hxxps://www[.]grammarly[.]com/--

Analysis

max time kernel
131s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2023, 15:02 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.grammarly.com/--

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.grammarly.com\ = "254"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "664"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "1064"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000016b1b6fc7cfc59429b2ebf78760d5fe30000000002000000000010660000000100002000000008a537fdf09692f2227e3cfbebfc945bf69291ca9fab6bd88958d87f7934d916000000000e80000000020000200000001d4ae6f1cd1734a2baa843803fb81a28b04437eec4ffda74e12bf4c3f4fa1fdd20000000b60995e19e979fca93d4f60e73dd7c20f66e74397f1524a8c6ec91e148db692840000000ef5af55883de11d0e0fb0791ef6da5d0757658b513a7e82b36661d193516513d1fae33a612835f46c6dcc46049392508f803bab19e4bc1adce27c2f8f7339aa1	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{D03210EC-C34A-11ED-9EF6-4221DB3A75C8} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\DOMStorage\grammarly.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.grammarly.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\grammarly.com\Total = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\grammarly.com\Total = "161"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.grammarly.com\ = "668"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.grammarly.com\ = "743"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\grammarly.com\Total = "1064"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\grammarly.com\Total = "26"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\grammarly.com\Total = "217"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "63"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\grammarly.com\Total = "266"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\grammarly.com\Total = "743"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\grammarly.com\Total = "783"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.grammarly.com\ = "1064"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "32"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\grammarly.com\Total = "58"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.grammarly.com\ = "229"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\grammarly.com\Total = "668"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.grammarly.com\ = "731"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\grammarly.com\Total = "731"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\grammarly.com\Total = "32"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "229"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.grammarly.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "161"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\grammarly.com\Total = "31"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.grammarly.com\ = "58"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.grammarly.com\ = "266"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31020887"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "385661136"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "58"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.grammarly.com\ = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "704"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\grammarly.com\Total = "705"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0f323a85757d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\grammarly.com\Total = "63"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\grammarly.com\Total = "198"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "625"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.grammarly.com\ = "664"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\grammarly.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.grammarly.com\ = "31"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "92"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "705"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "731"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.grammarly.com\ = "92"	IEXPLORE.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4544	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4544	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4544	iexplore.exe
4544	iexplore.exe
4496	IEXPLORE.EXE
4496	IEXPLORE.EXE
4496	IEXPLORE.EXE
4496	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4544 wrote to memory of 4496	4544	iexplore.exe	84
PID 4544 wrote to memory of 4496	4544	iexplore.exe	84
PID 4544 wrote to memory of 4496	4544	iexplore.exe	84

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.grammarly.com/--
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4544
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4544 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4496

Network

DNS

www.grammarly.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.grammarly.com

IN A

Response

www.grammarly.com

IN A

34.232.86.156

www.grammarly.com

IN A

44.207.206.245

www.grammarly.com

IN A

54.84.161.29
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
GET

https://www.grammarly.com/--

IEXPLORE.EXE

Remote address:

34.232.86.156:443

Request

GET /-- HTTP/2.0
host: www.grammarly.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 404

date: Wed, 15 Mar 2023 15:02:46 GMT
content-type: text/html; charset=UTF-8
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
cache-control: max-age=0, no-store, no-cache
content-security-policy: frame-ancestors 'self' *.grammarly.com
x-content-type-options: nosniff
content-encoding: gzip
strict-transport-security: max-age=31536000
set-cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; Expires=Thu, 14 Mar 2024 15:02:46 GMT; Max-Age=31536000; Domain=grammarly.com; Path=/; Secure; HttpOnly; SameSite=None
set-cookie: csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; Expires=Thu, 14 Mar 2024 15:02:46 GMT; Max-Age=31536000; Domain=grammarly.com; Path=/; Secure; SameSite=None
set-cookie: gnar_containerId=uqor7rqrjih80ao1; Max-Age=315360000; Domain=grammarly.com; Path=/
set-cookie: funnelType=free; Max-Age=108000; Domain=grammarly.com; Path=/
set-cookie: redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; Max-Age=3600; Domain=grammarly.com; Path=/; Secure; HttpOnly
set-cookie: browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS; Max-Age=3600; Domain=grammarly.com; Path=/
GET

https://www.grammarly.com/api/tracking/load?userId=-283546029845916416&containerId=uqor7rqrjih80ao1&pageId=error404&isInitial=true&requestId=dKxxxUx4mLEIYmtU3Vol

IEXPLORE.EXE

Remote address:

34.232.86.156:443

Request

GET /api/tracking/load?userId=-283546029845916416&containerId=uqor7rqrjih80ao1&pageId=error404&isInitial=true&requestId=dKxxxUx4mLEIYmtU3Vol HTTP/2.0
host: www.grammarly.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:46 GMT
content-length: 0
cache-control: max-age=0, no-store, no-cache
content-security-policy: frame-ancestors 'self' *.grammarly.com
x-content-type-options: nosniff
x-robots-tag: noindex, nofollow
strict-transport-security: max-age=31536000
GET

https://www.grammarly.com/api/tracking/scriptExecuted?requestId=dKxxxUx4mLEIYmtU3Vol&pageId=error404

IEXPLORE.EXE

Remote address:

34.232.86.156:443

Request

GET /api/tracking/scriptExecuted?requestId=dKxxxUx4mLEIYmtU3Vol&pageId=error404 HTTP/2.0
host: www.grammarly.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:47 GMT
content-length: 0
cache-control: max-age=0, no-store, no-cache
content-security-policy: frame-ancestors 'self' *.grammarly.com
x-content-type-options: nosniff
x-robots-tag: noindex, nofollow
strict-transport-security: max-age=31536000
GET

https://www.grammarly.com/api/tracking/pageShow?pageId=error404&userId=-283546029845916416&requestId=dKxxxUx4mLEIYmtU3Vol&isInitial=true&containerId=uqor7rqrjih80ao1

IEXPLORE.EXE

Remote address:

34.232.86.156:443

Request

GET /api/tracking/pageShow?pageId=error404&userId=-283546029845916416&requestId=dKxxxUx4mLEIYmtU3Vol&isInitial=true&containerId=uqor7rqrjih80ao1 HTTP/2.0
host: www.grammarly.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:49 GMT
content-length: 0
cache-control: max-age=0, no-store, no-cache
content-security-policy: frame-ancestors 'self' *.grammarly.com
x-content-type-options: nosniff
x-robots-tag: noindex, nofollow
strict-transport-security: max-age=31536000
DNS

ocsp.r2m01.amazontrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.r2m01.amazontrust.com

IN A

Response

ocsp.r2m01.amazontrust.com

IN A

18.65.32.234
GET

http://ocsp.r2m01.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEApvFVbJ5ICVn6cgT%2F2N8xQ%3D

IEXPLORE.EXE

Remote address:

18.65.32.234:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEApvFVbJ5ICVn6cgT%2F2N8xQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.r2m01.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Expires: Thu, 16 Mar 2023 21:01:26 GMT
Last-Modified: Tue, 14 Mar 2023 21:01:26 GMT
Server: nginx
Date: Wed, 15 Mar 2023 11:37:20 GMT
Cache-Control: 'max-age=158059'
ETag: "6410e0a6-1d7"
X-Cache: Hit from cloudfront
Via: 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-P1
X-Amz-Cf-Id: zmYN80ouJErRvhxeUk3boXbilakfGfC_fUn1IBA1C5L_0kka5qbzJA==
Age: 12360
GET

http://ocsp.r2m01.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEAcaEqhmoFHIRA8JgC%2F%2Bh4Q%3D

IEXPLORE.EXE

Remote address:

18.65.32.234:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEAcaEqhmoFHIRA8JgC%2F%2Bh4Q%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.r2m01.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Expires: Thu, 16 Mar 2023 17:09:29 GMT
Last-Modified: Tue, 14 Mar 2023 15:43:09 GMT
Server: ECAcc (frc/4CBE)
Date: Wed, 15 Mar 2023 12:20:28 GMT
Cache-Control: 'max-age=158059'
ETag: "6410960d-1d7"
X-Cache: Hit from cloudfront
Via: 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-P1
X-Amz-Cf-Id: zwu5C4OO0Z4YMj2BcO3aOkZcE_IpywfuYovJNRZagdYmHo-OzJeadw==
Age: 16056
GET

http://ocsp.r2m01.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEAXR1xNPN9IZ9rJMbVgVilA%3D

IEXPLORE.EXE

Remote address:

18.65.32.234:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEAXR1xNPN9IZ9rJMbVgVilA%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.r2m01.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 15 Mar 2023 11:15:10 GMT
Last-Modified: Wed, 15 Mar 2023 11:14:24 GMT
Server: ECAcc (amb/6B51)
X-Cache: Hit from cloudfront
Via: 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-P1
X-Amz-Cf-Id: -I4xXQ71hFMiJMZs-jsYwzV-Uzlt8MPW1Qj3TkEGK9T4dnQWVGaOPA==
Age: 13707
DNS

156.86.232.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

156.86.232.34.in-addr.arpa

IN PTR

Response

156.86.232.34.in-addr.arpa

IN PTR

ec2-34-232-86-156 compute-1 amazonawscom
DNS

136.61.156.108.in-addr.arpa

Remote address:

8.8.8.8:53

Request

136.61.156.108.in-addr.arpa

IN PTR

Response

136.61.156.108.in-addr.arpa

IN PTR

server-108-156-61-136ams1r cloudfrontnet
DNS

208.137.222.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.137.222.52.in-addr.arpa

IN PTR

Response

208.137.222.52.in-addr.arpa

IN PTR

server-52-222-137-208ams50r cloudfrontnet
DNS

133.137.222.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.137.222.52.in-addr.arpa

IN PTR

Response

133.137.222.52.in-addr.arpa

IN PTR

server-52-222-137-133ams50r cloudfrontnet
DNS

142.145.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

142.145.190.20.in-addr.arpa

IN PTR

Response

142.145.190.20.in-addr.arpa

IN CNAME

142.128-25.145.190.20.in-addr.arpa
DNS

cdn.cookielaw.org

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdn.cookielaw.org

IN A

Response

cdn.cookielaw.org

IN A

104.19.188.97

cdn.cookielaw.org

IN A

104.19.187.97
DNS

static.grammarly.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.grammarly.com

IN A

Response

static.grammarly.com

IN CNAME

d1vo1zpued4nei.cloudfront.net

d1vo1zpued4nei.cloudfront.net

IN A

18.65.39.100

d1vo1zpued4nei.cloudfront.net

IN A

18.65.39.79

d1vo1zpued4nei.cloudfront.net

IN A

18.65.39.53

d1vo1zpued4nei.cloudfront.net

IN A

18.65.39.31
DNS

treatment.grammarly.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

treatment.grammarly.com

IN A

Response

treatment.grammarly.com

IN CNAME

public-treatment.prod-experimentation.grammarlyaws.com

public-treatment.prod-experimentation.grammarlyaws.com

IN A

52.86.179.7

public-treatment.prod-experimentation.grammarlyaws.com

IN A

54.237.209.135

public-treatment.prod-experimentation.grammarlyaws.com

IN A

44.194.142.66

public-treatment.prod-experimentation.grammarlyaws.com

IN A

52.7.23.180

public-treatment.prod-experimentation.grammarlyaws.com

IN A

52.207.122.210

public-treatment.prod-experimentation.grammarlyaws.com

IN A

35.153.122.130

public-treatment.prod-experimentation.grammarlyaws.com

IN A

54.87.203.245

public-treatment.prod-experimentation.grammarlyaws.com

IN A

18.205.210.195
GET

https://cdn.cookielaw.org/consent/c6c558ad-cd49-418e-af8a-61680371a5f2/OtAutoBlock.js

IEXPLORE.EXE

Remote address:

104.19.188.97:443

Request

GET /consent/c6c558ad-cd49-418e-af8a-61680371a5f2/OtAutoBlock.js HTTP/2.0
host: cdn.cookielaw.org
accept: application/javascript, */*;q=0.8
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:47 GMT
content-type: application/x-javascript
content-length: 2655
cache-control: public, max-age=86400
content-encoding: gzip
content-md5: vcVY0jSl8n+9oitny55vEg==
last-modified: Wed, 21 Dec 2022 22:02:31 GMT
etag: 0x8DAE39F0E9E4ACF
x-ms-request-id: a60a100c-001e-00de-0987-15884f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 44229
expires: Thu, 16 Mar 2023 15:02:47 GMT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7a85a3b20c74b8c6-AMS
GET

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

IEXPLORE.EXE

Remote address:

104.19.188.97:443

Request

GET /scripttemplates/otSDKStub.js HTTP/2.0
host: cdn.cookielaw.org
accept: application/javascript, */*;q=0.8
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:47 GMT
content-type: application/javascript
content-length: 8618
content-encoding: gzip
content-md5: XP5ufGIMVAznk1F+pqtwzg==
last-modified: Mon, 13 Mar 2023 03:48:21 GMT
etag: 0x8DB2375CA38422A
x-ms-request-id: ce0ead54-a01e-0132-10dc-55c663000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 74871
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7a85a3b21c75b8c6-AMS
GET

https://cdn.cookielaw.org/consent/c6c558ad-cd49-418e-af8a-61680371a5f2/c6c558ad-cd49-418e-af8a-61680371a5f2.json

IEXPLORE.EXE

Remote address:

104.19.188.97:443

Request

GET /consent/c6c558ad-cd49-418e-af8a-61680371a5f2/c6c558ad-cd49-418e-af8a-61680371a5f2.json HTTP/2.0
host: cdn.cookielaw.org
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:47 GMT
content-type: application/x-javascript
content-length: 1649
cache-control: public, max-age=86400
content-encoding: gzip
content-md5: wbQS0hgqGO+Xsy0zRvtriA==
last-modified: Wed, 21 Dec 2022 22:02:30 GMT
etag: 0x8DAE39F0E901C13
x-ms-request-id: 6de224a1-901e-003e-8087-156ec7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 44087
expires: Thu, 16 Mar 2023 15:02:47 GMT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7a85a3b30e1bb8c6-AMS
GET

https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

IEXPLORE.EXE

Remote address:

104.19.188.97:443

Request

GET /scripttemplates/202211.2.0/otBannerSdk.js HTTP/2.0
host: cdn.cookielaw.org
accept: application/javascript, */*;q=0.8
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:49 GMT
content-type: application/javascript
content-length: 93482
content-encoding: gzip
content-md5: uPFqyxtrxGqJsyAvB7RnSg==
last-modified: Mon, 12 Dec 2022 17:31:45 GMT
etag: 0x8DADC66BDFA5EC7
x-ms-request-id: cffcc2f9-101e-0024-13c4-0e41a8000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 75064
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7a85a3c09827b8c6-AMS
GET

https://cdn.cookielaw.org/consent/c6c558ad-cd49-418e-af8a-61680371a5f2/6dc75446-ad78-45cc-8266-579a014a8320/en.json

IEXPLORE.EXE

Remote address:

104.19.188.97:443

Request

GET /consent/c6c558ad-cd49-418e-af8a-61680371a5f2/6dc75446-ad78-45cc-8266-579a014a8320/en.json HTTP/2.0
host: cdn.cookielaw.org
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:49 GMT
content-type: application/x-javascript
content-length: 15899
cache-control: public, max-age=86400
content-encoding: gzip
content-md5: +s9dcMvrv2a9dcupE2UQ7w==
last-modified: Wed, 21 Dec 2022 22:02:33 GMT
etag: 0x8DAE39F1033555D
x-ms-request-id: 68656850-001e-00b3-3a87-152261000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 51757
expires: Thu, 16 Mar 2023 15:02:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7a85a3c1a981b8c6-AMS
GET

https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/otFlat.json

IEXPLORE.EXE

Remote address:

104.19.188.97:443

Request

GET /scripttemplates/202211.2.0/assets/otFlat.json HTTP/2.0
host: cdn.cookielaw.org
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:49 GMT
content-type: application/json
content-length: 3020
content-encoding: gzip
content-md5: vO8A/abKpoPacUrvSk9OSw==
last-modified: Mon, 12 Dec 2022 17:31:35 GMT
etag: 0x8DADC66B7AF38D0
x-ms-request-id: c301d364-601e-0046-5887-150670000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 43013
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7a85a3c25a85b8c6-AMS
GET

https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/otCommonStyles.css

IEXPLORE.EXE

Remote address:

104.19.188.97:443

Request

GET /scripttemplates/202211.2.0/assets/otCommonStyles.css HTTP/2.0
host: cdn.cookielaw.org
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:50 GMT
content-type: text/css
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
last-modified: Mon, 12 Dec 2022 17:31:50 GMT
x-ms-request-id: 19db3ccc-901e-0058-6287-15dc9d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 43014
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7a85a3c27ab3b8c6-AMS
content-encoding: gzip
GET

https://static.grammarly.com/assets/files/011ca8e2dff4aaab3dee2e23ea596228/instagram.svg

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/011ca8e2dff4aaab3dee2e23ea596228/instagram.svg HTTP/2.0
host: static.grammarly.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: image/svg+xml
content-length: 675
date: Mon, 16 Jan 2023 05:56:39 GMT
last-modified: Mon, 25 Jul 2022 19:37:59 GMT
etag: "011ca8e2dff4aaab3dee2e23ea596228"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: wDjMYGWRuVGdJnckvz68RlWy2tNdIp_P1CX1WDWASbFMw5PZwcr5XQ==
age: 5043967
GET

https://static.grammarly.com/assets/files/5de36dcb71b73df81e64b8df4e59b595/logo.svg

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/5de36dcb71b73df81e64b8df4e59b595/logo.svg HTTP/2.0
host: static.grammarly.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: image/svg+xml
content-length: 284
date: Tue, 31 Jan 2023 05:55:55 GMT
last-modified: Mon, 25 Jul 2022 19:38:01 GMT
etag: "5d05ce2d651b6061eb640d5674bc076c"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: 2hzahIf_QwFLSzeUpbLSU-W5tbhOws6X9kXvBTk6phdAs9vzbY9sjA==
age: 3748012
GET

https://static.grammarly.com/assets/files/5d05ce2d651b6061eb640d5674bc076c/facebook.svg

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/5d05ce2d651b6061eb640d5674bc076c/facebook.svg HTTP/2.0
host: static.grammarly.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: image/svg+xml
content-length: 632
date: Tue, 24 Jan 2023 01:27:41 GMT
last-modified: Mon, 25 Jul 2022 19:38:03 GMT
etag: "cec7137434d7c1fd568c54c6ec623e83"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: 6tgowohE8bJg6syBdYvwSterOy1JRFpIxPyIVHVFWT2DLtdtSg7Ugg==
age: 4368906
GET

https://static.grammarly.com/assets/files/cec7137434d7c1fd568c54c6ec623e83/twitter.svg

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/cec7137434d7c1fd568c54c6ec623e83/twitter.svg HTTP/2.0
host: static.grammarly.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: image/svg+xml
content-length: 484
date: Thu, 02 Feb 2023 01:32:38 GMT
last-modified: Mon, 25 Jul 2022 19:38:03 GMT
etag: "b87493b2cca3637c0e07f6e37f3cdd83"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: 980pjLkkQ3gPGVSCkSuw5q-hSo-81Kge4uJDb_PaHug8m96vQzXNow==
age: 3591009
GET

https://static.grammarly.com/assets/files/b87493b2cca3637c0e07f6e37f3cdd83/linkedin.svg

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/b87493b2cca3637c0e07f6e37f3cdd83/linkedin.svg HTTP/2.0
host: static.grammarly.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/javascript; charset=UTF-8
date: Mon, 13 Mar 2023 20:57:08 GMT
last-modified: Mon, 13 Mar 2023 20:31:25 GMT
etag: W/"11f63c3c3ea8351955478b1fae1d9144"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: nlRX72ymE-zjIOi7B9Lfkbewu3lc5coUOzU-j0ixegykA5CIoqDcBg==
age: 151539
GET

https://static.grammarly.com/assets/js/b45f0c572b5d45725a8e/vendor.js

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/js/b45f0c572b5d45725a8e/vendor.js HTTP/2.0
host: static.grammarly.com
accept: application/javascript, */*;q=0.8
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/javascript; charset=UTF-8
date: Tue, 14 Mar 2023 22:56:20 GMT
last-modified: Tue, 14 Mar 2023 22:42:08 GMT
etag: W/"402d29555baea7718052849f95b7c9cf"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: jewVquadFPTtvyMI5pDWORbp1DmBNhFPAAo4YjLs40DUy0v6bFJnXg==
age: 57987
GET

https://static.grammarly.com/assets/js/d108f61b2f4e49ca7f48/main.js

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/js/d108f61b2f4e49ca7f48/main.js HTTP/2.0
host: static.grammarly.com
accept: application/javascript, */*;q=0.8
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: image/svg+xml
date: Mon, 13 Mar 2023 12:46:33 GMT
last-modified: Tue, 16 Feb 2021 19:03:52 GMT
etag: W/"5de36dcb71b73df81e64b8df4e59b595"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: _YD2deaIAevPpRBgHZep5PXsjmiFD2STKf6QrYXSsAp3TakhE2Q0yw==
age: 180974
GET

https://static.grammarly.com/assets/js/bd86025ed9fe19c849a9/accountDeleted~accountTypeSelection~affiliateHome~businessActivate~businessAdminWelcome~businessConf~1876d008.js

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/js/bd86025ed9fe19c849a9/accountDeleted~accountTypeSelection~affiliateHome~businessActivate~businessAdminWelcome~businessConf~1876d008.js HTTP/2.0
host: static.grammarly.com
accept: application/javascript, */*;q=0.8
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/javascript; charset=UTF-8
date: Tue, 14 Mar 2023 20:34:43 GMT
last-modified: Tue, 14 Mar 2023 20:01:47 GMT
etag: W/"123ef5e3ccd581ab3f09db17aa06e6ae"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: QwtZbxlRhfP9kT-C2Vsv4Al2w2Qi1NbUynjklUliODePD2e8MUDLyg==
age: 66484
GET

https://static.grammarly.com/assets/js/c2509c8e2f40468b27ff/error404.js

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/js/c2509c8e2f40468b27ff/error404.js HTTP/2.0
host: static.grammarly.com
accept: application/javascript, */*;q=0.8
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/javascript; charset=UTF-8
date: Mon, 13 Mar 2023 21:02:09 GMT
last-modified: Mon, 13 Mar 2023 20:31:26 GMT
etag: W/"84612522eb49f074465166a8d01c8ca5"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: ndXoOx3qSRYBHPm5D7UCNSLY42_LPpzt_WcWbnR0D7Q5msJlc4jK5Q==
age: 151238
GET

https://static.grammarly.com/assets/files/a2300ffba93d1b8986f6351e8bb5296b/lato-light.woff

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/a2300ffba93d1b8986f6351e8bb5296b/lato-light.woff HTTP/2.0
host: static.grammarly.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/font-woff
content-length: 21404
date: Thu, 25 Aug 2022 05:13:14 GMT
access-control-allow-origin: https://www.grammarly.com
access-control-allow-methods: GET, HEAD
access-control-expose-headers: ETag
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Tue, 16 Feb 2021 19:04:08 GMT
etag: "a2300ffba93d1b8986f6351e8bb5296b"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: xHE69PHtDwbRWC5kgw2IxaFxzioK4owU9QX8L-s-df4TRynkmd9Q7g==
age: 17488174
GET

https://static.grammarly.com/assets/files/f37bc8b02ffedbffa9445e40238fbfa4/lato-regular.woff

