a167

SHA1
f0e8e882aa72e7c9b76cbc0cadb8702543668511

SHA256
c78cb54f7c746402734d2143d167d7de929845498901d78b75a9e53e7f2cf2e7

SHA512
4e7dc91eda41fc5f9c365061bea70d34a5e5697887890763a05e1c666de4f8d65fbb1a197b31ec3d3a47e1ebb2fbbf0b0029d3734213a1bba7b459c584a77015

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36f881e70f5dc47aab848bd24f434e2b

SHA1
4f842c20ee9164d9f4ab47d1feca3d55cfbf9aa5

SHA256
33731845601592f405d65a277ffa5a56c30dbfa457e16415d4188fe6ff91767b

SHA512
1410991dd98cb50ecb8983bba24f148c0b70b39e6c53b5d322b82609bdae40ab46470f04127d8a7c70712880657372051f4d93afc23c4caf56bf7a2b2ed3eb50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31cce78c96d9d6092bf2e2e8d6869a5d

SHA1
c21304ed3fc938623ca5bc37a886fb62c9b0a150

SHA256
34ade1b96fbf4d4f5057182d53d502ed164941b1641f17a50c070f221c9e9119

SHA512
ea361b649a147dd1fa786bbbccb9a90160dc644e59bd3dfd542cd6c23ad591e1e960880827ad33914030a368d22261008da6cc90bbe66ae93072d270ed4bd662

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f303af55448c93697ed9831704e3d894

SHA1
c96672c39341bf7c3aadca3f46447cb077401423

SHA256
342425de063643c6dc5924154bb45fdaf661a429b400ac0a6a1faceed9745dbe

SHA512
de4745f12dd67a9fe1ff854bf65bd91d2d2dad551ad5145e6a5192f1f0248848f1737c60a3f0876f5c1c708f6645e3bb4e92493506528c5b3122a6e1cbd08dc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88f21d9b70b87563a2b04bfea872cc1a

SHA1
fd6f5329d5b5150a0ce7bb755b8eff34867e418d

SHA256
2bfccde1bd67f83252efb9a4b79e42df3d9417ced51acc181dcdbb6f6ab99e3f

SHA512
e6e781eef9ed3da5ae19204711fd9f04de68296baa0afc1174ae6e137a7b74b78a6745f29bf05bedda0d4912b0275193f8e06b351e33af8c7fd4c06ef506c32a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
134026b25aa96b7875ff98f886115e42

SHA1
9ac920a391c3841cf249a9f893ab3719daa25903

SHA256
58afcfeecdb868fddcb179125cf38da1eb3d24e2f6ca98c625fe7e3c7002374d

SHA512
3c8673df6af4d522b5a135a2c1d281e1a07bc3fc6ce162c4b7c5204cafaf4883469481574fba6eb879202abc97030ccd5eaf99976e113d32cb9f1efa4533ace9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d15c9034244ea2d547c7af3155f952b

SHA1
ecf0609815034da0f3a03d341b612fc9b86db46d

SHA256
c4b6be609cac43ddcbef3374a0b16d94a7a9a100b8e12f6d599dd6ab6ca3b0bd

SHA512
3ce99e1a918c053efce6d25fcb2cb5e5fd25b581c450d24c3ce8a066677e4866c2b43cc39e57729d8b2af4ece358ea9084293283dd7d3bc629081b6810f7a205

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb92b52f8c33d397704a6572d92f90f3

SHA1
095489e83c7a0329cfa760e92524780aa58eb443

SHA256
24c07b6d761b91c143897f93d8cc3e260e41bdfffe8b61ee512991e94b5bd4c4

SHA512
f1408c39a10a9ad92feea807d66df1f046c3719857ef30a4b2ac73c682ed6a0376aad2c56c85d37fe17f3fe4569ea94d41856591319aec66bd34010a190f57bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
829902c3fe1bef6aa9c124ccfaeb8d08

SHA1
c1e068edb2a58e96207df534f6b91246a6c41c2b

SHA256
16b7d5d2f20abd1d9615d03de751f028c886204548787709a935f92d7e526d99

SHA512
f3cfb3256e752d9bff9bd3ca6eeb843a4c0bb6b21a7ce5381f12356c7453fd0fe325b9a490f191dfb1a920f332cac113598de14cf91779f15807d1fef0fc3bef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d624dd55982d47b074d7bd31a64d6d5

SHA1
9b72ceb2e5c0191fcb2ca97d6efbc43dfcd9f107

SHA256
5fa9b75fefb14326eccf9b9485806ee936c76a3691da502dcdb8132259fc9d7a

SHA512
dcf5d05b3343d532882b8eb45b9e9500c32df3fe3d113251a24d677763a6b11d88585001a51204223f36af097fe0a16e100147a5ecc85f551f6fedef6f31ba79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5fb19eaf8bd13e9b073f0fab4c2690d

SHA1
4ad0f0380005f16b32139f588d0f0b1584c9824b

SHA256
41aae0e0f8e56a254eee0c2db50fac3d6233d69c058b6091feb79ddc7781f0dd

SHA512
64f8bbe77f6ff838d33e52a8db0ff7bf8bb869343865523a5235f16c080ae6f500ab5c64e15d611e7aef39f421f5d2b29d182767e529d495685ceb82d6b200b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2a0c083ab0e27d886270eb465aba66d

SHA1
0390825d666a677d6eb124dbe9108dcfd0af9a92

SHA256
69e14e3f88875102dacd3fe8096cc1dd45198f67a805e2ed3823ebaa95542272

SHA512
17e288490f3310c3a9ab19c4e5306c7ac125ae1641d91e3c360f90e30386d028a5dd8504762eec84cf169edc70a50f326db2a1b1479e08462d6157050da3ec0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3859fa6006871c1ec14a2af7015bf7f