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/f37bc8b02ffedbffa9445e40238fbfa4/lato-regular.woff HTTP/2.0
host: static.grammarly.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/font-woff
content-length: 21484
date: Wed, 25 Jan 2023 05:31:13 GMT
access-control-allow-origin: https://www.grammarly.com
access-control-allow-methods: GET, HEAD
access-control-expose-headers: ETag
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Tue, 16 Feb 2021 19:04:28 GMT
etag: "f37bc8b02ffedbffa9445e40238fbfa4"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: 0JV_bfBQ1tstNhUyhqfybFSjR0ypKfQj9l-c1Hk-Qldi9GtYm3Etbg==
age: 4267894
GET

https://static.grammarly.com/assets/files/3a12ad1b87191806ec79ad06d2b69f10/lato-light-italic.woff

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/3a12ad1b87191806ec79ad06d2b69f10/lato-light-italic.woff HTTP/2.0
host: static.grammarly.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/font-woff
content-length: 20352
date: Mon, 29 Aug 2022 02:46:37 GMT
access-control-allow-origin: https://www.grammarly.com
access-control-allow-methods: GET, HEAD
access-control-expose-headers: ETag
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Tue, 16 Feb 2021 19:03:46 GMT
etag: "3a12ad1b87191806ec79ad06d2b69f10"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: 1UxM7C7y7oC5gDqTbAddJQGFs1YqCdHgZytmBLNHTagxYWRSOpk8HA==
age: 17151371
GET

https://static.grammarly.com/assets/files/701f653bd5effdfb332789a497531f0c/lato-italic.woff

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/701f653bd5effdfb332789a497531f0c/lato-italic.woff HTTP/2.0
host: static.grammarly.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/font-woff
content-length: 20500
date: Sun, 18 Sep 2022 05:41:08 GMT
access-control-allow-origin: https://www.grammarly.com
access-control-allow-methods: GET, HEAD
access-control-expose-headers: ETag
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Tue, 16 Feb 2021 19:03:56 GMT
etag: "701f653bd5effdfb332789a497531f0c"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: tZEjHWcumYoOxNZWTEMQ0nyGEAl4O01JmMJ7yV8jdfqs4RgmYKk5Yg==
age: 15412899
GET

https://static.grammarly.com/assets/files/93ef2254d41ece1d04166cc29b599458/Inter-Thin-BETA.woff

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/93ef2254d41ece1d04166cc29b599458/Inter-Thin-BETA.woff HTTP/2.0
host: static.grammarly.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/font-woff
content-length: 136244
date: Wed, 07 Sep 2022 07:15:14 GMT
access-control-allow-origin: https://www.grammarly.com
access-control-allow-methods: GET, HEAD
access-control-expose-headers: ETag
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Tue, 16 Feb 2021 19:04:05 GMT
etag: "93ef2254d41ece1d04166cc29b599458"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: ZGB7Kj3w2US_TpYN8VYAhll6YhXvb__8KPoKvy3bMqyeyK9b3h-1JQ==
age: 16357655
GET

https://static.grammarly.com/assets/files/a65720437b6a770ccaffae97c8bd67b9/Inter-ThinItalic-BETA.woff

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/a65720437b6a770ccaffae97c8bd67b9/Inter-ThinItalic-BETA.woff HTTP/2.0
host: static.grammarly.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/font-woff
content-length: 143340
date: Tue, 10 Jan 2023 06:31:50 GMT
access-control-allow-origin: https://www.grammarly.com
access-control-allow-methods: GET, HEAD
access-control-expose-headers: ETag
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Tue, 16 Feb 2021 19:04:09 GMT
etag: "a65720437b6a770ccaffae97c8bd67b9"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: RVUrQDT3W8prclk9YE1vflsDpoQ_4CgE5EWz7znkbVkDLSqkbD9u2w==
age: 5560259
GET

https://static.grammarly.com/assets/files/a09af54a43cae85600f0f10583ad19fb/Inter-ExtraLight-BETA.woff

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/a09af54a43cae85600f0f10583ad19fb/Inter-ExtraLight-BETA.woff HTTP/2.0
host: static.grammarly.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/font-woff
content-length: 137104
date: Sat, 12 Nov 2022 07:23:34 GMT
access-control-allow-origin: https://www.grammarly.com
access-control-allow-methods: GET, HEAD
access-control-expose-headers: ETag
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Tue, 16 Feb 2021 19:04:08 GMT
etag: "a09af54a43cae85600f0f10583ad19fb"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: aAkGzdGbOfbKTQfiHCLINfeBMPCw2LMEmY6Arumhx7T5y4sm748T1g==
age: 10654754
GET

https://static.grammarly.com/assets/files/5be26fde07593fcad7123610d055a33c/Inter-ExtraLightItalic-BETA.woff

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/5be26fde07593fcad7123610d055a33c/Inter-ExtraLightItalic-BETA.woff HTTP/2.0
host: static.grammarly.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/font-woff
content-length: 143148
date: Thu, 19 Jan 2023 09:00:41 GMT
access-control-allow-origin: https://www.grammarly.com
access-control-allow-methods: GET, HEAD
access-control-expose-headers: ETag
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Tue, 16 Feb 2021 19:03:52 GMT
etag: "5be26fde07593fcad7123610d055a33c"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: ZOBaCgwtwqawVSlzBxLsiEljEXrL4tz_0obf6wmzpZQiqjRoFWpvAw==
age: 4773728
GET

https://static.grammarly.com/assets/files/39a510c28179c25e0e4f65524d8d5394/Inter-Light-BETA.woff

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/39a510c28179c25e0e4f65524d8d5394/Inter-Light-BETA.woff HTTP/2.0
host: static.grammarly.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/font-woff
content-length: 135344
date: Sat, 20 Aug 2022 05:35:05 GMT
access-control-allow-origin: https://www.grammarly.com
access-control-allow-methods: GET, HEAD
access-control-expose-headers: ETag
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Tue, 16 Feb 2021 19:03:45 GMT
etag: "39a510c28179c25e0e4f65524d8d5394"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: H9hgzn0s2RSQQmXUSkIxZqEEkJJUBC4u7DzhTKdzS2nEDEYHTJ8IWQ==
age: 17918864
GET

https://static.grammarly.com/assets/files/8c35c38451d802f149fcbc7e9004193e/Inter-LightItalic-BETA.woff

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/8c35c38451d802f149fcbc7e9004193e/Inter-LightItalic-BETA.woff HTTP/2.0
host: static.grammarly.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/font-woff
content-length: 141680
date: Sat, 21 Jan 2023 03:59:33 GMT
access-control-allow-origin: https://www.grammarly.com
access-control-allow-methods: GET, HEAD
access-control-expose-headers: ETag
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Tue, 16 Feb 2021 19:04:03 GMT
etag: "8c35c38451d802f149fcbc7e9004193e"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: Uv42jXfNDauO9F9a-zD77sPTsPQAdDKwQcfWZXmtsnS909UDGnhF0Q==
age: 4618996
GET

https://static.grammarly.com/assets/files/88b63c27cdce33467477f6b31373c11b/Inter-Italic.woff

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/88b63c27cdce33467477f6b31373c11b/Inter-Italic.woff HTTP/2.0
host: static.grammarly.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/font-woff
content-length: 133352
date: Sun, 25 Sep 2022 05:15:46 GMT
access-control-allow-origin: https://www.grammarly.com
access-control-allow-methods: GET, HEAD
access-control-expose-headers: ETag
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Tue, 16 Feb 2021 19:04:02 GMT
etag: "88b63c27cdce33467477f6b31373c11b"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: gUDMt4oTu-uihPHlZizk52U9hKGNx2wiAFBrYwWG3SmqywupJMv38w==
age: 14809623
GET

https://static.grammarly.com/assets/files/da83100fc42a3c359ae8e3038a4a5e90/Inter-Regular.woff

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/da83100fc42a3c359ae8e3038a4a5e90/Inter-Regular.woff HTTP/2.0
host: static.grammarly.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/font-woff
content-length: 133564
date: Tue, 24 Jan 2023 07:26:31 GMT
access-control-allow-origin: https://www.grammarly.com
access-control-allow-methods: GET, HEAD
access-control-expose-headers: ETag
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Tue, 16 Feb 2021 19:03:56 GMT
etag: "70f84e39477b8c33dbc1900a4bacb20f"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: QGy2mylL-O1wWeEuhdiOkGQ1epd_j8Kq3KhAYMeMzaDtzemBGKuG7Q==
age: 4347378
GET

https://static.grammarly.com/assets/files/70f84e39477b8c33dbc1900a4bacb20f/Inter-Medium.woff

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/70f84e39477b8c33dbc1900a4bacb20f/Inter-Medium.woff HTTP/2.0
host: static.grammarly.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/font-woff
content-length: 139832
date: Thu, 10 Nov 2022 02:01:35 GMT
access-control-allow-origin: https://www.grammarly.com
access-control-allow-methods: GET, HEAD
access-control-expose-headers: ETag
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Tue, 16 Feb 2021 19:04:22 GMT
etag: "de9b0866cf73188ae7ca0292a439d6a4"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: WHrdn5tYEGqeD4AEnGP7NA5nd8FY-Z9rPs5-Jo7cd7N6BBp6Tb_P8A==
age: 10846874
GET

https://static.grammarly.com/assets/files/de9b0866cf73188ae7ca0292a439d6a4/Inter-MediumItalic.woff

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/de9b0866cf73188ae7ca0292a439d6a4/Inter-MediumItalic.woff HTTP/2.0
host: static.grammarly.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/font-woff
content-length: 139884
date: Fri, 09 Sep 2022 05:15:47 GMT
access-control-allow-origin: https://www.grammarly.com
access-control-allow-methods: GET, HEAD
access-control-expose-headers: ETag
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Tue, 16 Feb 2021 19:04:28 GMT
etag: "f576c8b25d49a2b711be3760e7be4022"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: yhrkORTnnXqCItwSS7iuxB9DekqJxNUcUmgMd96uFx-MNlAYVzGAwQ==
age: 16192022
GET

https://static.grammarly.com/assets/files/548fae5eac276c84e8e47658147c1dd0/Inter-SemiBold.woff

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/548fae5eac276c84e8e47658147c1dd0/Inter-SemiBold.woff HTTP/2.0
host: static.grammarly.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/font-woff
content-length: 133948
date: Fri, 10 Mar 2023 09:20:41 GMT
access-control-allow-origin: https://www.grammarly.com
access-control-allow-methods: GET, HEAD
access-control-expose-headers: ETag
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Tue, 16 Feb 2021 19:03:51 GMT
etag: "548fae5eac276c84e8e47658147c1dd0"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: A_0-xgpIregx3jGS67mTlbMm07tZs-7oGgE0YbyJrNOdFOZNnDrqhw==
age: 452528
GET

https://static.grammarly.com/assets/files/f576c8b25d49a2b711be3760e7be4022/Inter-SemiBoldItalic.woff

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/f576c8b25d49a2b711be3760e7be4022/Inter-SemiBoldItalic.woff HTTP/2.0
host: static.grammarly.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/font-woff
content-length: 134424
date: Sun, 12 Mar 2023 09:21:18 GMT
access-control-allow-origin: https://www.grammarly.com
access-control-allow-methods: GET, HEAD
access-control-expose-headers: ETag
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Tue, 16 Feb 2021 19:04:14 GMT
etag: "b788e8a0ec2b2ab3fe6f0d17e4508835"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: oVhFFxkGqxLaNWcfxeq8kSxM6mKF3UMB6H7Ri_qVat5JCIRzMTSwJQ==
age: 279691
GET

https://static.grammarly.com/assets/files/b788e8a0ec2b2ab3fe6f0d17e4508835/Inter-Bold.woff

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/b788e8a0ec2b2ab3fe6f0d17e4508835/Inter-Bold.woff HTTP/2.0
host: static.grammarly.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/font-woff
content-length: 140044
date: Tue, 01 Nov 2022 00:36:18 GMT
access-control-allow-origin: https://www.grammarly.com
access-control-allow-methods: GET, HEAD
access-control-expose-headers: ETag
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Tue, 16 Feb 2021 19:04:26 GMT
etag: "ebef654642ae42ba62e081cb7c9799d1"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: qIAzwkZbDQr_vDN3GDuEMNfksvKQQ-h8xMQrr7ao19fikyv21K5YxA==
age: 11629591
GET

https://static.grammarly.com/assets/files/ebef654642ae42ba62e081cb7c9799d1/Inter-BoldItalic.woff

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/ebef654642ae42ba62e081cb7c9799d1/Inter-BoldItalic.woff HTTP/2.0
host: static.grammarly.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/font-woff
content-length: 134288
date: Tue, 20 Sep 2022 04:57:16 GMT
access-control-allow-origin: https://www.grammarly.com
access-control-allow-methods: GET, HEAD
access-control-expose-headers: ETag
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Tue, 16 Feb 2021 19:03:38 GMT
etag: "120ea2c83162244cf5f1e3e95e42a4a7"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: Z_MWau4cTziOS7bGx21PIcmlXPKz4X398wKIhNPfXnq_32X_Iq1JQg==
age: 15242732
GET

https://static.grammarly.com/assets/files/120ea2c83162244cf5f1e3e95e42a4a7/Inter-ExtraBold.woff

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/120ea2c83162244cf5f1e3e95e42a4a7/Inter-ExtraBold.woff HTTP/2.0
host: static.grammarly.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/font-woff
content-length: 139840
date: Thu, 01 Sep 2022 01:19:13 GMT
access-control-allow-origin: https://www.grammarly.com
access-control-allow-methods: GET, HEAD
access-control-expose-headers: ETag
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Tue, 16 Feb 2021 19:03:51 GMT
etag: "58948c2c7a1c604287e36da46a9b26ac"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: miKYY-0JRobLcbhHsFnr3MCwMmiTNE9dpJNmMY7X9wreZrUycZesNA==
age: 16897416
GET

https://static.grammarly.com/assets/files/58948c2c7a1c604287e36da46a9b26ac/Inter-ExtraBoldItalic.woff

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/58948c2c7a1c604287e36da46a9b26ac/Inter-ExtraBoldItalic.woff HTTP/2.0
host: static.grammarly.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/font-woff
content-length: 125420
date: Tue, 17 Jan 2023 06:09:44 GMT
access-control-allow-origin: https://www.grammarly.com
access-control-allow-methods: GET, HEAD
access-control-expose-headers: ETag
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Tue, 16 Feb 2021 19:04:21 GMT
etag: "da83100fc42a3c359ae8e3038a4a5e90"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: ChzGefmk7InlVRcu9N3n6kgK63s1Ih--7PDgGBPKv5qJaSfRREt3Aw==
age: 4956785
GET

https://static.grammarly.com/assets/files/abaeaaad10bd44e916afa871d0905620/Inter-Black.woff

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/abaeaaad10bd44e916afa871d0905620/Inter-Black.woff HTTP/2.0
host: static.grammarly.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/font-woff
content-length: 136588
date: Fri, 20 Jan 2023 08:24:15 GMT
access-control-allow-origin: https://www.grammarly.com
access-control-allow-methods: GET, HEAD
access-control-expose-headers: ETag
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Tue, 16 Feb 2021 19:04:13 GMT
etag: "b2f912ae1e6328973104ebcc98b01088"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: LDHbz9LqL6T9TAOysbZDFQUp1qqojMrTERN1DaC93eK6azN2ha4LHw==
age: 4689514
GET

https://static.grammarly.com/assets/files/b2f912ae1e6328973104ebcc98b01088/Inter-BlackItalic.woff

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/b2f912ae1e6328973104ebcc98b01088/Inter-BlackItalic.woff HTTP/2.0
host: static.grammarly.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: application/font-woff
content-length: 130852
date: Thu, 13 Oct 2022 13:23:42 GMT
access-control-allow-origin: https://www.grammarly.com
access-control-allow-methods: GET, HEAD
access-control-expose-headers: ETag
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Tue, 16 Feb 2021 19:04:11 GMT
etag: "abaeaaad10bd44e916afa871d0905620"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: cCWAPqO0LGQCvh9PzIVGrCKis6nPIKp_M0me354nlj8JIMXe7mGgXw==
age: 13225147
GET

https://static.grammarly.com/assets/files/3761a367585958358e00be33a74be39e/home.png

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/3761a367585958358e00be33a74be39e/home.png HTTP/2.0
host: static.grammarly.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: image/png
content-length: 373
date: Sun, 05 Jun 2022 02:33:12 GMT
last-modified: Tue, 16 Feb 2021 19:03:45 GMT
etag: "3761a367585958358e00be33a74be39e"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: 9EW45ZJo1dzE1gfhnmShBBy_BD6A3irMfjxZ-KuuEVwGm4-s1p7q_Q==
age: 24496177
GET

https://static.grammarly.com/assets/files/191f4507e3dfd224fdd2cb997e1ce0b4/back.png

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/191f4507e3dfd224fdd2cb997e1ce0b4/back.png HTTP/2.0
host: static.grammarly.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: image/png
content-length: 489
date: Mon, 28 Nov 2022 07:01:06 GMT
last-modified: Tue, 16 Feb 2021 19:03:42 GMT
etag: "26c40894a1389840dad349139cdfe4ee"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: x69vqM25_Qkdgj0qRraLkRXRfJOxCMe3FTDbq04olNdL1Imt4ar1uA==
age: 9273704
GET

https://static.grammarly.com/assets/files/26c40894a1389840dad349139cdfe4ee/support.png

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/26c40894a1389840dad349139cdfe4ee/support.png HTTP/2.0
host: static.grammarly.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: image/png
content-length: 452
date: Tue, 23 Aug 2022 06:23:48 GMT
last-modified: Tue, 16 Feb 2021 19:03:40 GMT
etag: "191f4507e3dfd224fdd2cb997e1ce0b4"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: LyWZlUWG4FaEenZvvAZw0wjIpaed7bRxJl_HJ8AF0X62mVU33sHrCA==
age: 17656742
GET

https://static.grammarly.com/assets/files/2340c99e5888c621067307ab254ae533/favicon-16x16.png

IEXPLORE.EXE

Remote address:

18.65.39.100:443

Request

GET /assets/files/2340c99e5888c621067307ab254ae533/favicon-16x16.png HTTP/2.0
host: static.grammarly.com
accept: */*
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

content-type: image/png
content-length: 402
date: Mon, 09 Jan 2023 05:59:47 GMT
last-modified: Tue, 16 Feb 2021 19:03:42 GMT
etag: "2340c99e5888c621067307ab254ae533"
x-amz-server-side-encryption: AES256
cache-control: max-age=365000000,immutable
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
x-cache: Hit from cloudfront
via: 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: vm37n5Aj7AHqmmrDJk9LROk851dYTPiyHL2xQ4u3oW5Faopk0bwexg==
age: 5648583
DNS

234.32.65.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.32.65.18.in-addr.arpa

IN PTR

Response

234.32.65.18.in-addr.arpa

IN PTR

server-18-65-32-234ams1r cloudfrontnet
DNS

234.32.65.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.32.65.18.in-addr.arpa

IN PTR

Response

234.32.65.18.in-addr.arpa

IN PTR

server-18-65-32-234ams1r cloudfrontnet
DNS

210.81.184.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.81.184.52.in-addr.arpa

IN PTR

Response
DNS

210.81.184.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.81.184.52.in-addr.arpa

IN PTR

Response
DNS

97.188.19.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.188.19.104.in-addr.arpa

IN PTR

Response
DNS

97.188.19.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.188.19.104.in-addr.arpa

IN PTR

Response
DNS

100.39.65.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

100.39.65.18.in-addr.arpa

IN PTR

Response

100.39.65.18.in-addr.arpa

IN PTR

server-18-65-39-100ams1r cloudfrontnet
DNS

100.39.65.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

100.39.65.18.in-addr.arpa

IN PTR

Response

100.39.65.18.in-addr.arpa

IN PTR

server-18-65-39-100ams1r cloudfrontnet
DNS

200.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.179.250.142.in-addr.arpa

IN PTR

Response

200.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f81e100net
DNS

200.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.179.250.142.in-addr.arpa

IN PTR

Response

200.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f81e100net
DNS

o565714.ingest.sentry.io

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o565714.ingest.sentry.io

IN A

Response

o565714.ingest.sentry.io

IN A

34.120.195.249
DNS

o565714.ingest.sentry.io

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

o565714.ingest.sentry.io

IN A

Response

o565714.ingest.sentry.io

IN A

34.120.195.249
POST

https://o565714.ingest.sentry.io/api/4504171580555264/envelope/?sentry_key=aaae17b2988c48ca823101d95adec9fd&sentry_version=7&sentry_client=sentry.javascript.react%2F7.28.1

IEXPLORE.EXE

Remote address:

34.120.195.249:443

Request

POST /api/4504171580555264/envelope/?sentry_key=aaae17b2988c48ca823101d95adec9fd&sentry_version=7&sentry_client=sentry.javascript.react%2F7.28.1 HTTP/2.0
host: o565714.ingest.sentry.io
accept: */*
content-type: text/plain;charset=UTF-8
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 498
cache-control: no-cache

Response

HTTP/2.0 200

server: nginx
date: Wed, 15 Mar 2023 15:02:49 GMT
content-type: application/json
content-length: 2
access-control-allow-origin: https://www.grammarly.com
access-control-expose-headers: x-sentry-error, x-sentry-rate-limits, retry-after
vary: Origin
x-envoy-upstream-service-time: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

f-log-at.grammarly.io

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

f-log-at.grammarly.io

IN A

Response

f-log-at.grammarly.io

IN A

54.84.71.5

f-log-at.grammarly.io

IN A

34.196.39.218

f-log-at.grammarly.io

IN A

18.205.218.99

f-log-at.grammarly.io

IN A

54.158.168.54

f-log-at.grammarly.io

IN A

107.23.64.210

f-log-at.grammarly.io

IN A

52.4.230.178

f-log-at.grammarly.io

IN A

3.213.125.214

f-log-at.grammarly.io

IN A

54.147.131.109
DNS

f-log-at.grammarly.io

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

f-log-at.grammarly.io

IN A

Response

f-log-at.grammarly.io

IN A

54.84.71.5

f-log-at.grammarly.io

IN A

34.196.39.218

f-log-at.grammarly.io

IN A

18.205.218.99

f-log-at.grammarly.io

IN A

54.158.168.54

f-log-at.grammarly.io

IN A

107.23.64.210

f-log-at.grammarly.io

IN A

52.4.230.178

f-log-at.grammarly.io

IN A

3.213.125.214

f-log-at.grammarly.io

IN A

54.147.131.109
DNS

35.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.36.251.142.in-addr.arpa

IN PTR

Response

35.36.251.142.in-addr.arpa

IN PTR

ams17s12-in-f31e100net
DNS

35.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.36.251.142.in-addr.arpa

IN PTR

Response

35.36.251.142.in-addr.arpa

IN PTR

ams17s12-in-f31e100net
DNS

110.39.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

110.39.251.142.in-addr.arpa

IN PTR

Response

110.39.251.142.in-addr.arpa

IN PTR

ams15s48-in-f141e100net
DNS

110.39.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

110.39.251.142.in-addr.arpa

IN PTR

Response

110.39.251.142.in-addr.arpa

IN PTR

ams15s48-in-f141e100net
DNS

249.195.120.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

249.195.120.34.in-addr.arpa

IN PTR

Response

249.195.120.34.in-addr.arpa

IN PTR

24919512034bcgoogleusercontentcom
DNS

gnar.grammarly.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

gnar.grammarly.com

IN A

Response

gnar.grammarly.com

IN A

3.216.158.246

gnar.grammarly.com

IN A

44.194.66.36

gnar.grammarly.com

IN A

34.199.50.218

gnar.grammarly.com

IN A

52.55.101.44

gnar.grammarly.com

IN A

100.24.132.158

gnar.grammarly.com

IN A

3.231.255.137

gnar.grammarly.com

IN A

34.235.23.129

gnar.grammarly.com

IN A

3.211.127.7
OPTIONS

https://f-log-at.grammarly.io/log

IEXPLORE.EXE

Remote address:

54.84.71.5:443

Request

OPTIONS /log HTTP/2.0
host: f-log-at.grammarly.io
accept: */*
origin: https://www.grammarly.com
access-control-request-method: POST
access-control-request-headers: content-type
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 0
cache-control: no-cache

Response

HTTP/2.0 204

date: Wed, 15 Mar 2023 15:02:49 GMT
access-control-allow-headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-security-policy: default-src 'none'
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1;mode=block
OPTIONS

https://f-log-at.grammarly.io/log

IEXPLORE.EXE

Remote address:

54.84.71.5:443

Request

OPTIONS /log HTTP/2.0
host: f-log-at.grammarly.io
accept: */*
origin: https://www.grammarly.com
access-control-request-method: POST
access-control-request-headers: content-type
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 0
cache-control: no-cache

Response

HTTP/2.0 204

date: Wed, 15 Mar 2023 15:02:49 GMT
access-control-allow-headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-security-policy: default-src 'none'
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1;mode=block
POST

https://f-log-at.grammarly.io/log

IEXPLORE.EXE

Remote address:

54.84.71.5:443

Request

POST /log HTTP/2.0
host: f-log-at.grammarly.io
accept: */*
content-type: application/json
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 500
cache-control: no-cache

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:49 GMT
content-length: 0
access-control-allow-headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-security-policy: default-src 'none'
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1;mode=block
POST

https://f-log-at.grammarly.io/log

IEXPLORE.EXE

Remote address:

54.84.71.5:443

Request

POST /log HTTP/2.0
host: f-log-at.grammarly.io
accept: */*
content-type: application/json
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 494
cache-control: no-cache

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:49 GMT
content-length: 0
access-control-allow-headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-security-policy: default-src 'none'
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1;mode=block
OPTIONS

https://f-log-at.grammarly.io/log

IEXPLORE.EXE

Remote address:

54.84.71.5:443

Request

OPTIONS /log HTTP/2.0
host: f-log-at.grammarly.io
accept: */*
origin: https://www.grammarly.com
access-control-request-method: POST
access-control-request-headers: content-type
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 0
cache-control: no-cache

Response

HTTP/2.0 204

date: Wed, 15 Mar 2023 15:02:49 GMT
access-control-allow-headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-security-policy: default-src 'none'
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1;mode=block
OPTIONS

https://f-log-at.grammarly.io/log

IEXPLORE.EXE

Remote address:

54.84.71.5:443

Request

OPTIONS /log HTTP/2.0
host: f-log-at.grammarly.io
accept: */*
origin: https://www.grammarly.com
access-control-request-method: POST
access-control-request-headers: content-type
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 0
cache-control: no-cache

Response

HTTP/2.0 204

date: Wed, 15 Mar 2023 15:02:49 GMT
access-control-allow-headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-security-policy: default-src 'none'
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1;mode=block
POST

https://f-log-at.grammarly.io/log

IEXPLORE.EXE

Remote address:

54.84.71.5:443

Request

POST /log HTTP/2.0
host: f-log-at.grammarly.io
accept: */*
content-type: application/json
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 584
cache-control: no-cache

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:50 GMT
content-length: 0
access-control-allow-headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-security-policy: default-src 'none'
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1;mode=block
POST

https://f-log-at.grammarly.io/log

IEXPLORE.EXE

Remote address:

54.84.71.5:443

Request

POST /log HTTP/2.0
host: f-log-at.grammarly.io
accept: */*
content-type: application/json
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 584
cache-control: no-cache

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:50 GMT
content-length: 0
access-control-allow-headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-security-policy: default-src 'none'
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1;mode=block
OPTIONS

https://f-log-at.grammarly.io/log

IEXPLORE.EXE

Remote address:

54.84.71.5:443

Request

OPTIONS /log HTTP/2.0
host: f-log-at.grammarly.io
accept: */*
origin: https://www.grammarly.com
access-control-request-method: POST
access-control-request-headers: content-type
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 0
cache-control: no-cache

Response

HTTP/2.0 204

date: Wed, 15 Mar 2023 15:02:50 GMT
access-control-allow-headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-security-policy: default-src 'none'
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1;mode=block
OPTIONS

https://f-log-at.grammarly.io/log

IEXPLORE.EXE

Remote address:

54.84.71.5:443

Request

OPTIONS /log HTTP/2.0
host: f-log-at.grammarly.io
accept: */*
origin: https://www.grammarly.com
access-control-request-method: POST
access-control-request-headers: content-type
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 0
cache-control: no-cache

Response

HTTP/2.0 204

date: Wed, 15 Mar 2023 15:02:51 GMT
access-control-allow-headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-security-policy: default-src 'none'
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1;mode=block
POST

https://f-log-at.grammarly.io/log

IEXPLORE.EXE

Remote address:

54.84.71.5:443

Request

POST /log HTTP/2.0
host: f-log-at.grammarly.io
accept: */*
content-type: application/json
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 613
cache-control: no-cache

Response

HTTP/2.0 204

date: Wed, 15 Mar 2023 15:02:51 GMT
access-control-allow-headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-security-policy: default-src 'none'
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1;mode=block
OPTIONS

https://f-log-at.grammarly.io/log

IEXPLORE.EXE

Remote address:

54.84.71.5:443

Request

OPTIONS /log HTTP/2.0
host: f-log-at.grammarly.io
accept: */*
origin: https://www.grammarly.com
access-control-request-method: POST
access-control-request-headers: content-type
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 0
cache-control: no-cache

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:51 GMT
content-length: 0
access-control-allow-headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-security-policy: default-src 'none'
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1;mode=block
POST

https://f-log-at.grammarly.io/log

IEXPLORE.EXE

Remote address:

54.84.71.5:443

Request

POST /log HTTP/2.0
host: f-log-at.grammarly.io
accept: */*
content-type: application/json
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 613
cache-control: no-cache

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:51 GMT
content-length: 0
access-control-allow-headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-security-policy: default-src 'none'
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1;mode=block
OPTIONS

https://f-log-at.grammarly.io/log

IEXPLORE.EXE

Remote address:

54.84.71.5:443

Request

OPTIONS /log HTTP/2.0
host: f-log-at.grammarly.io
accept: */*
origin: https://www.grammarly.com
access-control-request-method: POST
access-control-request-headers: content-type
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 0
cache-control: no-cache

Response

HTTP/2.0 204

date: Wed, 15 Mar 2023 15:02:51 GMT
access-control-allow-headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-security-policy: default-src 'none'
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1;mode=block
POST

https://f-log-at.grammarly.io/log

IEXPLORE.EXE

Remote address:

54.84.71.5:443

Request

POST /log HTTP/2.0
host: f-log-at.grammarly.io
accept: */*
content-type: application/json
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 584
cache-control: no-cache

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:51 GMT
content-length: 0
access-control-allow-headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-security-policy: default-src 'none'
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1;mode=block
POST

https://f-log-at.grammarly.io/log

IEXPLORE.EXE

Remote address:

54.84.71.5:443

Request

POST /log HTTP/2.0
host: f-log-at.grammarly.io
accept: */*
content-type: application/json
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 584
cache-control: no-cache

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:51 GMT
content-length: 0
access-control-allow-headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-security-policy: default-src 'none'
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1;mode=block
OPTIONS

https://gnar.grammarly.com/events

IEXPLORE.EXE

Remote address:

3.216.158.246:443

Request

OPTIONS /events HTTP/2.0
host: gnar.grammarly.com
accept: */*
origin: https://www.grammarly.com
access-control-request-method: POST
access-control-request-headers: content-type
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 0
cache-control: no-cache

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:49 GMT
content-length: 0
vary: Origin
access-control-max-age: 1800
access-control-allow-origin: https://www.grammarly.com
access-control-allow-headers: X-Requested-With,Content-Type,Accept,Origin
access-control-allow-methods: GET,PUT,POST,HEAD,DELETE
access-control-allow-credentials: true
OPTIONS

https://gnar.grammarly.com/events

IEXPLORE.EXE

Remote address:

3.216.158.246:443

Request

OPTIONS /events HTTP/2.0
host: gnar.grammarly.com
accept: */*
origin: https://www.grammarly.com
access-control-request-method: POST
access-control-request-headers: content-type
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 0
cache-control: no-cache

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:49 GMT
content-length: 0
vary: Origin
access-control-max-age: 1800
access-control-allow-origin: https://www.grammarly.com
access-control-allow-headers: X-Requested-With,Content-Type,Accept,Origin
access-control-allow-methods: GET,PUT,POST,HEAD,DELETE
access-control-allow-credentials: true
POST

https://gnar.grammarly.com/events

IEXPLORE.EXE

Remote address:

3.216.158.246:443

Request

POST /events HTTP/2.0
host: gnar.grammarly.com
accept: */*
content-type: application/json
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 712
cache-control: no-cache
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:50 GMT
content-length: 0
vary: Origin
cache-control: no-cache
referrer-policy: no-referrer
x-content-type-options: nosniff
content-security-policy: default-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: https://www.grammarly.com
access-control-allow-credentials: true
POST

https://gnar.grammarly.com/events

IEXPLORE.EXE

Remote address:

3.216.158.246:443

Request

POST /events HTTP/2.0
host: gnar.grammarly.com
accept: */*
content-type: application/json
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 771
cache-control: no-cache
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:50 GMT
content-length: 0
vary: Origin
cache-control: no-cache
referrer-policy: no-referrer
x-content-type-options: nosniff
content-security-policy: default-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: https://www.grammarly.com
access-control-allow-credentials: true
POST

https://gnar.grammarly.com/events

IEXPLORE.EXE

Remote address:

3.216.158.246:443

Request

POST /events HTTP/2.0
host: gnar.grammarly.com
accept: */*
content-type: application/json
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 617
cache-control: no-cache
cookie: grauth=AABL5yVCjlxcDn8iIKG-Eq1S8-GnM0F46sP5CC9YZPXvAtZShvvxmVO3WPfRCJRsZtYMWs4YnokROqVe; csrf-token=AABL5yIdHN260TytOtdhldeEkLM4xvBgbOhtHQ; gnar_containerId=uqor7rqrjih80ao1; funnelType=free; redirect_location=eyJ0eXBlIjoiIiwibG9jYXRpb24iOiJodHRwczovL3d3dy5ncmFtbWFybHkuY29tLy0tIn0=; browser_info=IE:11:COMPUTER:SUPPORTED:NONFREEMIUM:WINDOWS_10:WINDOWS; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Mar+15+2023+16%3A02%3A48+GMT%2B0000+(Coordinated+Universal+Time)&version=202211.2.0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fwww.grammarly.com%2F--&groups=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1; _ga=GA1.2.349171042.1678896169; _gid=GA1.2.58853605.1678896169; ga_clientId=349171042.1678896169

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:50 GMT
content-length: 0
vary: Origin
cache-control: no-cache
referrer-policy: no-referrer
x-content-type-options: nosniff
content-security-policy: default-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: https://www.grammarly.com
access-control-allow-credentials: true
DNS

f-log-test.grammarly.io

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

f-log-test.grammarly.io

IN A

Response

f-log-test.grammarly.io

IN A

52.1.61.109

f-log-test.grammarly.io

IN A

34.239.197.243

f-log-test.grammarly.io

IN A

44.213.140.124

f-log-test.grammarly.io

IN A

34.194.107.134

f-log-test.grammarly.io

IN A

34.231.226.0

f-log-test.grammarly.io

IN A

3.208.62.181

f-log-test.grammarly.io

IN A

34.224.155.157

f-log-test.grammarly.io

IN A

23.22.96.25
DNS

f-log-test.grammarly.io

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

f-log-test.grammarly.io

IN A

Response

f-log-test.grammarly.io

IN A

50.16.222.188

f-log-test.grammarly.io

IN A

54.87.93.122

f-log-test.grammarly.io

IN A

3.209.171.220

f-log-test.grammarly.io

IN A

54.204.52.243

f-log-test.grammarly.io

IN A

35.170.91.227

f-log-test.grammarly.io

IN A

34.194.107.134

f-log-test.grammarly.io

IN A

54.147.131.109

f-log-test.grammarly.io

IN A

44.205.72.237
DNS

geolocation.onetrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

geolocation.onetrust.com

IN A

Response

geolocation.onetrust.com

IN A

172.64.144.98

geolocation.onetrust.com

IN A

104.18.43.158
DNS

geolocation.onetrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

geolocation.onetrust.com

IN A

Response

geolocation.onetrust.com

IN A

172.64.144.98

geolocation.onetrust.com

IN A

104.18.43.158
DNS

ocsp.r2m02.amazontrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.r2m02.amazontrust.com

IN A

Response

ocsp.r2m02.amazontrust.com

IN A

18.65.32.234
DNS

ocsp.r2m02.amazontrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.r2m02.amazontrust.com

IN A

Response

ocsp.r2m02.amazontrust.com

IN A

18.65.32.234
GET

https://f-log-test.grammarly.io/ts?p=prod.error404.internet%2520explorer&c.pageVisit=1

IEXPLORE.EXE

Remote address:

52.1.61.109:443

Request

GET /ts?p=prod.error404.internet%2520explorer&c.pageVisit=1 HTTP/2.0
host: f-log-test.grammarly.io
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:49 GMT
content-length: 0
access-control-allow-headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
access-control-allow-headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-allow-origin: *
content-security-policy: default-src 'none'
content-security-policy: default-src 'none'
referrer-policy: no-referrer
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-content-type-options: nosniff
x-frame-options: DENY
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-xss-protection: 1;mode=block
GET

https://f-log-test.grammarly.io/ts?p=prod.error404.internet%2520explorer.11-0.IN&t.app-did-mount=2597.4865&t.app-init-end=2903.4865&t.app-init-start=2413.0865&t.ttfb=1

IEXPLORE.EXE

Remote address:

52.1.61.109:443

Request

GET /ts?p=prod.error404.internet%2520explorer.11-0.IN&t.app-did-mount=2597.4865&t.app-init-end=2903.4865&t.app-init-start=2413.0865&t.ttfb=1 HTTP/2.0
host: f-log-test.grammarly.io
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:49 GMT
content-length: 0
access-control-allow-headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
access-control-allow-headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-allow-origin: *
content-security-policy: default-src 'none'
content-security-policy: default-src 'none'
referrer-policy: no-referrer
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-content-type-options: nosniff
x-frame-options: DENY
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-xss-protection: 1;mode=block
GET

https://f-log-test.grammarly.io/ts?p=prod.error404.internet%2520explorer&c.uncaughtError=1

IEXPLORE.EXE

Remote address:

52.1.61.109:443

Request

GET /ts?p=prod.error404.internet%2520explorer&c.uncaughtError=1 HTTP/2.0
host: f-log-test.grammarly.io
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:51 GMT
content-length: 0
access-control-allow-headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
access-control-allow-headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-allow-origin: *
content-security-policy: default-src 'none'
content-security-policy: default-src 'none'
referrer-policy: no-referrer
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-content-type-options: nosniff
x-frame-options: DENY
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-xss-protection: 1;mode=block
GET

https://f-log-test.grammarly.io/ts?p=prod.error404.internet%2520explorer&c.uncaughtError=1

IEXPLORE.EXE

Remote address:

52.1.61.109:443

Request

GET /ts?p=prod.error404.internet%2520explorer&c.uncaughtError=1 HTTP/2.0
host: f-log-test.grammarly.io
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:51 GMT
content-length: 0
access-control-allow-headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
access-control-allow-headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-allow-origin: *
content-security-policy: default-src 'none'
content-security-policy: default-src 'none'
referrer-policy: no-referrer
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-content-type-options: nosniff
x-frame-options: DENY
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-xss-protection: 1;mode=block
GET

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

IEXPLORE.EXE

Remote address:

172.64.144.98:443

Request

GET /cookieconsentpub/v1/geo/location HTTP/2.0
host: geolocation.onetrust.com
accept: application/json
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:49 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7a85a3c03a8b0bcb-AMS
content-encoding: gzip
GET

http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAeiswKB0mzix3YNZYvDguQ%3D

IEXPLORE.EXE

Remote address:

18.65.32.234:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAeiswKB0mzix3YNZYvDguQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.r2m02.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Last-Modified: Tue, 14 Mar 2023 16:36:50 GMT
Server: ECAcc (frc/4CB4)
Cache-Control: max-age=99061
Date: Wed, 15 Mar 2023 13:05:51 GMT
Expires: Thu, 16 Mar 2023 16:36:52 GMT
ETag: "6410a2a2-1d7"
X-Cache: Hit from cloudfront
Via: 1.1 4ab1227a56c7dfaf7a8f7750683df1be.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-P1
X-Amz-Cf-Id: 6nmZMPm_Z2kNCthlr6UH54pn-WwhNiDCpfpKkhqYAsfW4kGKUsUBcg==
Age: 7018
GET

http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEA3FU0FUe3KQSDlXezEJT%2Fw%3D

IEXPLORE.EXE

Remote address:

18.65.32.234:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEA3FU0FUe3KQSDlXezEJT%2Fw%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.r2m02.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Last-Modified: Wed, 15 Mar 2023 07:09:04 GMT
Server: ECAcc (frc/4CC9)
Date: Wed, 15 Mar 2023 11:15:20 GMT
Cache-Control: max-age=141002
ETag: "64112c77-1d7"
Expires: Fri, 17 Mar 2023 02:24:57 GMT
X-Cache: Hit from cloudfront
Via: 1.1 4ab1227a56c7dfaf7a8f7750683df1be.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-P1
X-Amz-Cf-Id: mKq0ElVh893yt8Q7g-EIFnq_eSxioUZb4PsYwS0lnJ5jtJ-Fifno3w==
Age: 13676
GET

http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAfrzp4T%2FCf%2FcMZzWJWsAyE%3D

IEXPLORE.EXE

Remote address:

18.65.32.234:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAfrzp4T%2FCf%2FcMZzWJWsAyE%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.r2m02.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 15 Mar 2023 11:18:08 GMT
Last-Modified: Wed, 15 Mar 2023 11:13:58 GMT
Server: ECAcc (amb/6B17)
X-Cache: Hit from cloudfront
Via: 1.1 4ab1227a56c7dfaf7a8f7750683df1be.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-P1
X-Amz-Cf-Id: kfVs8Q0XuPHyzI3WKpEVTWMZFCjbRzSEwsQKqzlhuvpjEn0QuHUEAQ==
Age: 13733
GET

http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAf%2BMPsxcsnDtCfMRMwOVxM%3D

IEXPLORE.EXE

Remote address:

18.65.32.234:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAf%2BMPsxcsnDtCfMRMwOVxM%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.r2m02.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Server: ECAcc (amb/6AF5)
Cache-Control: max-age=103737
Date: Wed, 15 Mar 2023 12:18:34 GMT
Expires: Thu, 16 Mar 2023 17:07:31 GMT
ETag: "6410a9d3-1d7"
X-Cache: Hit from cloudfront
Via: 1.1 4ab1227a56c7dfaf7a8f7750683df1be.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-P1
X-Amz-Cf-Id: rYLOGLldYzenqZXO2rX1iUng9X7EQ0pW-iEHrcRgnGePrY57blzbfw==
Age: 9857
GET

http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEA3FU0FUe3KQSDlXezEJT%2Fw%3D

IEXPLORE.EXE

Remote address:

18.65.32.234:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEA3FU0FUe3KQSDlXezEJT%2Fw%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.r2m02.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Last-Modified: Wed, 15 Mar 2023 07:09:04 GMT
Server: ECAcc (frc/4CC9)
Date: Wed, 15 Mar 2023 11:15:20 GMT
Cache-Control: max-age=141002
ETag: "64112c77-1d7"
Expires: Fri, 17 Mar 2023 02:24:57 GMT
X-Cache: Hit from cloudfront
Via: 1.1 29676c2ee539645954aa742bde1ce894.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-P1
X-Amz-Cf-Id: bAVf3gNGNtXaY-3Cq3KmKuu9B8EozxXzcZPi9TF6QcOgXWVijQSoxw==
Age: 13676
GET

http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAf%2BMPsxcsnDtCfMRMwOVxM%3D

IEXPLORE.EXE

Remote address:

18.65.32.234:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAf%2BMPsxcsnDtCfMRMwOVxM%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.r2m02.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Server: ECAcc (amb/6AF5)
Cache-Control: max-age=103737
Date: Wed, 15 Mar 2023 12:18:34 GMT
Expires: Thu, 16 Mar 2023 17:07:31 GMT
ETag: "6410a9d3-1d7"
X-Cache: Hit from cloudfront
Via: 1.1 29676c2ee539645954aa742bde1ce894.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-P1
X-Amz-Cf-Id: 2ciZlF3M_8RPuvAvNHUEF0q9iPaHGVvebMg_Z56qWzqhxsJ3Ea8Keg==
Age: 9857
DNS

67.55.52.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.55.52.23.in-addr.arpa

IN PTR

Response

67.55.52.23.in-addr.arpa

IN PTR

a23-52-55-67deploystaticakamaitechnologiescom
DNS

67.55.52.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.55.52.23.in-addr.arpa

IN PTR

Response

67.55.52.23.in-addr.arpa

IN PTR

a23-52-55-67deploystaticakamaitechnologiescom
DNS

5.71.84.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

5.71.84.54.in-addr.arpa

IN PTR

Response

5.71.84.54.in-addr.arpa

IN PTR

ec2-54-84-71-5 compute-1 amazonawscom
DNS

5.71.84.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

5.71.84.54.in-addr.arpa

IN PTR

Response

5.71.84.54.in-addr.arpa

IN PTR

ec2-54-84-71-5 compute-1 amazonawscom
DNS

9.175.53.84.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.175.53.84.in-addr.arpa

IN PTR

Response

9.175.53.84.in-addr.arpa

IN PTR

a84-53-175-9deploystaticakamaitechnologiescom
DNS

9.175.53.84.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.175.53.84.in-addr.arpa

IN PTR

Response

9.175.53.84.in-addr.arpa

IN PTR

a84-53-175-9deploystaticakamaitechnologiescom
DNS

246.158.216.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

246.158.216.3.in-addr.arpa

IN PTR

Response

246.158.216.3.in-addr.arpa

IN PTR

ec2-3-216-158-246 compute-1 amazonawscom
DNS

246.158.216.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

246.158.216.3.in-addr.arpa

IN PTR

Response

246.158.216.3.in-addr.arpa

IN PTR

ec2-3-216-158-246 compute-1 amazonawscom
DNS

98.144.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

98.144.64.172.in-addr.arpa

IN PTR

Response
DNS

98.144.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

98.144.64.172.in-addr.arpa

IN PTR

Response
DNS

109.61.1.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

109.61.1.52.in-addr.arpa

IN PTR

Response

109.61.1.52.in-addr.arpa

IN PTR

ec2-52-1-61-109 compute-1 amazonawscom
DNS

109.61.1.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

109.61.1.52.in-addr.arpa

IN PTR

Response

109.61.1.52.in-addr.arpa

IN PTR

ec2-52-1-61-109 compute-1 amazonawscom
DNS

stats.g.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

stats.g.doubleclick.net

IN A

Response

stats.g.doubleclick.net

IN A

142.250.102.154

stats.g.doubleclick.net

IN A

142.250.102.155

stats.g.doubleclick.net

IN A

142.250.102.157

stats.g.doubleclick.net

IN A

142.250.102.156
DNS

stats.g.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

stats.g.doubleclick.net

IN A

Response

stats.g.doubleclick.net

IN A

142.250.102.157

stats.g.doubleclick.net

IN A

142.250.102.154

stats.g.doubleclick.net

IN A

142.250.102.156

stats.g.doubleclick.net

IN A

142.250.102.155
DNS

q.quora.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

q.quora.com

IN A

Response

q.quora.com

IN A

34.232.31.155

q.quora.com

IN A

23.20.85.144

q.quora.com

IN A

54.209.227.7

q.quora.com

IN A

18.232.20.22

q.quora.com

IN A

52.0.8.169

q.quora.com

IN A

3.209.34.109

q.quora.com

IN A

54.87.222.150
DNS

q.quora.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

q.quora.com

IN A

Response

q.quora.com

IN A

52.0.8.169

q.quora.com

IN A

54.87.222.150

q.quora.com

IN A

54.209.227.7

q.quora.com

IN A

34.232.31.155

q.quora.com

IN A

23.20.85.144

q.quora.com

IN A

3.209.34.109

q.quora.com

IN A

18.232.20.22
POST

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-6331378-16&cid=349171042.1678896169&jid=884347075&gjid=1076967261&_gid=58853605.1678896169&_u=aGBAgEYQAAAAAEgAI~&z=54064273