SHA1
d27e2b66f758edd0cc208e8933c4d1a16cf3f5c0

SHA256
6392267e2fc8ca768594502e003327f5e09dec585d1695ee9b28d991c5d26008

SHA512
5e0368e501c3b145e15b9493525dac47a4bec5e635600c48094698696051f91fa9a4ffee9388d183b4cb79bc3595fbaf214a88b77a9c0d850517c260091a0ce5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5086c9147719a2e4e89ab52de7613716

SHA1
633985c277a02eefa9653559f44e36b52b988b87

SHA256
82e55f1b6a8582e0388922d604a40776e412df759d0fd6f9e0b5c6887b1e6422

SHA512
c596233131fb4c154b53d7d0e35030ff5bbf439decfb9aaea406262481c6e938c1d5135a8bb83bb4e2bd71d6046d3dba032938dbe5832c4645bd792c13b408cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e75232a8b46e6be8a6dfc91271246324

SHA1
f74f7657df725016fb5f3c48aa7dd5abc905b8ea

SHA256
8858ff2cde3e90d9966e421a0fe74c59cbb91e877c6e9c7e52e116a4036bf672

SHA512
db1fa0cca0b141fda8acfb4ad1474efb7ac9dbcebf23cd67655a407bd8415c873f3f71981e733bd00db93003d7d916849a901206abb1e229a8d3200d8b77a1cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e1029fdc7839c14fffade02cb4e8da4

SHA1
804557c129767322a669ae2519abc364398d79c8

SHA256
573e8e22c8d59e8b5c8605eb0a18d3c8030daf765c872765c778cca022aa9aa4

SHA512
e51681a18b38bd905a1b2899591597631ade7c15e13159f8aa27450a2ed180134a8e193d4537b04b0b64ce4b707b7cd88c1ed2286833f32d8c12854ab180f5f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\6394c129-3ae6-4412-9647-e2732b2298d3.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
c71a70ef46590ef0016a755286ca78ea

SHA1
f333ef55abb71212507b4796cb0e39940dd9280f

SHA256
36315c353e2802a76481df39dfd6b80bdc993f3db521aef716a1f927990decf3

SHA512
333e0c4300fd0baf59072bbf7c363c62e11d7b2351ec9e84125dec4c1047dd29bedaf99fd1c3bcc3fa43353a51f2b006030829b8c5615a7b29ffb9ed3a903295

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
19KB

MD5
ac4bff64acd92fa04a0295c4c5e1d30e

SHA1
a85ca5d89f527d89a5dd2c69a8e94cb12f202a30

SHA256
423fab8c2cf78df3cfdf1ca013ddff76dd33aab07968e80189fd12372dc312a6

SHA512
6adb66103bb5c7b171ec62ba1bed7d9c0b3fb663ba6bd27889454f4631d8b30d31bbbef0d0a1dfafd47819633eeb686e82ed89597ca3c5aee2fb3647895dead9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
17KB

MD5
8ad04f19bf70f5cf330752244dd8a5bf

SHA1
7076e75cfba995209d990ea6436cc1e35efccd2f

SHA256
8f9f6500a484f9c529b47669e78a5672a515ce00f9bd325b3e0d15d1d95de69c

SHA512
4b49abc56fc26aadf5dac9d76ab9a507592a59c797739f39cb5e8d2efdcffd2d37ca4c05c9e362aea17e3cbf16ebd86650baab5b3a672366fac8f5da72d79fb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
94KB

MD5
c5292b2a47d08fa8701c1c5238ab1744

SHA1
0f8e7f56f842559df3fe3835d41e602f0d27c0c8

SHA256
0022ef8e564410010efab03014e87075ca6902ccdde2a56e7e885c3b1b601281

SHA512
f766c78b4f760fe06bb200c1a47ce22d2c3be09db97da2b4007884995f663473b86f281a1b2bd2070872667c6ed053f7e48c220e5cb688c35e5a5bb20867d760

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
33KB

MD5
61afa527d0ba0467a350b84382132d5d

SHA1
e3c8604b4f2c6ce2de53c18356d8c1f12bf441c3

SHA256
f38ffac4869d9aac6243a3102c6fceb39be9c9a43f7711eb454666d3e98668bb

SHA512
1c69df0666226885738935dc1fb40ca4774bcd3a015f012f162c0a1b1d62cb213be6610b239571fcfcb026f2df67454edc07e777f4995f5c771db6708ca9511a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
140KB

MD5
07b345e5de5a847d763a1fee3cb077b9

SHA1
87468c6f4239b7c2f01be21d78dfa97c5d3614b6

SHA256
a0fe56ff0e03f93364c095eeb6bc73dde5b698f7ede48ccc15cbb20b79a131b2

SHA512
56def351c8ee108ca05c72d3e4e99ade6d022a510647ba8b14e0cd54f5645da80b1fb2929bf71f4a7f9201aacebd4495e44d2fd9b3e204ce9890a9f9ea9a2d85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
103KB

MD5
c12602b8ebdfd5ea5113f42ee978d526

SHA1
1159db5c354e5c9a73b2e072b3c0c5d02f3ff07b

SHA256
412aad14e7b55e51c4c56a88949c8f5ac81e06bd1d9b23da4378b1d9711a0794

SHA512
00ba76a1f0f08c969a96f4418c158d482eba611fa5984cec234ded9c7a1aa2e9e4dc2a69816c2940783289767212ac729cb7b3ae4cd002f772a5dc5d45bce3db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
20KB