IEXPLORE.EXE

Remote address:

142.250.102.154:443

Request

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-6331378-16&cid=349171042.1678896169&jid=884347075&gjid=1076967261&_gid=58853605.1678896169&_u=aGBAgEYQAAAAAEgAI~&z=54064273 HTTP/2.0
host: stats.g.doubleclick.net
accept: */*
content-type: text/plain
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 0
cache-control: no-cache

Response

HTTP/2.0 200

access-control-allow-origin: https://www.grammarly.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 15 Mar 2023 15:02:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://stats.g.doubleclick.net/g/collect?v=2&tid=G-CBK9K2ZWWE&cid=349171042.1678896169&gtm=45je33d0&aip=1

IEXPLORE.EXE

Remote address:

142.250.102.154:443

Request

GET /g/collect?v=2&tid=G-CBK9K2ZWWE&cid=349171042.1678896169&gtm=45je33d0&aip=1 HTTP/2.0
host: stats.g.doubleclick.net
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: test_cookie=CheckForPermission

Response

HTTP/2.0 204

access-control-allow-origin: *
date: Wed, 15 Mar 2023 15:02:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

googleads.g.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.250.179.130
DNS

googleads.g.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.250.179.194
DNS

snap.licdn.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

snap.licdn.com

IN A

Response

snap.licdn.com

IN CNAME

od.linkedin.edgesuite.net

od.linkedin.edgesuite.net

IN CNAME

a1916.dscg2.akamai.net

a1916.dscg2.akamai.net

IN A

23.32.238.152

a1916.dscg2.akamai.net

IN A

23.32.238.144
DNS

static.ads-twitter.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.ads-twitter.com

IN A

Response

static.ads-twitter.com

IN CNAME

platform.twitter.map.fastly.net

platform.twitter.map.fastly.net

IN A

151.101.60.157
DNS

static.ads-twitter.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.ads-twitter.com

IN A

Response

static.ads-twitter.com

IN CNAME

platform.twitter.map.fastly.net

platform.twitter.map.fastly.net

IN A

151.101.60.157
DNS

i.geistm.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i.geistm.com

IN A

Response

i.geistm.com

IN A

18.208.121.3

i.geistm.com

IN A

52.73.149.107
DNS

i.geistm.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i.geistm.com

IN A

Response

i.geistm.com

IN A

18.208.121.3

i.geistm.com

IN A

52.73.149.107
GET

https://q.quora.com/_/ad/87aec589ac364d478f819f2ef53afe3a/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.grammarly.com%2F--

IEXPLORE.EXE

Remote address:

34.232.31.155:443

Request

GET /_/ad/87aec589ac364d478f819f2ef53afe3a/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.grammarly.com%2F-- HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Referer: https://www.grammarly.com/--
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: q.quora.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: image/gif
Date: Wed, 15 Mar 2023 15:02:50 GMT
Server: nginx
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Q-Stat: ,ddbd428898300a9a82d7b1c36a4ee7bc,10.0.0.28,59738,154.61.71.13,,109995039051,1,1678892570.864,0.002,,.,0,0,0.000,0.004,-,0,0,197,171,85,10,34729,,,,,,-,
Content-Length: 43
Connection: keep-alive
DNS

cdn.taboola.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdn.taboola.com

IN A

Response

cdn.taboola.com

IN CNAME

tls13.taboola.map.fastly.net

tls13.taboola.map.fastly.net

IN A

151.101.1.44

tls13.taboola.map.fastly.net

IN A

151.101.65.44

tls13.taboola.map.fastly.net

IN A

151.101.129.44

tls13.taboola.map.fastly.net

IN A

151.101.193.44
DNS

11910764.fls.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

11910764.fls.doubleclick.net

IN A

Response

11910764.fls.doubleclick.net

IN CNAME

dart.l.doubleclick.net

dart.l.doubleclick.net

IN A

142.250.179.134
DNS

11910764.fls.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

11910764.fls.doubleclick.net

IN A

Response

11910764.fls.doubleclick.net

IN CNAME

dart.l.doubleclick.net

dart.l.doubleclick.net

IN A

142.250.179.134
DNS

www.redditstatic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.redditstatic.com

IN A

Response

www.redditstatic.com

IN CNAME

dualstack.reddit.map.fastly.net

dualstack.reddit.map.fastly.net

IN A

151.101.1.140

dualstack.reddit.map.fastly.net

IN A

151.101.65.140

dualstack.reddit.map.fastly.net

IN A

151.101.129.140

dualstack.reddit.map.fastly.net

IN A

151.101.193.140
DNS

www.redditstatic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.redditstatic.com

IN A

Response

www.redditstatic.com

IN CNAME

dualstack.reddit.map.fastly.net

dualstack.reddit.map.fastly.net

IN A

151.101.1.140

dualstack.reddit.map.fastly.net

IN A

151.101.65.140

dualstack.reddit.map.fastly.net

IN A

151.101.129.140

dualstack.reddit.map.fastly.net

IN A

151.101.193.140
GET

https://snap.licdn.com/li.lms-analytics/insight.min.js

IEXPLORE.EXE

Remote address:

23.32.238.152:443

Request

GET /li.lms-analytics/insight.min.js HTTP/2.0
host: snap.licdn.com
accept: application/javascript, */*;q=0.8
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

last-modified: Tue, 10 Jan 2023 17:22:56 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=53603
date: Wed, 15 Mar 2023 15:02:50 GMT
content-length: 4777
x-content-type-options: nosniff
x-cdn: AKAM
GET

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/956476927/?random=1678896168820&cv=11&fst=1678896168820&bg=ffffff&guid=ON&async=1&gtm=45He33d0&u_w=1280&u_h=720&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.grammarly.com%2F--&tiba=Page%20not%20found%20%7C%20Grammarly&auid=1719944168.1678896169&rfmt=3&fmt=4

IEXPLORE.EXE

Remote address:

142.250.179.130:443

Request

GET /pagead/viewthroughconversion/956476927/?random=1678896168820&cv=11&fst=1678896168820&bg=ffffff&guid=ON&async=1&gtm=45He33d0&u_w=1280&u_h=720&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.grammarly.com%2F--&tiba=Page%20not%20found%20%7C%20Grammarly&auid=1719944168.1678896169&rfmt=3&fmt=4 HTTP/2.0
host: googleads.g.doubleclick.net
accept: application/javascript, */*;q=0.8
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 15 Mar 2023 15:02:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1256
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 15-Mar-2023 15:17:50 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

p.teads.tv

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

p.teads.tv

IN A

Response

p.teads.tv

IN CNAME

perf.teads.tv.edgekey.net

perf.teads.tv.edgekey.net

IN CNAME

e9957.e4.akamaiedge.net

e9957.e4.akamaiedge.net

IN A

173.223.113.34
DNS

p.teads.tv

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

p.teads.tv

IN A

Response

p.teads.tv

IN CNAME

perf.teads.tv.edgekey.net

perf.teads.tv.edgekey.net

IN CNAME

e9957.e4.akamaiedge.net

e9957.e4.akamaiedge.net

IN A

173.223.113.34
GET

https://static.ads-twitter.com/uwt.js

IEXPLORE.EXE

Remote address:

151.101.60.157:443

Request

GET /uwt.js HTTP/2.0
host: static.ads-twitter.com
accept: application/javascript, */*;q=0.8
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

last-modified: Thu, 27 Oct 2022 15:55:14 GMT
cache-control: no-cache
content-type: application/javascript; charset=utf-8
content-encoding: gzip
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
accept-ranges: bytes
date: Wed, 15 Mar 2023 15:02:50 GMT
x-served-by: cache-iad-kjyo7100040-IAD, cache-lhr7381-LHR
x-cache: HIT, HIT
vary: Accept-Encoding,Host
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
content-length: 15375
GET

https://i.geistm.com/x/GRAM?gtmcb=178180223

IEXPLORE.EXE

Remote address:

18.208.121.3:443

Request

GET /x/GRAM?gtmcb=178180223 HTTP/2.0
host: i.geistm.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:51 GMT
content-type: image/gif
content-length: 43
server: nginx
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type, Accept
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
GET

https://cdn.taboola.com/libtrc/unip/1155799/tfa.js

IEXPLORE.EXE

Remote address:

151.101.1.44:443

Request

GET /libtrc/unip/1155799/tfa.js HTTP/2.0
host: cdn.taboola.com
accept: application/javascript, */*;q=0.8
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

x-amz-id-2: f2xh0LXlzypn6pWiBbyb83bHmTMt3JQpg6JkZz6/bjeR2fzUYbwVbMQkEAeORrgSLAQ18eCL/aA=
x-amz-request-id: QHR9AS5VEPAWQJP4
x-amz-replication-status: PENDING
last-modified: Sun, 12 Mar 2023 11:10:32 GMT
etag: "4304fb27459d68700bcf34eb8979a1f2"
x-amz-server-side-encryption: AES256
x-amz-version-id: C8r6TQN764CoVaduGCsxN5rb_d8aUFDD
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Wed, 15 Mar 2023 15:02:50 GMT
via: 1.1 varnish
age: 57
x-served-by: cache-ams21048-AMS
x-cache: HIT
x-cache-hits: 1
x-timer: S1678892571.692333,VS0,VE1
cache-control: private,max-age=14401
vary: Accept-Encoding
abp: 68
access-control-allow-origin: *
content-length: 18165
DNS

bat.bing.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

bat.bing.com

IN A

Response

bat.bing.com

IN CNAME

bat-bing-com.a-0001.a-msedge.net

bat-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

bat.bing.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

bat.bing.com

IN A

Response

bat.bing.com

IN CNAME

bat-bing-com.a-0001.a-msedge.net

bat-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

www.facebook.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.221.35
DNS

www.facebook.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.221.35
GET

https://www.redditstatic.com/ads/pixel.js

IEXPLORE.EXE

Remote address:

151.101.1.140:443

Request

GET /ads/pixel.js HTTP/2.0
host: www.redditstatic.com
accept: application/javascript, */*;q=0.8
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

last-modified: Mon, 23 Jan 2023 21:56:14 GMT
etag: "03d5db9dfd00a5719bb4c9261e6fa1bb"
cache-control: public, max-age=60
content-encoding: gzip
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 15 Mar 2023 15:02:50 GMT
vary: Accept-Encoding,Origin
server: snooserv
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-length: 7356
GET

https://11910764.fls.doubleclick.net/activityi;src=11910764;type=gramm0;cat=gramm0;ord=6751340060560;gtm=45He33d0;auiddc=1719944168.1678896169;~oref=https%3A%2F%2Fwww.grammarly.com%2F--?

IEXPLORE.EXE

Remote address:

142.250.179.134:443

Request

GET /activityi;src=11910764;type=gramm0;cat=gramm0;ord=6751340060560;gtm=45He33d0;auiddc=1719944168.1678896169;~oref=https%3A%2F%2Fwww.grammarly.com%2F--? HTTP/2.0
host: 11910764.fls.doubleclick.net
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 15 Mar 2023 15:02:50 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 349
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 15-Mar-2023 15:17:50 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://11910764.fls.doubleclick.net/ddm/fls/r/src=11910764;type=gramm0;cat=gramm0;ord=6751340060560;gtm=45He33d0;auiddc=1719944168.1678896169;~oref=https%3A%2F%2Fwww.grammarly.com%2F--

IEXPLORE.EXE

Remote address:

142.250.179.134:443

Request

GET /ddm/fls/r/src=11910764;type=gramm0;cat=gramm0;ord=6751340060560;gtm=45He33d0;auiddc=1719944168.1678896169;~oref=https%3A%2F%2Fwww.grammarly.com%2F-- HTTP/2.0
host: 11910764.fls.doubleclick.net
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://11910764.fls.doubleclick.net/activityi;src=11910764;type=gramm0;cat=gramm0;ord=6751340060560;gtm=45He33d0;auiddc=1719944168.1678896169;~oref=https%3A%2F%2Fwww.grammarly.com%2F--?
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: test_cookie=CheckForPermission

Response

HTTP/2.0 200

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 15 Mar 2023 15:02:51 GMT
expires: Wed, 15 Mar 2023 15:02:51 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 379
x-xss-protection: 0
set-cookie: IDE=AHWqTUlBrKa0T0OBPyR0T9GCyV_ylWC0F3Zsp8KVptLKv2MA3lnpdVMEaNMtGXwb8yw; expires=Fri, 14-Mar-2025 15:02:51 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
set-cookie: test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://p.teads.tv/teads-fellow.js

IEXPLORE.EXE

Remote address:

173.223.113.34:443

Request

GET /teads-fellow.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.grammarly.com/--
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: p.teads.tv
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

x-amz-id-2: Q44naSXIAXmxDawiaq2Idzb57WiYm5d1qV0Y6QVu6OJKpJIzp3FxvtKze0KOyAXsy+ZZBtE/hRU=
x-amz-request-id: A2JSZCBXFSC8CGTP
Last-Modified: Mon, 13 Mar 2023 09:07:17 GMT
ETag: "28974861fce04960e5bdeed29fdebed3"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=209
Date: Wed, 15 Mar 2023 15:02:50 GMT
Content-Length: 6430
Connection: keep-alive
GET

https://bat.bing.com/bat.js

IEXPLORE.EXE

Remote address:

204.79.197.200:443

Request

GET /bat.js HTTP/2.0
host: bat.bing.com
accept: application/javascript, */*;q=0.8
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

cache-control: private,max-age=1800
content-length: 11894
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 16 Feb 2023 18:31:53 GMT
accept-ranges: bytes
etag: "8072cff03442d91:0"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8060C9FC48F6477C866CDB688072F259 Ref B: AMS04EDGE3108 Ref C: 2023-03-15T15:02:51Z
date: Wed, 15 Mar 2023 15:02:50 GMT
GET

https://bat.bing.com/p/action/4001981.js

IEXPLORE.EXE

Remote address:

204.79.197.200:443

Request

GET /p/action/4001981.js HTTP/2.0
host: bat.bing.com
accept: application/javascript, */*;q=0.8
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=327781CDCF1A67AB0FD69318CE12666A; domain=.bing.com; expires=Mon, 08-Apr-2024 15:02:51 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8D845DE747514A90A923C3DD3D2B2D8A Ref B: AMS04EDGE3108 Ref C: 2023-03-15T15:02:51Z
date: Wed, 15 Mar 2023 15:02:50 GMT
GET

https://bat.bing.com/action/0?ti=4001981&Ver=2&mid=f52b6dec-5a03-447c-aa09-bfd8a9b609d0&sid=d5ab1c40c34a11ed824501a20a4408eb&vid=d5ab8e20c34a11ed9c451b585095e3e1&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=720&sc=24&tl=Page%20not%20found%20%7C%20Grammarly&p=https%3A%2F%2Fwww.grammarly.com%2F--&r=&lt=2877&evt=pageLoad&sv=1&rn=355809

IEXPLORE.EXE

Remote address:

204.79.197.200:443

Request

GET /action/0?ti=4001981&Ver=2&mid=f52b6dec-5a03-447c-aa09-bfd8a9b609d0&sid=d5ab1c40c34a11ed824501a20a4408eb&vid=d5ab8e20c34a11ed9c451b585095e3e1&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=720&sc=24&tl=Page%20not%20found%20%7C%20Grammarly&p=https%3A%2F%2Fwww.grammarly.com%2F--&r=&lt=2877&evt=pageLoad&sv=1&rn=355809 HTTP/2.0
host: bat.bing.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 204

cache-control: private,max-age=1800
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 00136ACBF5E54274A66482D753367830 Ref B: AMS04EDGE3108 Ref C: 2023-03-15T15:02:51Z
date: Wed, 15 Mar 2023 15:02:50 GMT
DNS

u.fg8dgt.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

u.fg8dgt.com

IN A

Response

u.fg8dgt.com

IN CNAME

u.fastg8.iponweb.net

u.fastg8.iponweb.net

IN CNAME

fastg8.pool.iponweb.net

fastg8.pool.iponweb.net

IN A

35.212.132.154
DNS

u.fg8dgt.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

u.fg8dgt.com

IN A

Response

u.fg8dgt.com

IN CNAME

u.fastg8.iponweb.net

u.fastg8.iponweb.net

IN CNAME

fastg8.pool.iponweb.net

fastg8.pool.iponweb.net

IN A

35.212.132.154
GET

https://www.facebook.com/tr?id=828127113879905&ev=PageView&noscript=1

IEXPLORE.EXE

Remote address:

157.240.221.35:443

Request

GET /tr?id=828127113879905&ev=PageView&noscript=1 HTTP/2.0
host: www.facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Wed, 15 Mar 2023 15:02:51 GMT
DNS

adresults-19-adswizz.attribution.adswizz.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

adresults-19-adswizz.attribution.adswizz.com

IN A

Response

adresults-19-adswizz.attribution.adswizz.com

IN CNAME

attribution.eks.adswizz.com

attribution.eks.adswizz.com

IN A

54.75.24.234

attribution.eks.adswizz.com

IN A

54.76.221.93

attribution.eks.adswizz.com

IN A

54.76.251.139
DNS

data.adxcel-ec2.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

data.adxcel-ec2.com

IN A

Response

data.adxcel-ec2.com

IN A

52.54.98.146

data.adxcel-ec2.com

IN A

54.85.11.63

data.adxcel-ec2.com

IN A

52.54.206.209

data.adxcel-ec2.com

IN A

54.210.54.178
DNS

cdn.pdst.fm

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdn.pdst.fm

IN A

Response

cdn.pdst.fm

IN A

35.244.142.80
GET

https://u.fg8dgt.com/pixel?type=js&id=368&cb=22808780

IEXPLORE.EXE

Remote address:

35.212.132.154:443

Request

GET /pixel?type=js&id=368&cb=22808780 HTTP/2.0
host: u.fg8dgt.com
accept: application/javascript, */*;q=0.8
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-length: 1195
content-type: text/javascript; charset=UTF-8
date: Wed, 15 Mar 2023 15:02:51 GMT
set-cookie: s=!liveramp,448740171; path=/; expires=Fri, 14-Mar-2025 15:02:51 GMT; domain=fg8dgt.com
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://u.fg8dgt.com/ttdsync?ssp=ttd&tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605

IEXPLORE.EXE

Remote address:

35.212.132.154:443

Request

GET /ttdsync?ssp=ttd&tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605 HTTP/2.0
host: u.fg8dgt.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: s=!liveramp,448740171

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif
date: Wed, 15 Mar 2023 15:02:52 GMT
set-cookie: tuuid=f485b88d-2af6-4918-b245-fb66f08afc22; path=/; expires=Fri, 14-Mar-2025 15:02:52 GMT; domain=fg8dgt.com
set-cookie: c=1678892572; path=/; expires=Fri, 14-Mar-2025 15:02:52 GMT; domain=fg8dgt.com
set-cookie: tuuid_lu=1678892572; path=/; expires=Fri, 14-Mar-2025 15:02:52 GMT; domain=fg8dgt.com
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

ws.zoominfo.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ws.zoominfo.com

IN A

Response

ws.zoominfo.com

IN A

104.16.101.12

ws.zoominfo.com

IN A

104.16.168.82
DNS

collector-21641.us.tvsquared.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

collector-21641.us.tvsquared.com

IN A

Response

collector-21641.us.tvsquared.com

IN CNAME

collectorv.us.tvsquared.com

collectorv.us.tvsquared.com

IN A

3.138.41.239

collectorv.us.tvsquared.com

IN A

3.13.191.48

collectorv.us.tvsquared.com

IN A

3.13.135.56

collectorv.us.tvsquared.com

IN A

3.15.82.75
GET

https://adresults-19-adswizz.attribution.adswizz.com/fire?pixelId=024319d4-d553-4f8d-948b-07eb508c9ef0&type=sitevisit&subtype=PageVisit1&aw_0_req.gdpr=true&redirectURL=aHR0cHM6Ly9waXhlbC50YXBhZC5jb20vaWRzeW5jL2V4L3JlY2VpdmU_cGFydG5lcl9pZD0yOTk0JjwjaWYgcmVxdWVzdC5saXN0ZW5lcklkP21hdGNoZXMoJ1swLTlhLWZdezh9LVswLTlhLWZdezR9LVswLTlhLWZdezR9LVswLTlhLWZdezR9LVswLTlhLWZdezEyfScpPnBhcnRuZXJfdHlwZWRfZGlkPSU3QiUyMkhBUkRXQVJFX0FORFJPSURfQURfSUQlMjIlM0ElMjIke3JlcXVlc3QubGlzdGVuZXJJZH0lMjIlN0Q8I2Vsc2VpZiByZXF1ZXN0Lmxpc3RlbmVySWQ_bWF0Y2hlcygnWzAtOUEtRl17OH0tWzAtOUEtRl17NH0tWzAtOUEtRl17NH0tWzAtOUEtRl17NH0tWzAtOUEtRl17MTJ9Jyk-cGFydG5lcl90eXBlZF9kaWQ9JTdCJTIySEFSRFdBUkVfSURGQSUyMiUzQSUyMiR7cmVxdWVzdC5saXN0ZW5lcklkfSUyMiU3RDwjZWxzZT5wYXJ0bmVyX2RldmljZV9pZD0ke3JlcXVlc3QubGlzdGVuZXJJZCF9PC8jaWY-Cg

IEXPLORE.EXE

Remote address:

54.75.24.234:443

Request

GET /fire?pixelId=024319d4-d553-4f8d-948b-07eb508c9ef0&type=sitevisit&subtype=PageVisit1&aw_0_req.gdpr=true&redirectURL=aHR0cHM6Ly9waXhlbC50YXBhZC5jb20vaWRzeW5jL2V4L3JlY2VpdmU_cGFydG5lcl9pZD0yOTk0JjwjaWYgcmVxdWVzdC5saXN0ZW5lcklkP21hdGNoZXMoJ1swLTlhLWZdezh9LVswLTlhLWZdezR9LVswLTlhLWZdezR9LVswLTlhLWZdezR9LVswLTlhLWZdezEyfScpPnBhcnRuZXJfdHlwZWRfZGlkPSU3QiUyMkhBUkRXQVJFX0FORFJPSURfQURfSUQlMjIlM0ElMjIke3JlcXVlc3QubGlzdGVuZXJJZH0lMjIlN0Q8I2Vsc2VpZiByZXF1ZXN0Lmxpc3RlbmVySWQ_bWF0Y2hlcygnWzAtOUEtRl17OH0tWzAtOUEtRl17NH0tWzAtOUEtRl17NH0tWzAtOUEtRl17NH0tWzAtOUEtRl17MTJ9Jyk-cGFydG5lcl90eXBlZF9kaWQ9JTdCJTIySEFSRFdBUkVfSURGQSUyMiUzQSUyMiR7cmVxdWVzdC5saXN0ZW5lcklkfSUyMiU3RDwjZWxzZT5wYXJ0bmVyX2RldmljZV9pZD0ke3JlcXVlc3QubGlzdGVuZXJJZCF9PC8jaWY-Cg HTTP/2.0
host: adresults-19-adswizz.attribution.adswizz.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 302

date: Wed, 15 Mar 2023 15:02:50 GMT
content-length: 0
location: https://pixel.tapad.com/idsync/ex/receive?partner_id=2994&partner_device_id=bbb0b3a3872b2c4b2b1a8e9a4faa7511
x-envoy-upstream-service-time: 11
server: istio-envoy
GET

https://cdn.pdst.fm/ping.min.js

IEXPLORE.EXE

Remote address:

35.244.142.80:443

Request

GET /ping.min.js HTTP/2.0
host: cdn.pdst.fm
accept: application/javascript, */*;q=0.8
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

x-guploader-uploadid: ADPycdtXKS3xUsXc-J9vt6bAhXf8hZ_4SZ8rdVNXwoEwMEX5AVHkMeXC57WRlStEPISb2lNYzepbEm3jnMlPu1Q5TAyWy8EB_w19
x-goog-generation: 1622234043862937
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 5774
content-encoding: gzip
x-goog-hash: crc32c=oKoi/w==
x-goog-hash: md5=0AHRyfWpQvpVJO6ssEfoGQ==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
content-length: 5774
access-control-allow-origin: *
access-control-expose-headers: Content-Type
server: UploadServer
date: Wed, 15 Mar 2023 14:16:34 GMT
expires: Wed, 15 Mar 2023 15:16:34 GMT
cache-control: public, max-age=3600
age: 2777
last-modified: Fri, 28 May 2021 20:34:03 GMT
etag: "d001d1c9f5a942fa5524eeacb047e819"
content-type: application/javascript;
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ws.zoominfo.com/pixel/62264a4323a597001cd9312d

IEXPLORE.EXE

Remote address:

104.16.101.12:443

Request

GET /pixel/62264a4323a597001cd9312d HTTP/2.0
host: ws.zoominfo.com
accept: application/javascript, */*;q=0.8
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:50 GMT
content-type: text/javascript
vary: Accept-Encoding
x-powered-by: Express
x-content-type-options: nosniff
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type
access-control-allow-credentials: true
access-control-allow-origin: *
set-cookie: visitorId=0e1381dbc997aeb07070cc91b0c880b2fde527c480e356fd63433685d88a54ed; Max-Age=31536000; Domain=ws.zoominfo.com; Path=/; Expires=Thu, 14 Mar 2024 15:02:50 GMT; Secure; SameSite=None
content-encoding: gzip
via: 1.1 google
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=E9KFlVZmpz0wIkzya23loMd_cKox8EaerMlBcKE3Gx0-1678892570-0-AWjatYys7nYYDuoakvZsa17qdPjJsjR5FjfHphHPcds5LQKvKzBiRoqEBYMiNWmq+wP/jgutbBTdBgWSIn/yXOc=; path=/; expires=Wed, 15-Mar-23 15:32:50 GMT; domain=.zoominfo.com; HttpOnly; Secure; SameSite=None
set-cookie: _cfuvid=.oVQVp8b4.SEzW14gr3.mQBECQ2krXJ1M48WwAaz6Qc-1678892570982-0-604800000; path=/; domain=.zoominfo.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7a85a3c78aa2b8e5-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://data.adxcel-ec2.com/pixel/?ad_log=referer&action=lead&pixid=52b11b79-9426-44db-b03d-b2ba4122285f

IEXPLORE.EXE

Remote address:

52.54.98.146:443

Request

GET /pixel/?ad_log=referer&action=lead&pixid=52b11b79-9426-44db-b03d-b2ba4122285f HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Referer: https://www.grammarly.com/--
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: data.adxcel-ec2.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
GET

https://collector-21641.us.tvsquared.com/tv2track.js

IEXPLORE.EXE

Remote address:

3.138.41.239:443

Request

GET /tv2track.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.grammarly.com/--
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: collector-21641.us.tvsquared.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Cache-Control: max-age=600
Content-Encoding: gzip
Content-Type: application/javascript
Date: Wed, 15 Mar 2023 15:02:51 GMT
ETag: "639c4b07-2133"
Expires: Wed, 15 Mar 2023 15:12:51 GMT
Last-Modified: Fri, 16 Dec 2022 10:40:07 GMT
Server: nginx
X-Robots-Tag: noindex
Content-Length: 8499
Connection: keep-alive
GET

https://collector-21641.us.tvsquared.com/tv2track.php?action_name=Page%20not%20found%20%7C%20Grammarly&idsite=TV-7281365481-1&rec=1&r=027492&h=16&m=2&s=49&url=https%3A%2F%2Fwww.grammarly.com%2F--&_id=b1385fae57031674&_idts=1678896170&_idvc=0&_idn=1&_viewts=&java=1&cookie=1&res=1280x720&gt_ms=195

IEXPLORE.EXE

Remote address:

3.138.41.239:443

Request

GET /tv2track.php?action_name=Page%20not%20found%20%7C%20Grammarly&idsite=TV-7281365481-1&rec=1&r=027492&h=16&m=2&s=49&url=https%3A%2F%2Fwww.grammarly.com%2F--&_id=b1385fae57031674&_idts=1678896170&_idvc=0&_idn=1&_viewts=&java=1&cookie=1&res=1280x720&gt_ms=195 HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Referer: https://www.grammarly.com/--
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: collector-21641.us.tvsquared.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: image/gif
Date: Wed, 15 Mar 2023 15:02:51 GMT
P3p: CP='OTI DSP COR NID STP UNI OTPa OUR'
Request-Id: 7b649e98-78a6-40f3-adc3-04fd302f9179
Server: nginx
Content-Length: 42
Connection: keep-alive
DNS

js.adsrvr.org

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

js.adsrvr.org

IN A

Response

js.adsrvr.org

IN CNAME

dg2iu7dxxehbo.cloudfront.net

dg2iu7dxxehbo.cloudfront.net

IN A

13.227.222.181
DNS

js.adsrvr.org

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

js.adsrvr.org

IN A

Response

js.adsrvr.org

IN CNAME

dg2iu7dxxehbo.cloudfront.net

dg2iu7dxxehbo.cloudfront.net

IN A

13.227.222.181
DNS

tag.segmetrics.io

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

tag.segmetrics.io

IN A

Response

tag.segmetrics.io

IN CNAME

d1kepy6iv6zyfy.cloudfront.net

d1kepy6iv6zyfy.cloudfront.net

IN A

18.65.39.109

d1kepy6iv6zyfy.cloudfront.net

IN A

18.65.39.84

d1kepy6iv6zyfy.cloudfront.net

IN A

18.65.39.44

d1kepy6iv6zyfy.cloudfront.net

IN A

18.65.39.123
DNS

tag.segmetrics.io

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

tag.segmetrics.io

IN A

Response

tag.segmetrics.io

IN CNAME

d1kepy6iv6zyfy.cloudfront.net

d1kepy6iv6zyfy.cloudfront.net

IN A

18.65.39.109

d1kepy6iv6zyfy.cloudfront.net

IN A

18.65.39.84

d1kepy6iv6zyfy.cloudfront.net

IN A

18.65.39.44

d1kepy6iv6zyfy.cloudfront.net

IN A

18.65.39.123
DNS

px.adentifi.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

px.adentifi.com

IN A

Response

px.adentifi.com

IN A

23.23.235.15

px.adentifi.com

IN A

34.201.238.83

px.adentifi.com

IN A

54.85.216.131

px.adentifi.com

IN A

34.233.244.186

px.adentifi.com

IN A

52.207.206.215

px.adentifi.com

IN A

52.200.85.122

px.adentifi.com

IN A

52.54.66.175

px.adentifi.com

IN A

34.237.115.206
DNS

px.adentifi.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

px.adentifi.com

IN A

Response

px.adentifi.com

IN A

23.23.235.15

px.adentifi.com

IN A

34.201.238.83

px.adentifi.com

IN A

54.85.216.131

px.adentifi.com

IN A

34.233.244.186

px.adentifi.com

IN A

52.207.206.215

px.adentifi.com

IN A

52.200.85.122

px.adentifi.com

IN A

52.54.66.175

px.adentifi.com

IN A

34.237.115.206
GET

https://js.adsrvr.org/up_loader.1.1.0.js

IEXPLORE.EXE

Remote address:

13.227.222.181:443

Request

GET /up_loader.1.1.0.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.grammarly.com/--
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: js.adsrvr.org
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
Content-Encoding: gzip
Date: Wed, 15 Mar 2023 03:07:34 GMT
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 2dc050ab05a5052054de7d000d6c5f50.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS54-C1
X-Amz-Cf-Id: vQf6EDsYoJzxX6na4TefH0MT9u9UBNIy5Ikf5zarb7-BM9618KmsVQ==
Age: 42918
GET

https://js.adsrvr.org/universal_pixel.1.1.0.js

IEXPLORE.EXE

Remote address:

13.227.222.181:443

Request

GET /universal_pixel.1.1.0.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://match.adsrvr.org/track/upb/?adv=h4ebcn2&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k03oi77&upv=1.1.0&OrderCost=undefined
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: js.adsrvr.org
Connection: Keep-Alive
Cookie: TDID=8b0e2d67-0720-4681-b24b-b03fab0a6605; TDCPM=CAEYBSgCMgsIwoPjx6Lc0jsQBTgB

Response

HTTP/1.1 200 OK

Content-Type: application/x-javascript
Content-Length: 487
Connection: keep-alive
Last-Modified: Thu, 24 Sep 2020 15:15:32 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Wed, 15 Mar 2023 00:21:11 GMT
ETag: "f0a7a3296da7382ce6bc1a3b6769e927"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 2dc050ab05a5052054de7d000d6c5f50.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS54-C1
X-Amz-Cf-Id: KtsIAH3hoxf_uYsEQkYKxDxqS5zO-WqH3s137a82jfgLujSsU9UI5A==
Age: 52901
GET

https://tag.segmetrics.io/aZBxp9.js

IEXPLORE.EXE

Remote address:

18.65.39.109:443

Request

GET /aZBxp9.js HTTP/2.0
host: tag.segmetrics.io
accept: application/javascript, */*;q=0.8
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 403

content-type: application/xml
date: Wed, 15 Mar 2023 15:02:49 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 5de5e66003332bec09dff893114ac06c.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: KnpdymIeR_gaLh86sh94OrnQHIE9VYBZ2MRvmSF2U5fLCmVeCOtO7w==
DNS

s.yimg.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

s.yimg.com

IN A

Response

s.yimg.com

IN CNAME

edge.gycpi.b.yahoodns.net

edge.gycpi.b.yahoodns.net

IN A

87.248.114.11

edge.gycpi.b.yahoodns.net

IN A

87.248.114.12
DNS

s.yimg.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

s.yimg.com

IN A

Response

s.yimg.com

IN CNAME

edge.gycpi.b.yahoodns.net

edge.gycpi.b.yahoodns.net

IN A

87.248.114.11

edge.gycpi.b.yahoodns.net

IN A

87.248.114.12
GET

https://px.adentifi.com/Pixels?a_id=7576;uq=649723923;

IEXPLORE.EXE

Remote address:

23.23.235.15:443

Request

GET /Pixels?a_id=7576;uq=649723923; HTTP/2.0
host: px.adentifi.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 302

date: Wed, 15 Mar 2023 15:02:51 GMT
content-type: text/plain
content-length: 0
location: https://rtb.adentifi.com/CookieSyncAdX
set-cookie: adtheorent[cuid]=cuid_74d94f92-c342-11ed-a023-126da42bc963; path=/; domain=.adentifi.com; expires=15 Mar 2025 15:02:51 Z; SameSite=None; Secure; version=1; path=/
set-cookie: adtheorent-legacy[cuid]=cuid_74d94f92-c342-11ed-a023-126da42bc963; path=/; domain=.adentifi.com; expires=15 Mar 2025 15:02:51 Z; Secure; version=1; path=/
GET

https://s.yimg.com/wi/ytc.js

IEXPLORE.EXE

Remote address:

87.248.114.11:443

Request

GET /wi/ytc.js HTTP/2.0
host: s.yimg.com
accept: application/javascript, */*;q=0.8
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

x-amz-id-2: JHLZsnJx+94IQSADO6cGDJlfKbWafDk0WL/VzCYnJAzAdgM08SUvaXQgAc9PVKIHxNv4atDSufo=
x-amz-request-id: B6C2TG4ZYRZ5SBBX
date: Wed, 15 Mar 2023 14:56:12 GMT
last-modified: Tue, 14 Jun 2022 12:21:31 GMT
x-amz-expiration: expiry-date="Thu, 20 Jul 2023 00:00:00 GMT", rule-id="oath-standard-lifecycle"
etag: "6a624022b5d271dcefb070b0b6670abc-df"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=3600
x-amz-version-id: .QD3nDfK79S8_ikLSJXTL23Tdis9tg0C
accept-ranges: bytes
content-type: application/javascript
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin, Accept-Encoding
age: 399
content-encoding: gzip
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
GET

https://s.yimg.com/wi/config/419167.json

IEXPLORE.EXE

Remote address:

87.248.114.11:443

Request

GET /wi/config/419167.json HTTP/2.0
host: s.yimg.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

access-control-allow-origin: *
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: BYC9PBGEV2A7JVGY
x-amz-id-2: n8r1Pk7q++IBgk7sDq7iph6E4yFwN7z6kyFSESFQ6DdMcOAGpXSlxselc9pvUqzt1a653gRCfqg=
content-type: application/json
date: Wed, 15 Mar 2023 14:47:04 GMT
server: ATS
referrer-policy: no-referrer-when-downgrade
cache-control: public,max-age=3600
content-length: 2
age: 947
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
DNS

cdn.linkedin.oribi.io

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdn.linkedin.oribi.io

IN A

Response

cdn.linkedin.oribi.io

IN CNAME

d1ni990a184w7d.cloudfront.net

d1ni990a184w7d.cloudfront.net

IN A

108.156.28.36

d1ni990a184w7d.cloudfront.net

IN A

108.156.28.104

d1ni990a184w7d.cloudfront.net

IN A

108.156.28.58

d1ni990a184w7d.cloudfront.net

IN A

108.156.28.93
DNS

cdn.linkedin.oribi.io

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdn.linkedin.oribi.io

IN A

Response

cdn.linkedin.oribi.io

IN CNAME

d1ni990a184w7d.cloudfront.net

d1ni990a184w7d.cloudfront.net

IN A

108.156.28.36

d1ni990a184w7d.cloudfront.net

IN A

108.156.28.104

d1ni990a184w7d.cloudfront.net

IN A

108.156.28.58

d1ni990a184w7d.cloudfront.net

IN A

108.156.28.93
DNS

px.ads.linkedin.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

px.ads.linkedin.com

IN A

Response

px.ads.linkedin.com

IN CNAME

www.linkedin.com

www.linkedin.com

IN CNAME

www-linkedin-com.l-0005.l-msedge.net

www-linkedin-com.l-0005.l-msedge.net

IN CNAME

l-0005.l-msedge.net

l-0005.l-msedge.net

IN A

13.107.42.14
DNS

px.ads.linkedin.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

px.ads.linkedin.com

IN A

Response

px.ads.linkedin.com

IN CNAME

www.linkedin.com

www.linkedin.com

IN CNAME

www-linkedin-com.l-0005.l-msedge.net

www-linkedin-com.l-0005.l-msedge.net

IN CNAME

l-0005.l-msedge.net

l-0005.l-msedge.net

IN A

13.107.42.14
DNS

t.co

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

t.co

IN A

Response

t.co

IN A

104.244.42.197

t.co

IN A

104.244.42.5

t.co

IN A

104.244.42.69

t.co

IN A

104.244.42.133
DNS

t.co

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

t.co

IN A

Response

t.co

IN A

104.244.42.133
DNS

analytics.twitter.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

analytics.twitter.com

IN A

Response

analytics.twitter.com

IN CNAME

ads.twitter.com

ads.twitter.com

IN CNAME

s.twitter.com

s.twitter.com

IN A

104.244.42.195

s.twitter.com

IN A

104.244.42.131

s.twitter.com

IN A

104.244.42.67

s.twitter.com

IN A

104.244.42.3
DNS

analytics.twitter.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

analytics.twitter.com

IN A

Response

analytics.twitter.com

IN CNAME

ads.twitter.com

ads.twitter.com

IN CNAME

s.twitter.com

s.twitter.com

IN A

104.244.42.195

s.twitter.com

IN A

104.244.42.131

s.twitter.com

IN A

104.244.42.67

s.twitter.com

IN A

104.244.42.3
DNS

alb.reddit.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

alb.reddit.com

IN A

Response

alb.reddit.com

IN CNAME

reddit.map.fastly.net

reddit.map.fastly.net

IN A

151.101.1.140

reddit.map.fastly.net

IN A

151.101.65.140

reddit.map.fastly.net

IN A

151.101.129.140

reddit.map.fastly.net

IN A

151.101.193.140
GET

https://cdn.linkedin.oribi.io/partner/429908/domain/grammarly.com/token

IEXPLORE.EXE

Remote address:

108.156.28.36:443

Request

GET /partner/429908/domain/grammarly.com/token HTTP/2.0
host: cdn.linkedin.oribi.io
accept: *
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

content-type: application/json
date: Wed, 15 Mar 2023 14:37:53 GMT
access-control-allow-origin: *
cache-control: public, max-age=3600
content-encoding: gzip
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 b3d26bb0853726fb30b0576bc254ef10.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: Z1w4zVycSKHPmP-T6ve772mv0wFvsQ0fNb1UYj6al3MsfSw7nZZEYQ==
age: 1498
GET

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=429908&time=1678896169213&url=https%3A%2F%2Fwww.grammarly.com%2F--

IEXPLORE.EXE

Remote address:

13.107.42.14:443

Request

GET /collect?v=2&fmt=js&pid=429908&time=1678896169213&url=https%3A%2F%2Fwww.grammarly.com%2F-- HTTP/2.0
host: px.ads.linkedin.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 302

location: /collect?v=2&fmt=js&pid=429908&time=1678896169213&url=https%3A%2F%2Fwww.grammarly.com%2F--&cookiesTest=true
set-cookie: li_sugr=c160dac6-da38-46c5-b3ae-5e9ac578ce7a; Max-Age=7776000; Expires=Tue, 13 Jun 2023 15:02:51 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
set-cookie: bcookie="v=2&2f30e884-80af-43bd-80f4-78375638c95f"; domain=.linkedin.com; Path=/; Secure; Expires=Thu, 14-Mar-2024 15:02:51 GMT; SameSite=None
set-cookie: lidc="b=TGST04:s=T:r=T:a=T:p=T:g=2901:u=1:x=1:i=1678892571:t=1678978971:v=2:sig=AQEV229is-YdFdPq6Cy5_nF_62dxB2rp"; Expires=Thu, 16 Mar 2023 15:02:51 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAX28aNQdhccGHnr2ysOBg==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 1B94FA538E2A47558E5DB74B7A1EAADE Ref B: DUS30EDGE0907 Ref C: 2023-03-15T15:02:50Z
date: Wed, 15 Mar 2023 15:02:50 GMT
content-length: 0
GET

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=429908&time=1678896169213&url=https%3A%2F%2Fwww.grammarly.com%2F--&cookiesTest=true

IEXPLORE.EXE

Remote address:

13.107.42.14:443

Request

GET /collect?v=2&fmt=js&pid=429908&time=1678896169213&url=https%3A%2F%2Fwww.grammarly.com%2F--&cookiesTest=true HTTP/2.0
host: px.ads.linkedin.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: li_sugr=c160dac6-da38-46c5-b3ae-5e9ac578ce7a; bcookie="v=2&2f30e884-80af-43bd-80f4-78375638c95f"; lidc="b=TGST04:s=T:r=T:a=T:p=T:g=2901:u=1:x=1:i=1678892571:t=1678978971:v=2:sig=AQEV229is-YdFdPq6Cy5_nF_62dxB2rp"

Response

HTTP/2.0 302

location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D429908%26time%3D1678896169213%26url%3Dhttps%253A%252F%252Fwww.grammarly.com%252F--%26cookiesTest%3Dtrue%26liSync%3Dtrue
set-cookie: li_sugr=c160dac6-da38-46c5-b3ae-5e9ac578ce7a; Max-Age=7776000; Expires=Tue, 13 Jun 2023 15:02:51 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
set-cookie: UserMatchHistory=AQLymHp9CSq4PwAAAYbly5p4ERvauWRB4eTccp-ge-8nSgywYEeuy4jeohy6zKyvA4cy5VBNSQg4oA; Max-Age=2592000; Expires=Fri, 14 Apr 2023 15:02:51 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
set-cookie: AnalyticsSyncHistory=AQL6Fv9gwSzz1QAAAYbly5p4M0yvT37f9K_jyJsSomNH4D7_qSiYlTPDYTp7PEKPN1jqN5etkUGyOp2XKCujZw; Max-Age=2592000; Expires=Fri, 14 Apr 2023 15:02:51 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
set-cookie: bcookie="v=2&2f30e884-80af-43bd-80f4-78375638c95f"; domain=.linkedin.com; Path=/; Secure; Expires=Thu, 14-Mar-2024 15:02:51 GMT; SameSite=None
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAX28aNTTcAuAMN2AYlUxw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 8228AE61C4A748ABB802FDA1D36DF0B4 Ref B: DUS30EDGE0907 Ref C: 2023-03-15T15:02:51Z
date: Wed, 15 Mar 2023 15:02:50 GMT
content-length: 0
GET

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=429908&time=1678896169213&url=https%3A%2F%2Fwww.grammarly.com%2F--&cookiesTest=true&liSync=true

IEXPLORE.EXE

Remote address:

13.107.42.14:443

Request

GET /collect?v=2&fmt=js&pid=429908&time=1678896169213&url=https%3A%2F%2Fwww.grammarly.com%2F--&cookiesTest=true&liSync=true HTTP/2.0
host: px.ads.linkedin.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: li_sugr=c160dac6-da38-46c5-b3ae-5e9ac578ce7a; bcookie="v=2&2f30e884-80af-43bd-80f4-78375638c95f"; lidc="b=TGST04:s=T:r=T:a=T:p=T:g=2901:u=1:x=1:i=1678892571:t=1678978971:v=2:sig=AQEV229is-YdFdPq6Cy5_nF_62dxB2rp"; UserMatchHistory=AQLymHp9CSq4PwAAAYbly5p4ERvauWRB4eTccp-ge-8nSgywYEeuy4jeohy6zKyvA4cy5VBNSQg4oA; AnalyticsSyncHistory=AQL6Fv9gwSzz1QAAAYbly5p4M0yvT37f9K_jyJsSomNH4D7_qSiYlTPDYTp7PEKPN1jqN5etkUGyOp2XKCujZw

Response

HTTP/2.0 200

content-type: application/javascript
set-cookie: li_sugr=c160dac6-da38-46c5-b3ae-5e9ac578ce7a; Max-Age=7776000; Expires=Tue, 13 Jun 2023 15:02:51 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
set-cookie: bcookie="v=2&2f30e884-80af-43bd-80f4-78375638c95f"; domain=.linkedin.com; Path=/; Secure; Expires=Thu, 14-Mar-2024 15:02:51 GMT; SameSite=None
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAX28aNbY/pe3MBKMJ9TMQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: F7A9A312555A45368146302F93BB3C65 Ref B: DUS30EDGE0907 Ref C: 2023-03-15T15:02:51Z
date: Wed, 15 Mar 2023 15:02:51 GMT
content-length: 0
GET

https://t.co/i/adsct?bci=3&eci=2&event_id=765ae81f-33d8-46b5-b6e0-b83b65ecbe20&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=110ae7ba-cb39-49ef-86ef-e65eb4b19742&tw_document_href=https%3A%2F%2Fwww.grammarly.com%2F--&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o2m57&type=javascript&version=2.3.29