MD5
93815e90c761ebe4d458c970938a1dd7

SHA1
59de4745b0a37ac46851a91e28511318f8811c6a

SHA256
6bee5710236046f7326fce993992980f08d0d95656c5fdcb80a8cd2cfd8ef27b

SHA512
37208aececc412e8b8d69f0558f8f249cf0b87a8ed473d94cba7f73b616f166b7e72c95834256a9ab038fdd200d594a2c76b276a9b12d4c437736dc2bc7ef861

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
151KB

MD5
ec06b5c892ce64f1ebeeee28c8249ce6

SHA1
d8d24c930af73a02c8e6dda7471b09151b93d37e

SHA256
626e42f5367ebf2321cea47a065da21738c8a358d6ba850bee9309cb422eaabd

SHA512
bb094f84cea7c70be5ab6fd36645cecf2f4176735a999f9ff972599f11b5685b50446e866cf7f6a8056fbe5dfdca113b15aae51ca0c5b93e01f74025af6e691d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
27KB

MD5
9756aa7e947179e9eb681904eb0a33be

SHA1
212f64d38b5074ab32440be97d36a2580f36d20a

SHA256
8e93da82e7c5fd3e577e84482f8a9f759452ad802b41fa8b03688ff3fcb64097

SHA512
9c0de8f7708e4418397e2738addcedccfd02de1cabb8102be0122e370ea55a350a70cda1d0099d7af8c7d3e994851c0877941ca269b06bcb6c7f77f9da234609

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
87KB

MD5
52d326fb5ccabff7af945ea6e10b683c

SHA1
7af8635b08ab3f22f9eeda9186f5ef2fa5841aa9

SHA256
024f56a4205786d3b8d1633a1d89d1540781bf2875fb36aefb8aaafa059821d0

SHA512
483319296777061f2448a9fef9fc84fce4bac34d19b37f56266ec4f62149091d13ec212b940f44a486c7b9bd40d5af04cbca80523a8287795e26c6faacb43c84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
20KB

MD5
22a3d8cc99896168da92e40fa86acda0

SHA1
cd84d02241fdba4d78607abdec0013a708410af8

SHA256
628a5516ee7521924d86e49e5d19ea41b383f06e9323eeac6ea174a94bf98129

SHA512
66a73bceb4f7bb47a831272016d7c06da4d689bafc0a6ddb7a59c543c3b9f47a0b340301356cd93d43826dade1fc52e35a7900508390440251c61a05b2634ec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
79KB

MD5
0cd78ad039267792d8cc3eef9e66cd70

SHA1
3c574fd3d28d26ab262480e7729ee675d7631456

SHA256
43aed0e0f97475c9a9bc29c88e57c29b173a7c7c19a466731db7b1b55541cc80

SHA512
4fdae22eea9963463da74301f0eb43e4c37f6832aa512ef5205503c87ed5ef1eb05243e749c6865c3836fe10a749265984f49c854b3f3bf449de0754cdfbb65b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
43KB

MD5
20fea429440ac75344a157882b5501d8

SHA1
bf426edd991c7731d5d13629e5167e0fc702f6af

SHA256
8c97bbf4a3d2707c696ce1975438378e0a7551944f07493e1811f1a64ae6ee3e

SHA512
ed19c3cc621cfe25bb6bb38d6bafff5503f5fd8fb6873a20e65198c63845c32e27efc2600e091d95810690cfe8d29c5530d1f408cbcd2c3b88eb236dbcda63b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
93KB

MD5
31bed49bcb20d7273c935c19c47c8e2b

SHA1
f7018177a518a11aa866a207b3fb075bd6b21fd2

SHA256
8d9a1472585949eda01aa1a781aeb9fae1fb9bfeccbf0c3297bffe695c9e1681

SHA512
b51219ad26d6cf7d635027c50ae7d1581c246990a022d5c2f02289fbdc28bd5638023051802f157fcd6acb951f8032419d9ddbbf84cff223955ffa1b9d433544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
28KB

MD5
5b9c8980823dac139da68f41e2947303

SHA1
2d950568a2e5bca5dd7fed1a5944394dae8e99f1

SHA256
bec8ca4b8be0f5c6f14a8df4872644789819e1cd3c1d11bd448a2ce291716257

SHA512
f819cf34f62a899898c045978d32fcc87e141d963f5c1dbcdc7c17d0809a4f3cb989dc09a328434940b49a99cc2f76a21ad38f34bae107ab174a1f3c2d720616

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
87KB

MD5
adf3ef275b729e3c3400e60465297993

SHA1
5175a15d3a991c95fc75f0e477a2e6bbb6b4e792

SHA256
f79ac1537a8f9ea37c89f1b254d4aa655a781172993a701e07f16a8a8a3a8eab

SHA512
abf81fdce43202b821c88c0591e0aa5d77493fedee0e5a04e7fd1da6dab45739d8ea897bf0c9058394f486d702aff7fdadc6e90febd25d9eee0753aaec05c3b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
121KB

MD5
b3e0f6083483629be73c72baef8f8c20

SHA1
6f049bae69274f09c4370e805d1ec6f326c52855

SHA256
bb3ca10c584e7b7d1caf93d8ec79819f87b797afdd528d7a8517d46e9103a90d

SHA512
1ea3345c60dcc36f94c957ee64f02b4b900c0ebf39a4b30dfe597d2e5fd49558b1b35e385dacb877a8164d8e7839834200a71f1ace051946a0beee45743fb6d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
20KB

MD5
faadcf8e5560b92714ce7b761dde2589

SHA1
5d9c9821f596422ae8578944708f3e28d77f29f1

SHA256
0640afcd97e6533478c36a8e0b03c79d0e5f144ac5debe63e4dab8df67447740

SHA512
f810ab293e402c384576ef1688d6b6604323f050774cec3188a76e5cb1d724753611945ba3a4da95bdd3ea29c52f6a6935201d168dc6923b808f689b2e3df5fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
68KB