IEXPLORE.EXE

Remote address:

104.244.42.197:443

Request

GET /i/adsct?bci=3&eci=2&event_id=765ae81f-33d8-46b5-b6e0-b83b65ecbe20&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=110ae7ba-cb39-49ef-86ef-e65eb4b19742&tw_document_href=https%3A%2F%2Fwww.grammarly.com%2F--&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o2m57&type=javascript&version=2.3.29 HTTP/2.0
host: t.co
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:51 GMT
perf: 7626143928
server: tsa_o
set-cookie: muc_ads=98f8a078-b814-4066-9069-1f63c948a9c6; Max-Age=63072000; Expires=Fri, 14 Mar 2025 15:02:51 GMT; Path=/; Domain=t.co; Secure; SameSite=None
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
content-length: 43
x-transaction-id: d1d07ecc9a749c75
strict-transport-security: max-age=0
x-response-time: 112
x-connection-hash: 8fbb1b96cd95fde40bf4ce405daa5ab8fee0c035b0d197a9a598e91e2ebc109e
GET

https://alb.reddit.com/rp.gif?ts=1678896169271&id=t2_gfzsc&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&uuid=7d952c44-246b-47e7-99b2-bf780fdf5b24&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1280&sw=720&v=rdt_65e23bc4

IEXPLORE.EXE

Remote address:

151.101.1.140:443

Request

GET /rp.gif?ts=1678896169271&id=t2_gfzsc&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&uuid=7d952c44-246b-47e7-99b2-bf780fdf5b24&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1280&sw=720&v=rdt_65e23bc4 HTTP/2.0
host: alb.reddit.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: Varnish
retry-after: 0
cross-origin-resource-policy: cross-origin
content-type: image/gif
accept-ranges: bytes
date: Wed, 15 Mar 2023 15:02:51 GMT
via: 1.1 varnish
content-length: 42
GET

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=765ae81f-33d8-46b5-b6e0-b83b65ecbe20&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=110ae7ba-cb39-49ef-86ef-e65eb4b19742&tw_document_href=https%3A%2F%2Fwww.grammarly.com%2F--&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o2m57&type=javascript&version=2.3.29

IEXPLORE.EXE

Remote address:

104.244.42.195:443

Request

GET /i/adsct?bci=3&eci=2&event_id=765ae81f-33d8-46b5-b6e0-b83b65ecbe20&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=110ae7ba-cb39-49ef-86ef-e65eb4b19742&tw_document_href=https%3A%2F%2Fwww.grammarly.com%2F--&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o2m57&type=javascript&version=2.3.29 HTTP/2.0
host: analytics.twitter.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:51 GMT
perf: 7626143928
server: tsa_o
set-cookie: personalization_id="v1_p4XTCQCrWPPT2V8Ac1zgaQ=="; Max-Age=63072000; Expires=Fri, 14 Mar 2025 15:02:51 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
content-length: 43
x-transaction-id: e6ce69e311b12552
strict-transport-security: max-age=631138519
x-response-time: 106
x-connection-hash: b3aa379482a531619584ac94d0df12dfe9363cafc94b30cef2cd9c27875d755b
GET

http://ocsp.r2m01.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEAXR1xNPN9IZ9rJMbVgVilA%3D

IEXPLORE.EXE

Remote address:

18.65.32.234:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEAXR1xNPN9IZ9rJMbVgVilA%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.r2m01.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 15 Mar 2023 11:15:10 GMT
Last-Modified: Wed, 15 Mar 2023 11:14:24 GMT
Server: ECAcc (amb/6B51)
X-Cache: Hit from cloudfront
Via: 1.1 f89ae7540cfd7be6febf2f3e1ef03e18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-P1
X-Amz-Cf-Id: WuPXggcw1kE823bP0GwbuzgsOHCELx8fWPMW9zXYpyfBuJunrrMTyA==
Age: 13707
GET

http://ocsp.r2m01.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEAjA4ZqYLyrlvxNTcgHtrhw%3D

IEXPLORE.EXE

Remote address:

18.65.32.234:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEAjA4ZqYLyrlvxNTcgHtrhw%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.r2m01.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Last-Modified: Wed, 15 Mar 2023 05:52:28 GMT
Server: ECAcc (amb/6B21)
Date: Wed, 15 Mar 2023 11:31:50 GMT
Cache-Control: max-age=111250
ETag: "6410bbe2-1d7"
Expires: Thu, 16 Mar 2023 18:25:02 GMT
X-Cache: Hit from cloudfront
Via: 1.1 5e1e1cde81deec56515dcc5317501fe8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-P1
X-Amz-Cf-Id: 7SulDVDdPJWXeOM2IqA2zTVokcvSBan45UKrjvcsxRLeSim3ac3fQA==
Age: 12746
DNS

pixel.tapad.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

pixel.tapad.com

IN A

Response

pixel.tapad.com

IN A

34.111.113.62
DNS

pixel.tapad.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

pixel.tapad.com

IN A

Response

pixel.tapad.com

IN A

34.111.113.62
DNS

trc.taboola.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

trc.taboola.com

IN A

Response

trc.taboola.com

IN CNAME

dualstack.tls13.taboola.map.fastly.net

dualstack.tls13.taboola.map.fastly.net

IN A

151.101.1.44

dualstack.tls13.taboola.map.fastly.net

IN A

151.101.65.44

dualstack.tls13.taboola.map.fastly.net

IN A

151.101.129.44

dualstack.tls13.taboola.map.fastly.net

IN A

151.101.193.44
DNS

trc.taboola.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

trc.taboola.com

IN A

Response

trc.taboola.com

IN CNAME

dualstack.tls13.taboola.map.fastly.net

dualstack.tls13.taboola.map.fastly.net

IN A

151.101.1.44

dualstack.tls13.taboola.map.fastly.net

IN A

151.101.65.44

dualstack.tls13.taboola.map.fastly.net

IN A

151.101.129.44

dualstack.tls13.taboola.map.fastly.net

IN A

151.101.193.44
GET

https://trc.taboola.com/1155799/trc/3/json?tim=1678896169412&data=%7B%22id%22%3A26%2C%22ii%22%3A%22%2F--%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1678896169278%2C%22cv%22%3A%2220230312-9-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.grammarly.com%2F--%3F%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dgrammarly-network%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1678896169411%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fwww.grammarly.com%2F--%22%2C%22tos%22%3A52%2C%22ssd%22%3A1%2C%22scd%22%3A0%2C%22supv%22%3Atrue%7D%7D&pubit=i

IEXPLORE.EXE

Remote address:

151.101.1.44:443

Request

GET /1155799/trc/3/json?tim=1678896169412&data=%7B%22id%22%3A26%2C%22ii%22%3A%22%2F--%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1678896169278%2C%22cv%22%3A%2220230312-9-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.grammarly.com%2F--%3F%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dgrammarly-network%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1678896169411%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fwww.grammarly.com%2F--%22%2C%22tos%22%3A52%2C%22ssd%22%3A1%2C%22scd%22%3A0%2C%22supv%22%3Atrue%7D%7D&pubit=i HTTP/2.0
host: trc.taboola.com
accept: application/javascript, */*;q=0.8
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
content-type: application/javascript; charset=utf-8
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
set-cookie: t_gid=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b;Version=1;Path=/;Domain=.taboola.com;Expires=Thu, 14-Mar-2024 15:02:51 GMT;Max-Age=31536000;Secure;SameSite=None
set-cookie: taboola_session_id=v2_1f0fee6fb1a042da605a2223eca4011b_bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b_1678892571_1678892571_CNawjgYQ18VGGL6CirDuMCABKAEwZziY0QpA548QSK3x1gNQ____________AVgAYABoopyqvanCqcmOAXAB;Version=1;Path=/grammarly-network/;Domain=.taboola.com;Secure;SameSite=None
content-encoding: gzip
accept-ranges: bytes
date: Wed, 15 Mar 2023 15:02:51 GMT
via: 1.1 varnish
x-served-by: cache-ams21077-AMS
x-cache: MISS
x-cache-hits: 0
x-timer: S1678892571.189054,VS0,VE84
vary: Accept-Encoding
x-vcl-time-ms: 84
GET

https://pixel.tapad.com/idsync/ex/receive?partner_id=2994&partner_device_id=bbb0b3a3872b2c4b2b1a8e9a4faa7511

IEXPLORE.EXE

Remote address:

34.111.113.62:443

Request

GET /idsync/ex/receive?partner_id=2994&partner_device_id=bbb0b3a3872b2c4b2b1a8e9a4faa7511 HTTP/2.0
host: pixel.tapad.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 302

date: Wed, 15 Mar 2023 15:02:51 GMT
strict-transport-security: max-age=31536000
access-control-allow-origin: *
accept-ch: Sec-CH-UA
accept-ch: Sec-CH-UA-Arch
accept-ch: Sec-CH-UA-Bitness
accept-ch: Sec-CH-UA-Full-Version-List
accept-ch: Sec-CH-UA-Mobile
accept-ch: Sec-CH-UA-Model
accept-ch: Sec-CH-UA-Platform
accept-ch: Sec-CH-UA-Platform-Version
accept-ch: Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
set-cookie: TapAd_TS=1678892571643;Expires=Sun, 14 May 2023 15:02:51 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
set-cookie: TapAd_DID=034db773-ad49-47ef-9935-752a378c2d53;Expires=Sun, 14 May 2023 15:02:51 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2994&partner_device_id=bbb0b3a3872b2c4b2b1a8e9a4faa7511
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2994&partner_device_id=bbb0b3a3872b2c4b2b1a8e9a4faa7511

IEXPLORE.EXE

Remote address:

34.111.113.62:443

Request

GET /idsync/ex/receive/check?partner_id=2994&partner_device_id=bbb0b3a3872b2c4b2b1a8e9a4faa7511 HTTP/2.0
host: pixel.tapad.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: TapAd_TS=1678892571643; TapAd_DID=034db773-ad49-47ef-9935-752a378c2d53

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:51 GMT
strict-transport-security: max-age=31536000
access-control-allow-origin: *
accept-ch: Sec-CH-UA
accept-ch: Sec-CH-UA-Arch
accept-ch: Sec-CH-UA-Bitness
accept-ch: Sec-CH-UA-Full-Version-List
accept-ch: Sec-CH-UA-Mobile
accept-ch: Sec-CH-UA-Model
accept-ch: Sec-CH-UA-Platform
accept-ch: Sec-CH-UA-Platform-Version
accept-ch: Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
set-cookie: TapAd_TS=1678892571643;Expires=Sun, 14 May 2023 15:02:51 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
set-cookie: TapAd_DID=034db773-ad49-47ef-9935-752a378c2d53;Expires=Sun, 14 May 2023 15:02:51 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
set-cookie: TapAd_3WAY_SYNCS=;Expires=Sun, 14 May 2023 15:02:51 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
content-type: image/png
content-length: 95
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

analytics.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

analytics.google.com

IN A

Response

analytics.google.com

IN CNAME

analytics-alv.google.com

analytics-alv.google.com

IN A

216.239.34.181

analytics-alv.google.com

IN A

216.239.32.181

analytics-alv.google.com

IN A

216.239.38.181

analytics-alv.google.com

IN A

216.239.36.181
DNS

analytics.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

analytics.google.com

IN A

Response

analytics.google.com

IN CNAME

analytics-alv.google.com

analytics-alv.google.com

IN A

216.239.34.181

analytics-alv.google.com

IN A

216.239.32.181

analytics-alv.google.com

IN A

216.239.38.181

analytics-alv.google.com

IN A

216.239.36.181
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

34.113.223.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.113.223.173.in-addr.arpa

IN PTR

Response

34.113.223.173.in-addr.arpa

IN PTR

a173-223-113-34deploystaticakamaitechnologiescom
DNS

140.1.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.1.101.151.in-addr.arpa

IN PTR

Response
DNS

154.102.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.102.250.142.in-addr.arpa

IN PTR

Response

154.102.250.142.in-addr.arpa

IN PTR

rb-in-f1541e100net
DNS

152.238.32.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

152.238.32.23.in-addr.arpa

IN PTR

Response

152.238.32.23.in-addr.arpa

IN PTR

a23-32-238-152deploystaticakamaitechnologiescom
DNS

44.1.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

44.1.101.151.in-addr.arpa

IN PTR

Response
DNS

157.60.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.60.101.151.in-addr.arpa

IN PTR

Response
DNS

130.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

130.179.250.142.in-addr.arpa

IN PTR

Response

130.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f21e100net
DNS

226.21.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.21.18.104.in-addr.arpa

IN PTR

Response
DNS

197.42.244.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

197.42.244.104.in-addr.arpa

IN PTR

Response
DNS

197.42.244.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

197.42.244.104.in-addr.arpa

IN PTR

Response
DNS

197.42.244.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

197.42.244.104.in-addr.arpa

IN PTR

Response
DNS

36.28.156.108.in-addr.arpa

Remote address:

8.8.8.8:53

Request

36.28.156.108.in-addr.arpa

IN PTR

Response

36.28.156.108.in-addr.arpa

IN PTR

server-108-156-28-36lhr50r cloudfrontnet
DNS

15.235.23.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.235.23.23.in-addr.arpa

IN PTR

Response

15.235.23.23.in-addr.arpa

IN PTR

ec2-23-23-235-15 compute-1 amazonawscom
GET

https://analytics.google.com/g/collect?v=2&tid=G-CBK9K2ZWWE&gtm=45je33d0&_p=1331267522&cid=349171042.1678896169&ul=en-us&sr=1280x720&_s=2&sid=1678896169&sct=1&seg=0&dl=https%3A%2F%2Fwww.grammarly.com%2F--&dt=Page%20not%20found%20%7C%20Grammarly&en=scroll_depth_25&_et=110

IEXPLORE.EXE

Remote address:

216.239.34.181:443

Request

GET /g/collect?v=2&tid=G-CBK9K2ZWWE&gtm=45je33d0&_p=1331267522&cid=349171042.1678896169&ul=en-us&sr=1280x720&_s=2&sid=1678896169&sct=1&seg=0&dl=https%3A%2F%2Fwww.grammarly.com%2F--&dt=Page%20not%20found%20%7C%20Grammarly&en=scroll_depth_25&_et=110 HTTP/2.0
host: analytics.google.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 204

access-control-allow-origin: *
date: Wed, 15 Mar 2023 15:02:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://analytics.google.com/g/collect?v=2&tid=G-CBK9K2ZWWE&gtm=45je33d0&_p=1331267522&cid=349171042.1678896169&ul=en-us&sr=1280x720&_s=3&sid=1678896169&sct=1&seg=0&dl=https%3A%2F%2Fwww.grammarly.com%2F--&dt=Page%20not%20found%20%7C%20Grammarly&en=scroll_depth_50&_et=10

IEXPLORE.EXE

Remote address:

216.239.34.181:443

Request

GET /g/collect?v=2&tid=G-CBK9K2ZWWE&gtm=45je33d0&_p=1331267522&cid=349171042.1678896169&ul=en-us&sr=1280x720&_s=3&sid=1678896169&sct=1&seg=0&dl=https%3A%2F%2Fwww.grammarly.com%2F--&dt=Page%20not%20found%20%7C%20Grammarly&en=scroll_depth_50&_et=10 HTTP/2.0
host: analytics.google.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 204

access-control-allow-origin: *
date: Wed, 15 Mar 2023 15:02:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://analytics.google.com/g/collect?v=2&tid=G-CBK9K2ZWWE&gtm=45je33d0&_p=1331267522&cid=349171042.1678896169&ul=en-us&sr=1280x720&_s=4&sid=1678896169&sct=1&seg=0&dl=https%3A%2F%2Fwww.grammarly.com%2F--&dt=Page%20not%20found%20%7C%20Grammarly&en=scroll_depth_75&_et=21

IEXPLORE.EXE

Remote address:

216.239.34.181:443

Request

GET /g/collect?v=2&tid=G-CBK9K2ZWWE&gtm=45je33d0&_p=1331267522&cid=349171042.1678896169&ul=en-us&sr=1280x720&_s=4&sid=1678896169&sct=1&seg=0&dl=https%3A%2F%2Fwww.grammarly.com%2F--&dt=Page%20not%20found%20%7C%20Grammarly&en=scroll_depth_75&_et=21 HTTP/2.0
host: analytics.google.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 204

access-control-allow-origin: *
date: Wed, 15 Mar 2023 15:02:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://analytics.google.com/g/collect?v=2&tid=G-CBK9K2ZWWE&gtm=45je33d0&_p=1331267522&cid=349171042.1678896169&ul=en-us&sr=1280x720&_s=5&sid=1678896169&sct=1&seg=0&dl=https%3A%2F%2Fwww.grammarly.com%2F--&dt=Page%20not%20found%20%7C%20Grammarly&en=scroll&epn.percent_scrolled=90&_et=23

IEXPLORE.EXE

Remote address:

216.239.34.181:443

Request

GET /g/collect?v=2&tid=G-CBK9K2ZWWE&gtm=45je33d0&_p=1331267522&cid=349171042.1678896169&ul=en-us&sr=1280x720&_s=5&sid=1678896169&sct=1&seg=0&dl=https%3A%2F%2Fwww.grammarly.com%2F--&dt=Page%20not%20found%20%7C%20Grammarly&en=scroll&epn.percent_scrolled=90&_et=23 HTTP/2.0
host: analytics.google.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 204

access-control-allow-origin: *
date: Wed, 15 Mar 2023 15:02:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://analytics.google.com/g/collect?v=2&tid=G-CBK9K2ZWWE&gtm=45je33d0&_p=1331267522&_gaz=1&cid=349171042.1678896169&ul=en-us&sr=1280x720&_s=1&sid=1678896169&sct=1&seg=0&dl=https%3A%2F%2Fwww.grammarly.com%2F--&dt=Page%20not%20found%20%7C%20Grammarly&uid=&en=page_view&_fv=1&_ss=2&ep.template_name=all-pages

IEXPLORE.EXE

Remote address:

216.239.34.181:443

Request

GET /g/collect?v=2&tid=G-CBK9K2ZWWE&gtm=45je33d0&_p=1331267522&_gaz=1&cid=349171042.1678896169&ul=en-us&sr=1280x720&_s=1&sid=1678896169&sct=1&seg=0&dl=https%3A%2F%2Fwww.grammarly.com%2F--&dt=Page%20not%20found%20%7C%20Grammarly&uid=&en=page_view&_fv=1&_ss=2&ep.template_name=all-pages HTTP/2.0
host: analytics.google.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 204

access-control-allow-origin: *
date: Wed, 15 Mar 2023 15:02:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

11.114.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.114.248.87.in-addr.arpa

IN PTR

Response

11.114.248.87.in-addr.arpa

IN PTR

e1ycpiviplobyahoocom
DNS

239.41.138.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

239.41.138.3.in-addr.arpa

IN PTR

Response

239.41.138.3.in-addr.arpa

IN PTR

ec2-3-138-41-239 us-east-2compute amazonawscom
DNS

239.41.138.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

239.41.138.3.in-addr.arpa

IN PTR

Response

239.41.138.3.in-addr.arpa

IN PTR

ec2-3-138-41-239 us-east-2compute amazonawscom
DNS

154.132.212.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.132.212.35.in-addr.arpa

IN PTR

Response

154.132.212.35.in-addr.arpa

IN PTR

15413221235bcgoogleusercontentcom
DNS

154.132.212.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.132.212.35.in-addr.arpa

IN PTR

Response

154.132.212.35.in-addr.arpa

IN PTR

15413221235bcgoogleusercontentcom
DNS

109.39.65.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

109.39.65.18.in-addr.arpa

IN PTR

Response

109.39.65.18.in-addr.arpa

IN PTR

server-18-65-39-109ams1r cloudfrontnet
DNS

181.222.227.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

181.222.227.13.in-addr.arpa

IN PTR

Response

181.222.227.13.in-addr.arpa

IN PTR

server-13-227-222-181ams54r cloudfrontnet
DNS

12.101.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

12.101.16.104.in-addr.arpa

IN PTR

Response
DNS

80.142.244.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.142.244.35.in-addr.arpa

IN PTR

Response

80.142.244.35.in-addr.arpa

IN PTR

8014224435bcgoogleusercontentcom
DNS

80.142.244.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.142.244.35.in-addr.arpa

IN PTR

Response

80.142.244.35.in-addr.arpa

IN PTR

8014224435bcgoogleusercontentcom
DNS

234.24.75.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.24.75.54.in-addr.arpa

IN PTR

Response

234.24.75.54.in-addr.arpa

IN PTR

ec2-54-75-24-234 eu-west-1compute amazonawscom
DNS

234.24.75.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.24.75.54.in-addr.arpa

IN PTR

Response

234.24.75.54.in-addr.arpa

IN PTR

ec2-54-75-24-234 eu-west-1compute amazonawscom
DNS

35.221.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.221.240.157.in-addr.arpa

IN PTR

Response

35.221.240.157.in-addr.arpa

IN PTR

edge-star-mini-shv-01-lhr8facebookcom
DNS

134.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.179.250.142.in-addr.arpa

IN PTR

Response

134.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f61e100net
DNS

155.31.232.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

155.31.232.34.in-addr.arpa

IN PTR

Response

155.31.232.34.in-addr.arpa

IN PTR

ec2-34-232-31-155 compute-1 amazonawscom
DNS

155.31.232.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

155.31.232.34.in-addr.arpa

IN PTR

Response

155.31.232.34.in-addr.arpa

IN PTR

ec2-34-232-31-155 compute-1 amazonawscom
DNS

3.121.208.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.121.208.18.in-addr.arpa

IN PTR

Response

3.121.208.18.in-addr.arpa

IN PTR

ec2-18-208-121-3 compute-1 amazonawscom
DNS

3.121.208.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.121.208.18.in-addr.arpa

IN PTR

Response

3.121.208.18.in-addr.arpa

IN PTR

ec2-18-208-121-3 compute-1 amazonawscom
DNS

146.98.54.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.98.54.52.in-addr.arpa

IN PTR

Response

146.98.54.52.in-addr.arpa

IN PTR

ec2-52-54-98-146 compute-1 amazonawscom
DNS

14.42.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.42.107.13.in-addr.arpa

IN PTR

Response
DNS

14.42.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.42.107.13.in-addr.arpa

IN PTR

Response
DNS

195.42.244.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.42.244.104.in-addr.arpa

IN PTR

Response
DNS

195.42.244.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.42.244.104.in-addr.arpa

IN PTR

Response
DNS

195.42.244.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.42.244.104.in-addr.arpa

IN PTR

Response
DNS

62.113.111.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

62.113.111.34.in-addr.arpa

IN PTR

Response

62.113.111.34.in-addr.arpa

IN PTR

6211311134bcgoogleusercontentcom
DNS

62.113.111.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

62.113.111.34.in-addr.arpa

IN PTR

Response

62.113.111.34.in-addr.arpa

IN PTR

6211311134bcgoogleusercontentcom
DNS

188.155.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

188.155.64.172.in-addr.arpa

IN PTR

Response
DNS

www.linkedin.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.linkedin.com

IN A

Response

www.linkedin.com

IN CNAME

www-linkedin-com.l-0005.l-msedge.net

www-linkedin-com.l-0005.l-msedge.net

IN CNAME

l-0005.l-dc-msedge.net

l-0005.l-dc-msedge.net

IN A

13.107.43.14
DNS

www.linkedin.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.linkedin.com

IN A

Response

www.linkedin.com

IN CNAME

www-linkedin-com.l-0005.l-msedge.net

www-linkedin-com.l-0005.l-msedge.net

IN CNAME

l-0005.l-msedge.net

l-0005.l-msedge.net

IN A

13.107.42.14
GET

https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D429908%26time%3D1678896169213%26url%3Dhttps%253A%252F%252Fwww.grammarly.com%252F--%26cookiesTest%3Dtrue%26liSync%3Dtrue

IEXPLORE.EXE

Remote address:

13.107.43.14:443

Request

GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D429908%26time%3D1678896169213%26url%3Dhttps%253A%252F%252Fwww.grammarly.com%252F--%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP/2.0
host: www.linkedin.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: li_sugr=c160dac6-da38-46c5-b3ae-5e9ac578ce7a; bcookie="v=2&2f30e884-80af-43bd-80f4-78375638c95f"; lidc="b=TGST04:s=T:r=T:a=T:p=T:g=2901:u=1:x=1:i=1678892571:t=1678978971:v=2:sig=AQEV229is-YdFdPq6Cy5_nF_62dxB2rp"; UserMatchHistory=AQLymHp9CSq4PwAAAYbly5p4ERvauWRB4eTccp-ge-8nSgywYEeuy4jeohy6zKyvA4cy5VBNSQg4oA; AnalyticsSyncHistory=AQL6Fv9gwSzz1QAAAYbly5p4M0yvT37f9K_jyJsSomNH4D7_qSiYlTPDYTp7PEKPN1jqN5etkUGyOp2XKCujZw

Response

HTTP/2.0 302

cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=429908&time=1678896169213&url=https%3A%2F%2Fwww.grammarly.com%2F--&cookiesTest=true&liSync=true
p3p: CP="CAO CUR ADM DEV PSA PSD OUR"
set-cookie: bscookie="v=1&202303151502516e352d7e-9004-43de-82c1-08a86da9c443AQEAC4zUjk-T3ImkH_iDlrarnevH9VOP"; domain=.www.linkedin.com; Path=/; Secure; Expires=Thu, 14-Mar-2024 15:02:51 GMT; HttpOnly; SameSite=None
linkedin-action: 1
content-security-policy-report-only: script-src-attr 'none'; report-uri /security/csp?e=p&f=t_attr_ro&ro=true
content-security-policy: default-src *; connect-src 'self' *.licdn.com *.linkedin.com wss://*.linkedin.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.qualtrics.com *.adyen.com *.microsoft.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src blob: lnkd-communities: voyager: *; frame-ancestors 'self' *.linkedin.com teams.microsoft.com client.learningapp.microsoft.com
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAX28aNYj4klL3O1jqXIQQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: C9B7781FA8B240C38306DE10F633F7A0 Ref B: LON212050706023 Ref C: 2023-03-15T15:02:51Z
date: Wed, 15 Mar 2023 15:02:51 GMT
content-length: 0
DNS

sp.analytics.yahoo.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

sp.analytics.yahoo.com

IN A

Response

sp.analytics.yahoo.com

IN CNAME

spdc-global.pbp.gysm.yahoodns.net

spdc-global.pbp.gysm.yahoodns.net

IN A

212.82.100.181
GET

https://sp.analytics.yahoo.com/sp.pl?a=10000&d=Wed%2C%2015%20Mar%202023%2016%3A02%3A49%20GMT&n=0&b=Page%20not%20found%20%7C%20Grammarly&.yp=419167&f=https%3A%2F%2Fwww.grammarly.com%2F--&enc=utf-8&yv=1.13.0&tagmgr=gtm

IEXPLORE.EXE

Remote address:

212.82.100.181:443

Request

GET /sp.pl?a=10000&d=Wed%2C%2015%20Mar%202023%2016%3A02%3A49%20GMT&n=0&b=Page%20not%20found%20%7C%20Grammarly&.yp=419167&f=https%3A%2F%2Fwww.grammarly.com%2F--&enc=utf-8&yv=1.13.0&tagmgr=gtm HTTP/2.0
host: sp.analytics.yahoo.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:51 GMT
expires: Wed, 15 Mar 2023 15:02:51 GMT
pragma: no-cache
cache-control: no-cache, private, must-revalidate
content-type: image/gif
accept-ranges: bytes
content-length: 43
server: ATS
age: 0
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
set-cookie: A3=d=AQABBBveEWQCEN9yEiWrnfwcFpP11pWbyToFEgEBAQEvE2QbZAAAAAAA_eMAAA&S=AQAAAq2gxpAk6SITCvM--4b0CS0; Expires=Thu, 14 Mar 2024 21:02:51 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
DNS

insight.adsrvr.org

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

insight.adsrvr.org

IN A

Response

insight.adsrvr.org

IN A

52.223.40.198

insight.adsrvr.org

IN A

35.71.131.137

insight.adsrvr.org

IN A

15.197.193.217

insight.adsrvr.org

IN A

3.33.220.150
DNS

insight.adsrvr.org

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

insight.adsrvr.org

IN A

Response

insight.adsrvr.org

IN A

52.223.40.198

insight.adsrvr.org

IN A

35.71.131.137

insight.adsrvr.org

IN A

15.197.193.217

insight.adsrvr.org

IN A

3.33.220.150
DNS

rtb.adentifi.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

rtb.adentifi.com

IN A

Response

rtb.adentifi.com

IN A

34.237.115.206

rtb.adentifi.com

IN A

52.54.66.175

rtb.adentifi.com

IN A

52.207.206.215

rtb.adentifi.com

IN A

34.201.238.83

rtb.adentifi.com

IN A

52.21.7.221

rtb.adentifi.com

IN A

54.85.216.131

rtb.adentifi.com

IN A

52.200.85.122

rtb.adentifi.com

IN A

3.212.4.2
DNS

rtb.adentifi.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

rtb.adentifi.com

IN A

Response

rtb.adentifi.com

IN A

34.237.115.206

rtb.adentifi.com

IN A

52.54.66.175

rtb.adentifi.com

IN A

52.207.206.215

rtb.adentifi.com

IN A

34.201.238.83

rtb.adentifi.com

IN A

52.21.7.221

rtb.adentifi.com

IN A

54.85.216.131

rtb.adentifi.com

IN A

52.200.85.122

rtb.adentifi.com

IN A

3.212.4.2
DNS

us-central1-adaptive-growth.cloudfunctions.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

us-central1-adaptive-growth.cloudfunctions.net

IN A

Response

us-central1-adaptive-growth.cloudfunctions.net

IN A

216.239.36.54
DNS

us-central1-adaptive-growth.cloudfunctions.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

us-central1-adaptive-growth.cloudfunctions.net

IN A

Response

us-central1-adaptive-growth.cloudfunctions.net

IN A

216.239.36.54
GET

https://insight.adsrvr.org/track/up?adv=h4ebcn2&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k03oi77&upv=1.1.0&OrderCost=undefined

IEXPLORE.EXE

Remote address:

52.223.40.198:443

Request

GET /track/up?adv=h4ebcn2&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k03oi77&upv=1.1.0&OrderCost=undefined HTTP/2.0
host: insight.adsrvr.org
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 302

date: Wed, 15 Mar 2023 15:02:51 GMT
content-type: text/html; charset=utf-8
location: https://match.adsrvr.org/track/upb/?adv=h4ebcn2&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k03oi77&upv=1.1.0&OrderCost=undefined
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
set-cookie: TDID=e1c0baff-2a44-4665-be4b-51968b49827b; domain=.adsrvr.org; expires=Fri, 15-Mar-2024 15:02:51 GMT; path=/; secure; SameSite=None
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
GET

https://insight.adsrvr.org/track/up?adv=n02q0rx&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k6x8du5&upv=1.1.0

IEXPLORE.EXE

Remote address:

52.223.40.198:443

Request

GET /track/up?adv=n02q0rx&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k6x8du5&upv=1.1.0 HTTP/2.0
host: insight.adsrvr.org
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://11910764.fls.doubleclick.net/ddm/fls/r/src=11910764;type=gramm0;cat=gramm0;ord=6751340060560;gtm=45He33d0;auiddc=1719944168.1678896169;~oref=https%3A%2F%2Fwww.grammarly.com%2F--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 302

date: Wed, 15 Mar 2023 15:02:51 GMT
content-type: text/html; charset=utf-8
location: https://match.adsrvr.org/track/upb/?adv=n02q0rx&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k6x8du5&upv=1.1.0
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
set-cookie: TDID=8b0e2d67-0720-4681-b24b-b03fab0a6605; domain=.adsrvr.org; expires=Fri, 15-Mar-2024 15:02:51 GMT; path=/; secure; SameSite=None
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
GET

https://rtb.adentifi.com/CookieSyncAdX

IEXPLORE.EXE

Remote address:

34.237.115.206:443

Request

GET /CookieSyncAdX HTTP/2.0
host: rtb.adentifi.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: adtheorent[cuid]=cuid_74d94f92-c342-11ed-a023-126da42bc963; adtheorent-legacy[cuid]=cuid_74d94f92-c342-11ed-a023-126da42bc963

Response

HTTP/2.0 302

date: Wed, 15 Mar 2023 15:02:51 GMT
content-type: text/plain
content-length: 0
location: https://cm.g.doubleclick.net/pixel?google_nid=adtheorent&google_hm=dNlPksNCEe2gIxJtpCvJYw&google_redir=https%3A%2F%2Frtb.adentifi.com%2FCookieSyncAdXCheck&google_ula=6802874232
GET

https://rtb.adentifi.com/CookieSyncAdXCheck?google_ula=6802874232,2

IEXPLORE.EXE

Remote address:

34.237.115.206:443

Request

GET /CookieSyncAdXCheck?google_ula=6802874232,2 HTTP/2.0
host: rtb.adentifi.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: adtheorent[cuid]=cuid_74d94f92-c342-11ed-a023-126da42bc963; adtheorent-legacy[cuid]=cuid_74d94f92-c342-11ed-a023-126da42bc963

Response

HTTP/2.0 204

date: Wed, 15 Mar 2023 15:02:52 GMT
OPTIONS

https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink

IEXPLORE.EXE

Remote address:

216.239.36.54:443

Request

OPTIONS /pdst-events-prod-sink HTTP/2.0
host: us-central1-adaptive-growth.cloudfunctions.net
accept: */*
origin: https://www.grammarly.com
access-control-request-method: POST
access-control-request-headers: accept, content-type
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 0
cache-control: no-cache

Response

HTTP/2.0 200

access-control-allow-headers: Content-Type, Accept
access-control-allow-methods: GET, POST
access-control-allow-origin: *
content-type: text/html; charset=utf-8
etag: W/"2-ROqGvmcGDXooyAXFZHZ+i4au1yQ"
function-execution-id: oqzc7qbtqy41
x-powered-by: Express
x-cloud-trace-context: b629bf15fcdd95069e3ac81946d11e02
content-encoding: gzip
date: Wed, 15 Mar 2023 15:02:52 GMT
server: Google Frontend
cache-control: private
content-length: 22
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
POST

https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink

IEXPLORE.EXE

Remote address:

216.239.36.54:443

Request

POST /pdst-events-prod-sink HTTP/2.0
host: us-central1-adaptive-growth.cloudfunctions.net
accept: application/json
content-type: application/json
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 472
cache-control: no-cache

Response

HTTP/2.0 204

access-control-allow-headers: Content-Type, Accept
access-control-allow-methods: GET, POST
access-control-allow-origin: *
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
function-execution-id: p7vapvlzq0ht
x-powered-by: Express
x-cloud-trace-context: f242567873590b55029b6504922e4dee
date: Wed, 15 Mar 2023 15:02:52 GMT
content-type: text/html
server: Google Frontend
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
DNS

match.adsrvr.org

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

match.adsrvr.org

IN A

Response

match.adsrvr.org

IN A

52.223.40.198

match.adsrvr.org

IN A

35.71.131.137

match.adsrvr.org

IN A

15.197.193.217

match.adsrvr.org

IN A

3.33.220.150
DNS

match.adsrvr.org

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

match.adsrvr.org

IN A

Response

match.adsrvr.org

IN A

52.223.40.198

match.adsrvr.org

IN A

35.71.131.137

match.adsrvr.org

IN A

15.197.193.217

match.adsrvr.org

IN A

3.33.220.150
DNS

idsync.rlcdn.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

idsync.rlcdn.com

IN A

Response

idsync.rlcdn.com

IN A

35.190.60.146
DNS

idsync.rlcdn.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

idsync.rlcdn.com

IN A

Response

idsync.rlcdn.com

IN A

35.190.60.146
DNS

action.dstillery.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

action.dstillery.com

IN A

Response

action.dstillery.com

IN CNAME

action.media6degrees.com.cdn.cloudflare.net

action.media6degrees.com.cdn.cloudflare.net

IN A

104.18.23.234

action.media6degrees.com.cdn.cloudflare.net

IN A

104.18.22.234
DNS

action.dstillery.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

action.dstillery.com

IN A

Response

action.dstillery.com

IN CNAME

action.media6degrees.com.cdn.cloudflare.net

action.media6degrees.com.cdn.cloudflare.net

IN A

104.18.23.234

action.media6degrees.com.cdn.cloudflare.net

IN A

104.18.22.234
GET

https://match.adsrvr.org/track/cmf/generic?ttd_pid=1q65303&ttd_tpi=1

IEXPLORE.EXE

Remote address:

52.223.40.198:443

Request

GET /track/cmf/generic?ttd_pid=1q65303&ttd_tpi=1 HTTP/2.0
host: match.adsrvr.org
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 302

date: Wed, 15 Mar 2023 15:02:51 GMT
content-type: text/html
content-length: 167
location: https://match.adsrvr.org/track/cmb/generic?ttd_pid=1q65303&ttd_tpi=1
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
set-cookie: TDID=b2fc23b9-ec58-4514-87d8-7eddb6d3ce57; domain=.adsrvr.org; expires=Fri, 15-Mar-2024 15:02:51 GMT; path=/; secure; SameSite=None
set-cookie: TDCPM=CAEYBSgCMgsIwoPjx6Lc0jsQBTgB; domain=.adsrvr.org; expires=Fri, 15-Mar-2024 15:02:51 GMT; path=/; secure; SameSite=None
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
GET

https://match.adsrvr.org/track/upb/?adv=h4ebcn2&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k03oi77&upv=1.1.0&OrderCost=undefined

IEXPLORE.EXE

Remote address:

52.223.40.198:443

Request

GET /track/upb/?adv=h4ebcn2&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k03oi77&upv=1.1.0&OrderCost=undefined HTTP/2.0
host: match.adsrvr.org
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: TDID=e1c0baff-2a44-4665-be4b-51968b49827b

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:51 GMT
content-type: text/html; charset=utf-8
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
set-cookie: TDID=e1c0baff-2a44-4665-be4b-51968b49827b; domain=.adsrvr.org; expires=Fri, 15-Mar-2024 15:02:51 GMT; path=/; secure; SameSite=None
set-cookie: TDCPM=CAESFQoGZ29vZ2xlEgsIqKrhmozc0jsQBRIWCgdydWJpY29uEgsIqKrhmozc0jsQBRIXCghhcHBuZXh1cxILCKiq4ZqM3NI7EAUYBSgDMgsIqKLkx6Lc0jsQBUIPIg0IARIJCgV0aWVyMxABWgdoNGViY24yYAE.; domain=.adsrvr.org; expires=Fri, 15-Mar-2024 15:02:51 GMT; path=/; secure; SameSite=None
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
GET

https://match.adsrvr.org/track/upb/?adv=n02q0rx&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k6x8du5&upv=1.1.0

IEXPLORE.EXE

Remote address:

52.223.40.198:443

Request

GET /track/upb/?adv=n02q0rx&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k6x8du5&upv=1.1.0 HTTP/2.0
host: match.adsrvr.org
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://11910764.fls.doubleclick.net/ddm/fls/r/src=11910764;type=gramm0;cat=gramm0;ord=6751340060560;gtm=45He33d0;auiddc=1719944168.1678896169;~oref=https%3A%2F%2Fwww.grammarly.com%2F--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: TDID=8b0e2d67-0720-4681-b24b-b03fab0a6605

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:51 GMT
content-type: text/html; charset=utf-8
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
set-cookie: TDID=8b0e2d67-0720-4681-b24b-b03fab0a6605; domain=.adsrvr.org; expires=Fri, 15-Mar-2024 15:02:51 GMT; path=/; secure; SameSite=None
set-cookie: TDCPM=CAESGQoKcmlnaHRtZWRpYRILCI7a6pqM3NI7EAUSFwoIYXBwbmV4dXMSCwiO2uqajNzSOxAFEhUKBmdvb2dsZRILCI7a6pqM3NI7EAUYBSgDMgsIjtLtx6Lc0jsQBUIPIg0IARIJCgV0aWVyMhABWgduMDJxMHJ4YAE.; domain=.adsrvr.org; expires=Fri, 15-Mar-2024 15:02:51 GMT; path=/; secure; SameSite=None
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
GET

https://match.adsrvr.org/track/cmb/generic?ttd_pid=1q65303&ttd_tpi=1

IEXPLORE.EXE

Remote address:

52.223.40.198:443

Request

GET /track/cmb/generic?ttd_pid=1q65303&ttd_tpi=1 HTTP/2.0
host: match.adsrvr.org
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: TDID=8b0e2d67-0720-4681-b24b-b03fab0a6605; TDCPM=CAEYBSgCMgsIwoPjx6Lc0jsQBTgB

Response

HTTP/2.0 302

date: Wed, 15 Mar 2023 15:02:51 GMT
content-type: text/html
content-length: 187
location: https://u.fg8dgt.com/ttdsync?ssp=ttd&tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
set-cookie: TDID=8b0e2d67-0720-4681-b24b-b03fab0a6605; domain=.adsrvr.org; expires=Fri, 15-Mar-2024 15:02:51 GMT; path=/; secure; SameSite=None
set-cookie: TDCPM=CAEYBSABKAIyCwjCg-PHotzSOxAFOAE.; domain=.adsrvr.org; expires=Fri, 15-Mar-2024 15:02:51 GMT; path=/; secure; SameSite=None
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
GET

https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=e1c0baff-2a44-4665-be4b-51968b49827b&google_gid=CAESEEdAtTRYjGxwU7Os-MQs1ug&google_cver=1

IEXPLORE.EXE

Remote address:

52.223.40.198:443

Request

GET /track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=e1c0baff-2a44-4665-be4b-51968b49827b&google_gid=CAESEEdAtTRYjGxwU7Os-MQs1ug&google_cver=1 HTTP/2.0
host: match.adsrvr.org
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://match.adsrvr.org/track/upb/?adv=h4ebcn2&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k03oi77&upv=1.1.0&OrderCost=undefined
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: TDID=8b0e2d67-0720-4681-b24b-b03fab0a6605; TDCPM=CAEYBSABKAIyCwjCg-PHotzSOxAFOAE.

Response

HTTP/2.0 302

date: Wed, 15 Mar 2023 15:02:52 GMT
content-type: text/html
content-length: 423
location: https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_hm=OGIwZTJkNjctMDcyMC00NjgxLWIyNGItYjAzZmFiMGE2NjA1&google_push&gdpr=0&gdpr_consent=&ttd_tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
set-cookie: TDID=8b0e2d67-0720-4681-b24b-b03fab0a6605; domain=.adsrvr.org; expires=Fri, 15-Mar-2024 15:02:52 GMT; path=/; secure; SameSite=None
set-cookie: TDCPM=CAESFQoGZ29vZ2xlEgsIxovMnozc0jsQBRgFIAIoAjILCMKD48ei3NI7EAU4AQ..; domain=.adsrvr.org; expires=Fri, 15-Mar-2024 15:02:52 GMT; path=/; secure; SameSite=None
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
GET

https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605&google_gid=CAESEEdAtTRYjGxwU7Os-MQs1ug&google_cver=1

IEXPLORE.EXE

Remote address:

52.223.40.198:443

Request

GET /track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605&google_gid=CAESEEdAtTRYjGxwU7Os-MQs1ug&google_cver=1 HTTP/2.0
host: match.adsrvr.org
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://match.adsrvr.org/track/upb/?adv=n02q0rx&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k6x8du5&upv=1.1.0
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: TDID=8b0e2d67-0720-4681-b24b-b03fab0a6605; TDCPM=CAEYBSABKAIyCwjCg-PHotzSOxAFOAE.

Response

HTTP/2.0 302

date: Wed, 15 Mar 2023 15:02:52 GMT
content-type: text/html
content-length: 423
location: https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_hm=OGIwZTJkNjctMDcyMC00NjgxLWIyNGItYjAzZmFiMGE2NjA1&google_push&gdpr=0&gdpr_consent=&ttd_tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
set-cookie: TDID=8b0e2d67-0720-4681-b24b-b03fab0a6605; domain=.adsrvr.org; expires=Fri, 15-Mar-2024 15:02:52 GMT; path=/; secure; SameSite=None
set-cookie: TDCPM=CAESFQoGZ29vZ2xlEgsI5Lbinozc0jsQBRgFIAIoAjILCMKD48ei3NI7EAU4AQ..; domain=.adsrvr.org; expires=Fri, 15-Mar-2024 15:02:52 GMT; path=/; secure; SameSite=None
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
GET

https://match.adsrvr.org/track/cmf/rubicon?gdpr=0

IEXPLORE.EXE

Remote address:

52.223.40.198:443

Request

GET /track/cmf/rubicon?gdpr=0 HTTP/2.0
host: match.adsrvr.org
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://match.adsrvr.org/track/upb/?adv=h4ebcn2&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k03oi77&upv=1.1.0&OrderCost=undefined
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: TDID=8b0e2d67-0720-4681-b24b-b03fab0a6605; TDCPM=CAESFQoGZ29vZ2xlEgsI5Lbinozc0jsQBRgFIAIoAjILCMKD48ei3NI7EAU4AQ..

Response

HTTP/2.0 302

date: Wed, 15 Mar 2023 15:02:52 GMT
content-type: text/html
content-length: 289
location: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=8b0e2d67-0720-4681-b24b-b03fab0a6605&gdpr=0&gdpr_consent=&expires=30
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
set-cookie: TDID=8b0e2d67-0720-4681-b24b-b03fab0a6605; domain=.adsrvr.org; expires=Fri, 15-Mar-2024 15:02:52 GMT; path=/; secure; SameSite=None
set-cookie: TDCPM=CAESFQoGZ29vZ2xlEgsI5Lbinozc0jsQBRIWCgdydWJpY29uEgsI-q_Dn4zc0jsQBRgFIAMoAjILCMKD48ei3NI7EAU4AQ..; domain=.adsrvr.org; expires=Fri, 15-Mar-2024 15:02:52 GMT; path=/; secure; SameSite=None
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
GET

https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=4847311572849152267&ttd_tdid=e1c0baff-2a44-4665-be4b-51968b49827b

IEXPLORE.EXE

Remote address:

52.223.40.198:443

Request

GET /track/cmf/appnexus?ttd=1&anid=4847311572849152267&ttd_tdid=e1c0baff-2a44-4665-be4b-51968b49827b HTTP/2.0
host: match.adsrvr.org
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://match.adsrvr.org/track/upb/?adv=h4ebcn2&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k03oi77&upv=1.1.0&OrderCost=undefined
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: TDID=8b0e2d67-0720-4681-b24b-b03fab0a6605; TDCPM=CAESFQoGZ29vZ2xlEgsI5Lbinozc0jsQBRIWCgdydWJpY29uEgsI-q_Dn4zc0jsQBRgFIAMoAjILCMKD48ei3NI7EAU4AQ..