MD5
dee46781c0389eada0ac9faa177539b6

SHA1
d7641e3d25ac7ac66c2ea72ac7df77b242c909d3

SHA256
35f13cf2aef17a352007ab69222724397e0ec093871ff4bd162645f466425642

SHA512
049b3d8dcfb64510745c2d5f9e8046747337b1c19d4b2714835cc200dc4ba61acaa994fec7c3cd122ba99d688be6e08f97eb642745561d75b410a5589c304d7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
54KB

MD5
01ad880ee50b786f74a5e4fae9ba3d71

SHA1
111387dbe885b7f3af44cdbbeea17eeb04bbf803

SHA256
9368f2d586a1d2727921605892048bf5201ef8caa044f2e939ef431aa881d83e

SHA512
d8dc47e5d55e6598988281539205936c56b716eb02b4e643fc917a68ba4407ece36a9d4115d5d0e32ac630d44eadb94ad2607330de082629fea82a9bd35fb83c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
28KB

MD5
13d4f13cd34f37afc507ac239d82ddbd

SHA1
6d500935a441d438ed052e90de0443bccc8c6d17

SHA256
76464e77d22532976bbe5d1829e97854d5c37ed5a46ff300ad9680876ec81d01

SHA512
152e6449d09a7b544cf6f986c9695ae07c330f4b13068cca028ab56ffdad6ff2467f371ea4385ad71da023f3beb83fe0ba1d6d413f1ddde14372efe82ae36b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000077

Filesize
25KB

MD5
9222217ea98c35e71acd00dfe056b030

SHA1
42fc786d7b865bdba84117ff15357fada69d3b35

SHA256
1bbd4cf227b3645dccb3d9e3e03736d4e7612326ef09126cf18fccf00b1aac4f

SHA512
7aaaa2031579bdbc89a31201613e26f4a1b67998cafc0d2372438beb22f11ba0bcc13d41c6d6e074b3e5a8d87a15dee42747b796c92d619549e83bb117362780

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0397e5dd8ecf1dd0_0

Filesize
32KB

MD5
f3d474d186d5a88faf235ecec4b27293

SHA1
5914d638ad34738dc389c8360c6c4d62eab6cecb

SHA256
f11290d2a017304c65b3229af494c81e92e4df407cb0732e06c0abaa59082364

SHA512
f4df4ed91784780f601ec03c3da50bd20f1f89ebae354af0972637c0cec55e6f7421533cde28855dca5c18909556929b01df92dcbb5d8cf5ce1af3442756a186

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5aa1c6e7bf6d31d7_0

Filesize
3KB

MD5
79b5b985ac82b90fdf63847cc6af53de

SHA1
b7743c057185d5522e6f81b19590d7104920e4d3

SHA256
254307cc1785630932b5b280357ed392bdfc11f7121019f3286d1e1526049774

SHA512
63a1d3d9c0d3f9ed40a0bad6366372a16fbf15b258bb601737ba8378ef51a9c69cb6161798b5e13849b2fa655506aeed11111aa9e2c700d09b777804ebd6a724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f86d76226b5da514_0

Filesize
289B

MD5
8b1b485904d3f7893df27c2a712dd291

SHA1
7edabad20163c3869cb2b65e18cd106c914461c9

SHA256
43a2705924d02ae40a4b2598d2a02e4bb0525cef46b5440f6b19da1829c68cca

SHA512
485e5b6405360fafdc3aeaa615226c693d62035550446c6f3190790f156a752e1ed878757ef26036cdcf4b8d240d5014c68e5a06766159005d45cc0aa2124335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
a171253be1e3cb20833b2f902db25863

SHA1
287d91003a22c5a0e7df06c8ca573db3bf960f8b

SHA256
607f5846a574c2d32b8d96bc62ce23bec5d46096a4d33aa80d9f52643b9a2f54

SHA512
5e5c086192a8eaa9416d95ac18995e6999e1796d529628253b648995a7da29a92d4a14aa052294268cc6b5eb5a838c2a11263c68b4717b9d3f153a0fa16a52a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
17KB

MD5
5977b93324d7eef8812039b8b46f826f

SHA1
a59407817ec6f533dba63b396e3535dd934c038f

SHA256
f326cdcbb8b09aab884fc76fe116cab61a5f142ef736ef37b778ecf4bf6ca6ec

SHA512
dd795a37034b0ab89e74eba35c9ce61e07023452c3d098a87e25a815e9b0d63c969da297c4d3027a0c87bc8b849e5a2b785213794acaa1549e7b50f570d5e3e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
90542a7f6d2709ff809bedfe68cf2a9d

SHA1
e34b740dbf6fc81e73c175a1d22f00a595f40e02

SHA256
9dc676fcabbcad8d91a2994d3b691acb637484f9edd79dab9c47f00c8096a3e8

SHA512
72574ad062a9a1548282a9a83715e77aff4412f5d7df4ad52d207fd32fbde566c61a3feedce78acf6d0de69b5f1eccf32b4f1e62dc81a1e00a1d55dc8d9ad417

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
95de868be0af6a5d49c0bc1a837f3df2

SHA1
d408bd369c7e6e9e2fd6e5402252efa30867f9d3

SHA256
a1f8872060f3516dc6885ce0a0b18c5038c3e004f75a671753c8055ee2547b4e

SHA512
50b8f4687e1ccb0fbeb8a90872547053d13d9267f68cd9df9ab5927fa1c2fd0023513f7c96a486a8f25c07c798472cef4dd2d949b4c2f36da5f57f488880bfd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
daf0935fdd891d41dc313f508f31d15a

SHA1
f609086a1992ac1f06070e69f8d7222aff04ed94

SHA256
767f7b1b34b82c8342ab97a35b2e289ff603cf694c376c41918d6ba5125e01e2

SHA512
9be1dee28ce11328040961366ca6522dfdd80d37d28e5d761570e7efbf0b2b2c0767a49af18f5bc83faea06a38f76ffec41258564e5fd17ac2edfcea114f4499

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1cf3a35469c67fc78837d628365406e8

SHA1
3cc56adab86f2d79fc1c6171df4dfe84515d1bb2

SHA256
b339fad07012ba841bf0374a3dd12705b2e3912eb061935c5ec543c68e87f786

SHA512
da7a456a19de21529371e980ea74f0ee5f6ffa32f1e48ff200de31bcca04caa9a2ea42320e3cb06014a54647603d9506bbcf03ac41c77074919ef5075b68dbb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
78982ddd4ad65eeaa70a29617bfcc7cd

SHA1
719bc3761af2201222e4b32c016edb34e3cf276c

SHA256
3a92a58efbee65e269279e96309f1e97a1960f2663ac428126010bb9d544c5bb

SHA512
c3c16b51313e75ce54dfa3dd5e9582463202e1a79b71d0c7f08fda40519ab5ed212a271417b0c3390c493771402af3c8da2a2cfa64c355d46caeec2eb300b182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
ff995f678ff2468b5373068f1cf5e20a

SHA1
13e55305f0167f5b7ef51917aa0ec32fc9fce72d

SHA256
eeb32ad05f1e1a3aef305707e552073c40406da67a6d9d51b191ede928e3b782

SHA512
0eedc8bcc6c6e1ec51fcad42f366d4e2894596c2668d467a81a0d80f65316ceafd27574e5f2d23d94b927e900d8f437060dd8de9d98cd33ca9eccc38db6b0330

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
b3ae4ae291f5d3c18def02dc67632317

SHA1
c40ed89b2607ab14ba958a6b39af902bba6beafe

SHA256
1e3edbc2514498dd797515a0961af82caa929ddf88181138dffd6cb3c96bc47b

SHA512
41537b801e9d6d037d04205f173102e68d9148d23ba303273175ffb9f6a708bccfb62193156f88a46c5daac2d0c83ff316990df581b4581b98d65e6c10d13935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
eed596174f9ccf6984f3ed028164ba3b

SHA1
f668a3bd83dc20ab9784dbb5161a2e00a6e75fa6

SHA256
d0909d774c65644dfa7734e9b2fabe9bd7f4be2506d8480df572315d229cc9e1

SHA512
bbf6810a7605422bb2512c3078d990e64c359ad52fe02bc33d5b2269b350020cfee0d926bd444ce783e1fd6a12e996b4fb3fd12255b25027ba8f1644744402fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a318a0dd-3994-4317-9518-1934b68b6e7e.tmp

Filesize
18KB

MD5
108f1f91027a2a52e2897ef6046b0bc1

SHA1
c52518e8bb2c2c9834901b9c22e2f3b319d4983a

SHA256
81bf04d0bc672de631ff09dd970a8e8c0eb7bc1e685fe7d9f246157ed456c3a6

SHA512
9b9e5a5a5116a980fef0d5e6034e3baa8e46114d79201b5d57969c841f6f63bae92ace8e7ca29fade742e15cd631b585fd16c3271a59d710b26365d108bdad62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c71c341ee7563ec574fa4cc74b5964b3

SHA1
ac7d66dd5c0b6d165386d098af2aba4ec8b229ea

SHA256
ec90f658a9b409b7fa8d2766ae96fe08fcf6e05a5f229908ae22b2e51d32585a

SHA512
bdba9a95bea53a25c03b88184ea44854c89456df6a9d5eb259613bedef457f87016ce3bcf1cb26fff00485c94830d839665bcf8420a19243c00f3f2963e51820

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
625b3c5b3613db0a57452c5b27549272

SHA1
01691a847b7cf2e2315d8726798c3a6dea748935

SHA256
6960272b928fab82dad4626bc22e3b5e54a4aa83247eea5fedb0395c294bc9ae

SHA512
f7e535dbbeac0ca8ac51ad36d63b5e0624d560e7ff877aad1ab988e291b0b363d4bf8868769692fd94edbba032f503b1b13df99ab166b8fa1de93f744a28fcc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
efb62331d69ced676e4407965a87080f

SHA1
2f47601ff82dd40d0522de790d1bb55bdbef57e3

SHA256
f9fb2f9040fe47165db42c42a9355d4a8d70fce36c58d1888078bffaa2242e8d

SHA512
bb100f04322f4791e32a423b15c572cc022a640a33981524ada917d8b8ecf1ba093c9799def74c5dac99e4619fc7eb7e697a029e416ddc7a6232c2fc5018176e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6a5920b059808aa904e17dbf77913ee8

SHA1
e70209998f4cc5c7cba9a9356312840a67e014c8

SHA256
4cfcb29ee4711d5f06e64a4e9130d5ac68870472d794526ceaf22366fa6db5eb

SHA512
7fb49dc3acfad4ebb26dbedbcd64def03214ba702fb55b67b072845ac783e4b549eb6e2c854250e24d8572102fb275f9e7384592f36c5ea60ad1f19d41e42db2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4060d2148792899f9e1d9a6b54d57051

SHA1
ca8235c39e4544af89c091e8e6afee980757e5ee

SHA256
2b023d125132df449436a790d8d064fa8450d9b5b14f18557f3b9cb316643f2a

SHA512
de58d6d371dbd37be4ce207a31fb56cdc8f7ae45e4543b236d1e27139ac771377872ca4b5ce119dc276df8cbc60e094c2d530794d15e9ffdf6089dc88b31bef6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
276c0fffca3654d83d666a32fdd8ca0f

SHA1
d7fae29ad3289ba8cbcc7d0f3bb489da46ddfd22

SHA256
bece7c1e0bf2e32c8469c5708e5918c7022a6501b2ce7fbfac8dc7f5df0d4892

SHA512
12a4946350ae1638869daf33403b1eb08b221abab4eb3306b9a151886f5cc91d22f56a2e3c173292293b42b657dc98c7ef122f48f74f47771defaec01b1607f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT~RFf79170a.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d1fbf6d65857cccc60faa89206895d8a

SHA1
c64e73af30671f69d52ddf704de934409cbe4bb7

SHA256
f3e0db013a021cd421366fdf7ca47d4c0e5e9568e97b169b701b807568c7fc3f

SHA512
98cba5259aea4eb41d290f068e7adcbf4120ced8b0d2df6cec5ca7bb8cba21879c165ece58d389e2a7df35488233e3017279d57a79e8e9bf79b0f98a883e5767

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b1a345d4-960c-4fa9-afe2-4e4df66b7757.tmp

Filesize
8KB

MD5
eb1fc2b498e41a58729d94d4cf2cccd4

SHA1
4cda8b76c8f5cc0048e3b1d9d21062625b2cb252

SHA256
807c532ec5fb45eb5fde2e74cdebd3bc6a869bb2d2162b9b65efd809f37c776b

SHA512
a7dccef4f71f340e9d87a04fec45ce0e7670552e2a724bf90bbfa730945f421bcf960a86268a410ffdebad4c2b1a7b826702d1bef26091889e35691b0923e405

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f7fb3de1-f6bc-4ad6-aa90-bb05393bddbf.tmp

Filesize
8KB

MD5
1f2f34984079d14edc85bf5920cb8a10

SHA1
5faedcb63731eb81af20fabf3efa97c5afd09b6f

SHA256
2b4c3734cd8bf0901db5d5e49542553fdcd473ef5c499e0e0c680ebce17d994f

SHA512
82158428a5d91403c22510f8d6b2c5fdbf35a2006416ea3bcd20e59cc43d148f6862a6398af98ffec8e335d11710eaeb10d66fe1d42156e24101393b71ab4116

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
344KB

MD5
71095542503ff7fd2209742f3970a620

SHA1
e4aa37f7cccc2811063e36c11575238ebef76dbf

SHA256
65f86bce2c5686eb6b69122e3bd5f08c79c1ceacd37bd5bb6657dc967d739585

SHA512
b5049da69077d4b361792ccee614acf6bb10333afebeaf65a2f4d01577266576b8ff5f3607c7afc66788ef5b6afab0e2eeb3c7493bf0120f8b3f19c75fc48453

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
344KB

MD5
efab6a845962c1e427b744372f1c0e63

SHA1
da18b9ff3c7b794e68c8aaa57a80e3d8a3ee5faa

SHA256
13cbd31b5fec64d2e2e7289e24df7cd61f3da0133b50fe610e9d1071f86ff6e8

SHA512
d96edfed2f355697b6ff17685692f1508fe0919ac238fda57876a1ebc8e12a3db0f8daf6f4b36775f5cbdd6063500a49d4d834d76526b951fa6db838dfd4bb4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
344KB

MD5
745e70e8c03b761269a442f8e0c3e079

SHA1
1d8f61d03258ab4a3163cb795285ff46c4faa66e

SHA256
d4b6b231a984e5ab1657b6068edd11817e8d31e843a8c71342464906b5cdfa63

SHA512
f85004b848f944b34fcee18468dccc17bc0d4ff19a30c973aa07178fe5c70c4b8fdee7dca0858552ce1071f956cab90af747421fa6cd65d9ea17a5125f0fcfe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
344KB

MD5
b3b4cfc4b2047ae698e2d4afe6babfd5

SHA1
ed04c1cb9e69f00fbba60246963fcabf81c48225

SHA256
8f47268397262fe9f04b9a7e03c2b89b951142ff633d1e42e3b25051ec90f469

SHA512
c4cd70befcd935578353f5f4689b7075fa64439704062d74e866f41989a658d4305ad64ae7b055fb57b7537657e919706ed9084c6acbf8f4a3ea438f96d8571e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
344KB

MD5
62440b7e228a0303f014095f23a2b663

SHA1
4955347f2dfc05a00967e3d3a2ebf210dd41ebff

SHA256
2251b04d4033cd6aa46831d2a86be4b00a6e087fe95c640dd669c9cee8d01018

SHA512
ee6910fdad52d0f2a67920da07c1b6a0fa9a63d2e8dc8ba5fc28ac996d6a503fcdd87d5aeed8db337d630888436e525d359c7792a7679c1ca3847a68ef8d7360

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
82KB

MD5
4a07ebd34dd0b21efa53ce9d8fbaf1b4

SHA1
226c848662abe0b7b9427bf9bdd5f2900b8a35a2

SHA256
24545cecf7ac4f61f4f2c1938be2d54b9ee09c03dea717d79218577e9d36a57c

SHA512
d04f242ddccee275a5201fb390d3662eb0280cc5409d8798dd174f1006f231e1498d4aa679d65e0da5dd24d8e4d26b9042edc240c21cc1ba866c29f81b2bbccf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
74KB

MD5
aeba0344e7d134bfc47403caf57d379b

SHA1
2ff8770d843e64d4eb863b1a8d79b7ec09f22998

SHA256
cdea039d51e3f16ab415805b81cac99b8ca6bd3919a39a4bb0d79248b8fd0568

SHA512
3a39473fc8f971c062271796addbe4ab745bbcf74b0fd0186ae26755852bcf06179f713eb0a5ebd252585ef95d181f978ced78a1961127e604b00131949a621b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
e8f5dd2ba0ad6e9a748061fd72500f23

SHA1
334bc7cb51c0a3ec0611c7164d13de9e0587d3f3

SHA256
b2b00c4e5725ad44466714154bfd18305873956d41476779d589cf88dadd8a46

SHA512
c0684a15c75a070d312bf88c9abedb9acfa162ff16f18ac17981d446ddb2cc7edda4dbd9fcab46a9983ac1b5e2f872e0b2a13d52f045fddbbc977cad1cecc60b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a71328aa-e2cf-4af7-b803-1a9fb74c22e5.tmp

Filesize
344KB

MD5
186a1286f5be69ee9f074992ce196728

SHA1
5caeae32fb2bf9df41da7e196fde2ad6c1581016

SHA256
4b26500963dceba8f7cca89bec357647c6745a025905d579dd56f0fa4855a667

SHA512
518a41352cb954427e57b1aa45be83aaf937085f8383a89bbec3f3848fe6885335cd0699fd61af422da955cdac36f4c5ae0a44e9d43fe92f266434a1fbef8366

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4AB8.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1200.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ajE3FC.exe

Filesize
5.8MB

MD5
c79bb78a0bad2559a7037913dd1f1f34

SHA1
a5b36348ad93fdf971201f31136d8c9b056984a7

SHA256
f63b47288af395ac9c02c980592691e2d446fe8b4d3813007433ae262af693c3

SHA512
1bd81cbe784427e54903159225e0fd94c0fab1d9498c11db177d86268f34129e6835759a9a3e3822c717349043930e13168390fcc2f9a74f9699f14497cfc888

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaE478.tmp\AccessControl.dll

Filesize
26KB

MD5
d4fa24f021f155ce9214dccf812c3b7f

SHA1
864001ab7d2c87af00b7153cd096e0454b3f4e9f

SHA256
3b0889281ff6367bb736690229f461bb4ff34b7437f54a5c71b877a104c0f876

SHA512
de1720af369890df89c8550d49b4e3e2e353e4a21ef30be5ebee9216e312a57ede9f7919e71de592d0bad6e482d48fb759dd1d1323caafa506634e9f877f6213

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaE478.tmp\CR.History.tmp

Filesize
192KB

MD5
dcab0fef3aa7afc56bf812a7892c2717

SHA1
3a2f31f0714385b798f384cf0321f45422798941

SHA256
0155b622db351f8f345791789e394b3326a58d49abb0d0b4cce091cf50da3a57

SHA512
c0ed4ea03ebb2bc3c0499d92ed37862a359ecd217969f3cb612a25ec77ce73fea8f1fade7ff43e22aa210e6875836cdb1da98316e86752500109007cfde29268

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaE478.tmp\FF.places.tmp

Filesize
5.0MB

MD5
4c6b96a63ce26be74c69ac9aba134c92

SHA1
96c525141582bd9be736a1a664290e10dbf746cc

SHA256
0cd0934c0d26e45d6a878470ff659ff53a3800da396065e129c249273a8d6fff

SHA512
719180cd3767657637507e37038f9ff63b652f34e6fc22a82ac025cbe91df2a984cb6fec9111e8894c9a89d911a34049574ef2991aebecdecf6097420111bc52

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaE478.tmp\inetc.dll

Filesize
37KB

MD5
650e0e39808140a1da5abd3d27880c7e

SHA1
b2ec540caf946ee5353f52227e8c9942cfb42f22

SHA256
aab155dcaaafebe4b84a9aeec6ffbce9b484a99b316657ee9b7a98b346f9538b

SHA512
9f00d912c123b1b235f0b63154693d294b7cf2c0571fc9bb462ba5c9ef350aa79680436ba4a094c9e28c867bc79bdeb96b0622d153a107bd8a9631d99e4fa6dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaE478.tmp\jsisdl.dll

Filesize
25KB

MD5
5121c566ac9315a53e558bf62600f9b6

SHA1
6da036314afefeb8c1dd88cc6eab0efb432a3b4d

SHA256
d88e38df30887c722fb837278ee3782914574414c741cdfd3bd6126799fa3167

SHA512
4f6de42af54cec8e63bdfc54ac250a5f5cc09081e9ae85d0cbbcad952f58727cc4cf68501a020474539c51a771537993bc12272496fea5eea924d7058f76fbce

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaE478.tmp\reboot.dll

Filesize
26KB

MD5
c845234dd1e1cdf6f63ec1b025b75742

SHA1
150dc042b54e3dc34172d5a2507125eaf619d14d

SHA256
ca418ce0992368c09827a76b0cca14070b9c518badc95085c7d71034784fce5e

SHA512
b08b899e523da279b9e56306b237eadc6fb91fe460b0872bb6a4b163d3c83480621d2e5e70d1de64fc9d751d8704dd4ab8400d5a901846e4775f4d34977ce605

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp8883.tmp\JsisPlugins.dll

Filesize
2.1MB

MD5
d21ae3f86fc69c1580175b7177484fa7

SHA1
2ed2c1f5c92ff6daa5ea785a44a6085a105ae822

SHA256
a6241f168cacb431bfcd4345dd77f87b378dd861b5d440ae8d3ffd17b9ceb450

SHA512
eda08b6ebdb3f0a3b6b43ef755fc275396a8459b8fc8a41eff55473562c394d015e5fe573b3b134eeed72edff2b0f21a3b9ee69a4541fd9738e880b71730303f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp8883.tmp\StdUtils.dll

Filesize
195KB

MD5
34939c7b38bffedbf9b9ed444d689bc9

SHA1
81d844048f7b11cafd7561b7242af56e92825697

SHA256
b127f3e04429d9f841a03bfd9344a0450594004c770d397fb32a76f6b0eabed0

SHA512
bc1b347986a5d2107ad03b65e4b9438530033975fb8cc0a63d8ef7d88c1a96f70191c727c902eb7c3e64aa5de9ce6bb04f829ceb627eda278f44ca3dd343a953

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp8883.tmp\sciterui.dll

Filesize
6.4MB

MD5
f40c5626532c77b9b4a6bb384db48bbe

SHA1
d3124b356f6495288fc7ff1785b1932636ba92d3

SHA256
e6d594047deecb0f3d49898475084d286072b6e3e4a30eb9d0d03e9b3228d60f

SHA512
8eabf1f5f6561a587026a30258c959a6b3aa4fa2a2d5a993fcd7069bff21b1c25a648feea0ac5896adcf57414308644ac48a4ff4bdc3a5d6e6b91bc735dc1056

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu9214.tmp\Midex.dll

Filesize
126KB

MD5
2597a829e06eb9616af49fcd8052b8bd

SHA1
871801aba3a75f95b10701f31303de705cb0bc5a

SHA256
7359ca1befdb83d480fc1149ac0e8e90354b5224db7420b14b2d96d87cd20a87

SHA512
8e5552b2f6e1c531aaa9fd507aa53c6e3d2f1dd63fe19e6350c5b6fbb009c99d353bb064a9eba4c31af6a020b31c0cd519326d32db4c8b651b83952e265ffb35

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu9214.tmp\jsis.dll

Filesize
127KB

MD5
2027121c3cdeb1a1f8a5f539d1fe2e28

SHA1
bcf79f49f8fc4c6049f33748ded21ec3471002c2

SHA256
1dae8b6de29f2cfc0745d9f2a245b9ecb77f2b272a5b43de1ba5971c43bf73a1

SHA512
5b0d9966ecc08bcc2c127b2bd916617b8de2dcbdc28aff7b4b8449a244983bfbe33c56f5c4a53b7cf21faf1dbab4bb845a5894492e7e10f3f517071f7a59727c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu9214.tmp\nsJSON.dll

Filesize
36KB

MD5
f840a9ddd319ee8c3da5190257abde5b

SHA1
3e868939239a5c6ef9acae10e1af721e4f99f24b

SHA256
ddb6c9f8de72ddd589f009e732040250b2124bca6195aa147aa7aac43fc2c73a

SHA512
8e12391027af928e4f7dad1ec4ab83e8359b19a7eb0be0372d051dfd2dd643dc0dfa086bd345760a496e5630c17f53db22f6008ae665033b766cbfcdd930881a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu9214.tmp\thirdparty.dll

Filesize
93KB

MD5
7b4bd3b8ad6e913952f8ed1ceef40cd4

SHA1
b15c0b90247a5066bd06d094fa41a73f0f931cb8

SHA256
a49d3e455d7aeca2032c30fc099bfad1b1424a2f55ec7bb0f6acbbf636214754

SHA512
d7168f9504dd6bbac7ee566c3591bfd7ad4e55bcac463cecb70540197dfe0cd969af96d113c6709d6c8ce6e91f2f5f6542a95c1a149caa78ba4bcb971e0c12a2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 936789.crdownload

Filesize
5.8MB

MD5
0dc93e1f58cbb736598ce7fa7ecefa33

SHA1
6e539aab5faf7d4ce044c2905a9c27d4393bae30

SHA256
4ec941f22985fee21d2f9d2ae590d5dafebed9a4cf55272b688afe472d454d36

SHA512
73617da787e51609ee779a12fb75fb9eac6ed6e99fd1f4c5c02ff18109747de91a791b1a389434edfe8b96e5b40340f986b8f7b88eac3a330b683dec565a7eff

Download Submit
memory/2684-0-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/3868-5045-0x00000000FFEE0000-0x00000000FFEF0000-memory.dmp

Filesize
64KB

Download
memory/3868-5064-0x00000000FFEC0000-0x00000000FFED0000-memory.dmp

Filesize
64KB

Download
memory/3868-5060-0x00000000FFED0000-0x00000000FFEE0000-memory.dmp

Filesize
64KB

Download
memory/3868-5076-0x00000000FFEB0000-0x00000000FFEC0000-memory.dmp

Filesize
64KB

Download
memory/3868-5112-0x00000000FFE80000-0x00000000FFE90000-memory.dmp

Filesize
64KB

Download
memory/3868-5124-0x00000000FFE60000-0x00000000FFE70000-memory.dmp

Filesize
64KB

Download
memory/3868-5132-0x00000000FFE40000-0x00000000FFE50000-memory.dmp

Filesize
64KB

Download
memory/3868-5136-0x00000000FFE30000-0x00000000FFE40000-memory.dmp

Filesize
64KB

Download
memory/3868-5144-0x00000000FFE10000-0x00000000FFE20000-memory.dmp

Filesize
64KB

Download
memory/3868-5148-0x00000000FFE00000-0x00000000FFE10000-memory.dmp

Filesize
64KB

Download
memory/3868-5173-0x00000000FFDE0000-0x00000000FFDF0000-memory.dmp

Filesize
64KB

Download
memory/3868-5181-0x00000000FFE20000-0x00000000FFE30000-memory.dmp

Filesize
64KB

Download
memory/3868-5178-0x00000000FFE50000-0x00000000FFE60000-memory.dmp

Filesize
64KB

Download
memory/3868-5176-0x00000000FFDF0000-0x00000000FFE00000-memory.dmp

Filesize
64KB

Download
memory/3868-5203-0x00000000FFDB0000-0x00000000FFDC0000-memory.dmp

Filesize
64KB

Download
memory/3868-5211-0x00000000FFDA0000-0x00000000FFDB0000-memory.dmp

Filesize
64KB

Download
memory/3868-5198-0x00000000FFDC0000-0x00000000FFDD0000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response