Response

HTTP/2.0 302

date: Wed, 15 Mar 2023 15:02:52 GMT
content-type: text/html
content-length: 231
location: https://ib.adnxs.com/setuid?entity=82&code=8b0e2d67-0720-4681-b24b-b03fab0a6605&gdpr=0&gdpr_consent=
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
set-cookie: TDID=8b0e2d67-0720-4681-b24b-b03fab0a6605; domain=.adsrvr.org; expires=Fri, 15-Mar-2024 15:02:52 GMT; path=/; secure; SameSite=None
set-cookie: TDCPM=CAESFQoGZ29vZ2xlEgsI5Lbinozc0jsQBRIWCgdydWJpY29uEgsI-q_Dn4zc0jsQBRIXCghhcHBuZXh1cxILCO73nqGM3NI7EAUYBSAEKAIyCwjCg-PHotzSOxAFOAE.; domain=.adsrvr.org; expires=Fri, 15-Mar-2024 15:02:52 GMT; path=/; secure; SameSite=None
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
GET

https://match.adsrvr.org/track/cmf/generic?ttd_pid=rightmedia&yahoo_id=y-gk7vHZ5E2uKntKwIsMYvwN5NDR7SkNo-~A&gdpr=0

IEXPLORE.EXE

Remote address:

52.223.40.198:443

Request

GET /track/cmf/generic?ttd_pid=rightmedia&yahoo_id=y-gk7vHZ5E2uKntKwIsMYvwN5NDR7SkNo-~A&gdpr=0 HTTP/2.0
host: match.adsrvr.org
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://match.adsrvr.org/track/upb/?adv=n02q0rx&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k6x8du5&upv=1.1.0
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: TDID=8b0e2d67-0720-4681-b24b-b03fab0a6605; TDCPM=CAESFQoGZ29vZ2xlEgsI5Lbinozc0jsQBRIWCgdydWJpY29uEgsI-q_Dn4zc0jsQBRIXCghhcHBuZXh1cxILCO73nqGM3NI7EAUYBSAEKAIyCwjCg-PHotzSOxAFOAE.

Response

HTTP/2.0 302

date: Wed, 15 Mar 2023 15:02:52 GMT
content-type: text/html
content-length: 267
location: https://ups.analytics.yahoo.com/ups/55953/sync?uid=8b0e2d67-0720-4681-b24b-b03fab0a6605&_origin=0&gdpr=0&gdpr_consent=
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
set-cookie: TDID=8b0e2d67-0720-4681-b24b-b03fab0a6605; domain=.adsrvr.org; expires=Fri, 15-Mar-2024 15:02:52 GMT; path=/; secure; SameSite=None
set-cookie: TDCPM=CAESFQoGZ29vZ2xlEgsI5Lbinozc0jsQBRIWCgdydWJpY29uEgsI-q_Dn4zc0jsQBRIXCghhcHBuZXh1cxILCO73nqGM3NI7EAUSGQoKcmlnaHRtZWRpYRILCJa44KKM3NI7EAUYBSAFKAIyCwjCg-PHotzSOxAFOAE.; domain=.adsrvr.org; expires=Fri, 15-Mar-2024 15:02:52 GMT; path=/; secure; SameSite=None
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
GET

https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=4847311572849152267&ttd_tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605

IEXPLORE.EXE

Remote address:

52.223.40.198:443

Request

GET /track/cmf/appnexus?ttd=1&anid=4847311572849152267&ttd_tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605 HTTP/2.0
host: match.adsrvr.org
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://match.adsrvr.org/track/upb/?adv=n02q0rx&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k6x8du5&upv=1.1.0
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: TDID=8b0e2d67-0720-4681-b24b-b03fab0a6605; TDCPM=CAESFQoGZ29vZ2xlEgsI5Lbinozc0jsQBRIWCgdydWJpY29uEgsI-q_Dn4zc0jsQBRIXCghhcHBuZXh1cxILCO73nqGM3NI7EAUYBSAEKAIyCwjCg-PHotzSOxAFOAE.

Response

HTTP/2.0 302

date: Wed, 15 Mar 2023 15:02:52 GMT
content-type: text/html
content-length: 231
location: https://ib.adnxs.com/setuid?entity=82&code=8b0e2d67-0720-4681-b24b-b03fab0a6605&gdpr=0&gdpr_consent=
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
set-cookie: TDID=8b0e2d67-0720-4681-b24b-b03fab0a6605; domain=.adsrvr.org; expires=Fri, 15-Mar-2024 15:02:52 GMT; path=/; secure; SameSite=None
set-cookie: TDCPM=CAESFQoGZ29vZ2xlEgsI5Lbinozc0jsQBRIWCgdydWJpY29uEgsI-q_Dn4zc0jsQBRIXCghhcHBuZXh1cxILCNTQ-KKM3NI7EAUYBSAFKAIyCwjCg-PHotzSOxAFOAE.; domain=.adsrvr.org; expires=Fri, 15-Mar-2024 15:02:52 GMT; path=/; secure; SameSite=None
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
GET

https://action.dstillery.com/orbserv/nsjs?adv=cl163664677529317&ns=6532&nc=Grammarly-ConsumerSiteVisit&ncv=58

IEXPLORE.EXE

Remote address:

104.18.23.234:443

Request

GET /orbserv/nsjs?adv=cl163664677529317&ns=6532&nc=Grammarly-ConsumerSiteVisit&ncv=58 HTTP/2.0
host: action.dstillery.com
accept: application/javascript, */*;q=0.8
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 302

date: Wed, 15 Mar 2023 15:02:52 GMT
content-type: text/html; charset=iso-8859-1
location: https://action.media6degrees.com/orbserv/nsjs?adv=cl163664677529317&ns=6532&nc=Grammarly-ConsumerSiteVisit&ncv=58
access-control-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7a85a3ce8a83b7df-AMS
GET

https://idsync.rlcdn.com/458319.gif?partner_uid=

IEXPLORE.EXE

Remote address:

35.190.60.146:443

Request

GET /458319.gif?partner_uid= HTTP/2.0
host: idsync.rlcdn.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 400

content-type: text/plain; charset=utf-8
x-content-type-options: nosniff
date: Wed, 15 Mar 2023 15:02:52 GMT
content-length: 23
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

cm.g.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cm.g.doubleclick.net

IN A

Response

cm.g.doubleclick.net

IN A

142.251.36.34
DNS

cm.g.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cm.g.doubleclick.net

IN A

Response

cm.g.doubleclick.net

IN A

142.251.36.34
GET

https://cm.g.doubleclick.net/pixel?google_nid=adtheorent&google_hm=dNlPksNCEe2gIxJtpCvJYw&google_redir=https%3A%2F%2Frtb.adentifi.com%2FCookieSyncAdXCheck&google_ula=6802874232

IEXPLORE.EXE

Remote address:

142.251.36.34:443

Request

GET /pixel?google_nid=adtheorent&google_hm=dNlPksNCEe2gIxJtpCvJYw&google_redir=https%3A%2F%2Frtb.adentifi.com%2FCookieSyncAdXCheck&google_ula=6802874232 HTTP/2.0
host: cm.g.doubleclick.net
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: IDE=AHWqTUlBrKa0T0OBPyR0T9GCyV_ylWC0F3Zsp8KVptLKv2MA3lnpdVMEaNMtGXwb8yw

Response

HTTP/2.0 302

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=e1c0baff-2a44-4665-be4b-51968b49827b&google_gid=CAESEEdAtTRYjGxwU7Os-MQs1ug&google_cver=1
date: Wed, 15 Mar 2023 15:02:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 386
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=ZTFjMGJhZmYtMmE0NC00NjY1LWJlNGItNTE5NjhiNDk4Mjdi&gdpr=0&gdpr_consent=&ttd_tdid=e1c0baff-2a44-4665-be4b-51968b49827b

IEXPLORE.EXE

Remote address:

142.251.36.34:443

Request

GET /pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=ZTFjMGJhZmYtMmE0NC00NjY1LWJlNGItNTE5NjhiNDk4Mjdi&gdpr=0&gdpr_consent=&ttd_tdid=e1c0baff-2a44-4665-be4b-51968b49827b HTTP/2.0
host: cm.g.doubleclick.net
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://match.adsrvr.org/track/upb/?adv=h4ebcn2&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k03oi77&upv=1.1.0&OrderCost=undefined
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: IDE=AHWqTUlBrKa0T0OBPyR0T9GCyV_ylWC0F3Zsp8KVptLKv2MA3lnpdVMEaNMtGXwb8yw

Response

HTTP/2.0 302

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605&google_gid=CAESEEdAtTRYjGxwU7Os-MQs1ug&google_cver=1
date: Wed, 15 Mar 2023 15:02:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 386
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=OGIwZTJkNjctMDcyMC00NjgxLWIyNGItYjAzZmFiMGE2NjA1&gdpr=0&gdpr_consent=&ttd_tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605

IEXPLORE.EXE

Remote address:

142.251.36.34:443

Request

GET /pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=OGIwZTJkNjctMDcyMC00NjgxLWIyNGItYjAzZmFiMGE2NjA1&gdpr=0&gdpr_consent=&ttd_tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605 HTTP/2.0
host: cm.g.doubleclick.net
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://match.adsrvr.org/track/upb/?adv=n02q0rx&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k6x8du5&upv=1.1.0
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: IDE=AHWqTUlBrKa0T0OBPyR0T9GCyV_ylWC0F3Zsp8KVptLKv2MA3lnpdVMEaNMtGXwb8yw

Response

HTTP/2.0 302

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://rtb.adentifi.com/CookieSyncAdXCheck?google_ula=6802874232,2
date: Wed, 15 Mar 2023 15:02:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 264
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_hm=OGIwZTJkNjctMDcyMC00NjgxLWIyNGItYjAzZmFiMGE2NjA1&google_push&gdpr=0&gdpr_consent=&ttd_tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605

IEXPLORE.EXE

Remote address:

142.251.36.34:443

Request

GET /pixel?google_nid=TheTradeDesk&google_hm=OGIwZTJkNjctMDcyMC00NjgxLWIyNGItYjAzZmFiMGE2NjA1&google_push&gdpr=0&gdpr_consent=&ttd_tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605 HTTP/2.0
host: cm.g.doubleclick.net
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://match.adsrvr.org/track/upb/?adv=h4ebcn2&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k03oi77&upv=1.1.0&OrderCost=undefined
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: IDE=AHWqTUlBrKa0T0OBPyR0T9GCyV_ylWC0F3Zsp8KVptLKv2MA3lnpdVMEaNMtGXwb8yw

Response

HTTP/2.0 200

content-type: image/png
date: Wed, 15 Mar 2023 15:02:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_hm=OGIwZTJkNjctMDcyMC00NjgxLWIyNGItYjAzZmFiMGE2NjA1&google_push&gdpr=0&gdpr_consent=&ttd_tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605

IEXPLORE.EXE

Remote address:

142.251.36.34:443

Request

GET /pixel?google_nid=TheTradeDesk&google_hm=OGIwZTJkNjctMDcyMC00NjgxLWIyNGItYjAzZmFiMGE2NjA1&google_push&gdpr=0&gdpr_consent=&ttd_tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605 HTTP/2.0
host: cm.g.doubleclick.net
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://match.adsrvr.org/track/upb/?adv=n02q0rx&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k6x8du5&upv=1.1.0
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: IDE=AHWqTUlBrKa0T0OBPyR0T9GCyV_ylWC0F3Zsp8KVptLKv2MA3lnpdVMEaNMtGXwb8yw

Response

HTTP/2.0 200

content-type: image/png
date: Wed, 15 Mar 2023 15:02:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

pixel.rubiconproject.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

pixel.rubiconproject.com

IN A

Response

pixel.rubiconproject.com

IN CNAME

pixel.rubiconproject.net.akadns.net

pixel.rubiconproject.net.akadns.net

IN A

213.19.162.80

pixel.rubiconproject.net.akadns.net

IN A

213.19.162.90
DNS

pixel.rubiconproject.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

pixel.rubiconproject.com

IN A

Response

pixel.rubiconproject.com

IN CNAME

pixel.rubiconproject.net.akadns.net

pixel.rubiconproject.net.akadns.net

IN A

213.19.162.90

pixel.rubiconproject.net.akadns.net

IN A

213.19.162.80
DNS

ib.adnxs.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ib.adnxs.com

IN A

Response

ib.adnxs.com

IN CNAME

g.geogslb.com

g.geogslb.com

IN CNAME

ib.anycast.adnxs.com

ib.anycast.adnxs.com

IN A

185.89.211.116

ib.anycast.adnxs.com

IN A

185.89.210.244

ib.anycast.adnxs.com

IN A

185.89.210.141

ib.anycast.adnxs.com

IN A

185.89.211.132

ib.anycast.adnxs.com

IN A

185.89.210.20

ib.anycast.adnxs.com

IN A

185.89.211.12

ib.anycast.adnxs.com

IN A

185.83.142.19

ib.anycast.adnxs.com

IN A

185.89.210.90

ib.anycast.adnxs.com

IN A

185.89.210.212

ib.anycast.adnxs.com

IN A

185.89.210.180

ib.anycast.adnxs.com

IN A

185.89.211.84

ib.anycast.adnxs.com

IN A

185.89.210.46
DNS

ib.adnxs.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ib.adnxs.com

IN A

Response

ib.adnxs.com

IN CNAME

g.geogslb.com

g.geogslb.com

IN CNAME

ib.anycast.adnxs.com

ib.anycast.adnxs.com

IN A

185.89.211.116

ib.anycast.adnxs.com

IN A

185.89.210.244

ib.anycast.adnxs.com

IN A

185.89.210.141

ib.anycast.adnxs.com

IN A

185.89.211.132

ib.anycast.adnxs.com

IN A

185.89.210.20

ib.anycast.adnxs.com

IN A

185.89.211.12

ib.anycast.adnxs.com

IN A

185.83.142.19

ib.anycast.adnxs.com

IN A

185.89.210.90

ib.anycast.adnxs.com

IN A

185.89.210.212

ib.anycast.adnxs.com

IN A

185.89.210.180

ib.anycast.adnxs.com

IN A

185.89.211.84

ib.anycast.adnxs.com

IN A

185.89.210.46
DNS

ups.analytics.yahoo.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ups.analytics.yahoo.com

IN A

Response

ups.analytics.yahoo.com

IN CNAME

prod.ups-ats.aolp-ds-prd.aws.oath.cloud

prod.ups-ats.aolp-ds-prd.aws.oath.cloud

IN CNAME

prod.ups-ats.eu-central-1.aolp-ds-prd.aws.oath.cloud

prod.ups-ats.eu-central-1.aolp-ds-prd.aws.oath.cloud

IN CNAME

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

IN A

3.75.62.37

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

IN A

3.71.149.231
GET

https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=e1c0baff-2a44-4665-be4b-51968b49827b&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon

IEXPLORE.EXE

Remote address:

213.19.162.80:443

Request

GET /tap.php?v=8981&nid=2307&put=e1c0baff-2a44-4665-be4b-51968b49827b&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: https://match.adsrvr.org/track/upb/?adv=h4ebcn2&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k03oi77&upv=1.1.0&OrderCost=undefined
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pixel.rubiconproject.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 17c962550296893d145ef1b8078fc6d6
Location: https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
Content-Type: text/html
content-length: 0
set-cookie: khaos=LF9TAFOM-X-8WE9; Max-Age=31536000; Expires=Thu, 14 Mar 2024 15:02:52 GMT; Path=/; Domain=.rubiconproject.com; Secure; SameSite=None
set-cookie: audit=1|LMyD66CWRDFIbW5KZslMgDjcmCOCLtbPxRBZktD26TBEVnmBfT5nq9TvAHYh5H/BxSRwo6OtpOOM1KxoLazIt9i2Wk5FrGos0XY24Ec+XLsfcOGddcFiGH6PWGi0S1scs1wlinuId1kFzX7i1shXFkyvxq9veANnweJ0Jmvi3i5bOz6AjJtUa8ZnH3r7x5VAdeodiyl5GGjkt77VmXBK7kiCfUmSYXqD+ohH/uuQN8oOr/S07bYDcYQkZmofZQkSVSwKu1RXSJT0/fhu8/pkBO4VeIulq+4M1TRwmTZWV3Xc6UO785F0Pw==; Max-Age=31536000; Expires=Thu, 14 Mar 2024 15:02:52 GMT; Path=/; Domain=.rubiconproject.com; Secure; SameSite=None
GET

https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=8b0e2d67-0720-4681-b24b-b03fab0a6605&gdpr=0&gdpr_consent=&expires=30

IEXPLORE.EXE

Remote address:

213.19.162.80:443

Request

GET /tap.php?v=8981&nid=2307&put=8b0e2d67-0720-4681-b24b-b03fab0a6605&gdpr=0&gdpr_consent=&expires=30 HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: https://match.adsrvr.org/track/upb/?adv=h4ebcn2&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k03oi77&upv=1.1.0&OrderCost=undefined
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: pixel.rubiconproject.com
Cookie: khaos=LF9TAFOM-X-8WE9; audit=1|LMyD66CWRDFIbW5KZslMgDjcmCOCLtbPxRBZktD26TBEVnmBfT5nq9TvAHYh5H/BxSRwo6OtpOOM1KxoLazIt9i2Wk5FrGos0XY24Ec+XLsfcOGddcFiGH6PWGi0S1scs1wlinuId1kFzX7i1shXFkyvxq9veANnweJ0Jmvi3i5bOz6AjJtUa8ZnH3r7x5VAdeodiyl5GGjkt77VmXBK7kiCfUmSYXqD+ohH/uuQN8oOr/S07bYDcYQkZmofZQkSVSwKu1RXSJT0/fhu8/pkBO4VeIulq+4M1TRwmTZWV3Xc6UO785F0Pw==

Response

HTTP/1.1 200 OK

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 17c962550296893d145ef1b8078fc6d6
Content-Type: image/gif
content-length: 42
set-cookie: khaos=LF9TAFOM-X-8WE9; Max-Age=31536000; Expires=Thu, 14 Mar 2024 15:02:52 GMT; Path=/; Domain=.rubiconproject.com; Secure; SameSite=None
set-cookie: audit=1|LMyD66CWRDFIbW5KZslMgDjcmCOCLtbPxRBZktD26TBEVnmBfT5nq9TvAHYh5H/Bd12Wzun/UOiM1KxoLazIt9i2Wk5FrGos0XY24Ec+XLsfcOGddcFiGH6PWGi0S1scs1wlinuId1kFzX7i1shXFkyvxq9veANnweJ0Jmvi3i5bOz6AjJtUa8ZnH3r7x5VAdeodiyl5GGjkt77VmXBK7kiCfUmSYXqD+ohH/uuQN8oOr/S07bYDcYQkZmofZQkSVSwKu1RXSJT0/fhu8/pkBO4VeIulq+4M1TRwmTZWV3Xc6UO785F0Pw==; Max-Age=31536000; Expires=Thu, 14 Mar 2024 15:02:52 GMT; Path=/; Domain=.rubiconproject.com; Secure; SameSite=None
GET

https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605

IEXPLORE.EXE

Remote address:

185.89.211.116:443

Request

GET /getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605 HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: https://match.adsrvr.org/track/upb/?adv=n02q0rx&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k6x8du5&upv=1.1.0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ib.adnxs.com
Connection: Keep-Alive

Response

HTTP/1.1 307 Redirection

Server: nginx/1.21.3
Date: Wed, 15 Mar 2023 15:02:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fmatch.adsrvr.org%252ftrack%252fcmf%252fappnexus%253fttd%253d1%2526anid%253d%2524UID%26ttd_tdid%3D8b0e2d67-0720-4681-b24b-b03fab0a6605
AN-X-Request-Uuid: a5006f82-dbca-4a65-85a0-4eb4847c354f
Set-Cookie: uuid2=4847311572849152267; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 13-Jun-2023 15:02:52 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 154.61.71.13; 154.61.71.13; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
GET

https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fmatch.adsrvr.org%252ftrack%252fcmf%252fappnexus%253fttd%253d1%2526anid%253d%2524UID%26ttd_tdid%3D8b0e2d67-0720-4681-b24b-b03fab0a6605

IEXPLORE.EXE

Remote address:

185.89.211.116:443

Request

GET /bounce?%2Fgetuid%3Fhttps%253a%252f%252fmatch.adsrvr.org%252ftrack%252fcmf%252fappnexus%253fttd%253d1%2526anid%253d%2524UID%26ttd_tdid%3D8b0e2d67-0720-4681-b24b-b03fab0a6605 HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: https://match.adsrvr.org/track/upb/?adv=n02q0rx&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k6x8du5&upv=1.1.0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ib.adnxs.com
Connection: Keep-Alive
Cookie: uuid2=4847311572849152267

Response

HTTP/1.1 302 Found

Server: nginx/1.21.3
Date: Wed, 15 Mar 2023 15:02:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=4847311572849152267&ttd_tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605
AN-X-Request-Uuid: 9889a213-9469-415f-94de-a5c8674912d8
Set-Cookie: uuid2=4847311572849152267; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 13-Jun-2023 15:02:52 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 154.61.71.13; 154.61.71.13; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
GET

https://ib.adnxs.com/setuid?entity=82&code=8b0e2d67-0720-4681-b24b-b03fab0a6605&gdpr=0&gdpr_consent=

IEXPLORE.EXE

Remote address:

185.89.211.116:443

Request

GET /setuid?entity=82&code=8b0e2d67-0720-4681-b24b-b03fab0a6605&gdpr=0&gdpr_consent= HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: https://match.adsrvr.org/track/upb/?adv=n02q0rx&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k6x8du5&upv=1.1.0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: ib.adnxs.com
Cookie: uuid2=4847311572849152267; anj=dTM7k!M4.FEVNsVF']wIg2GVJ<+LXV!@wnfH1YvwOQgD(=Bw-x.Svr_g_wh<lwQg7e9C*u5u)/i<R7h/6'_q/.SWI[ck7cjX(Y75/X%W#.wL4W1Qw3-4+Ax6

Response

HTTP/1.1 200 OK

Server: nginx/1.21.3
Date: Wed, 15 Mar 2023 15:02:52 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: ad7f849e-b457-4c2f-b004-9e583e84cf79
Set-Cookie: anj=dTM7k!M4.FEVNsVF']wIg2GVJ<+LXV!@wnfH1YvwOQgD(=Bw-x.Svr_g_wh<lwQg7e9C*u5u)/i<R7h/6'_q/.SWI[ck7cjX(Y75/X%W#.wL4W1Qw3-4+Ax6; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 13-Jun-2023 15:02:52 GMT; Domain=.adnxs.com; Secure; HttpOnly
Set-Cookie: uuid2=4847311572849152267; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 13-Jun-2023 15:02:52 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 154.61.71.13; 154.61.71.13; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
GET

https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=e1c0baff-2a44-4665-be4b-51968b49827b

IEXPLORE.EXE

Remote address:

185.89.211.116:443

Request

GET /getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=e1c0baff-2a44-4665-be4b-51968b49827b HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: https://match.adsrvr.org/track/upb/?adv=h4ebcn2&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k03oi77&upv=1.1.0&OrderCost=undefined
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ib.adnxs.com
Connection: Keep-Alive

Response

HTTP/1.1 307 Redirection

Server: nginx/1.21.3
Date: Wed, 15 Mar 2023 15:02:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fmatch.adsrvr.org%252ftrack%252fcmf%252fappnexus%253fttd%253d1%2526anid%253d%2524UID%26ttd_tdid%3De1c0baff-2a44-4665-be4b-51968b49827b
AN-X-Request-Uuid: 0e6c888f-0fb4-4d33-9e57-ef52e291360a
Set-Cookie: uuid2=8260876025994550830; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 13-Jun-2023 15:02:52 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 154.61.71.13; 154.61.71.13; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
GET

https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fmatch.adsrvr.org%252ftrack%252fcmf%252fappnexus%253fttd%253d1%2526anid%253d%2524UID%26ttd_tdid%3De1c0baff-2a44-4665-be4b-51968b49827b

IEXPLORE.EXE

Remote address:

185.89.211.116:443

Request

GET /bounce?%2Fgetuid%3Fhttps%253a%252f%252fmatch.adsrvr.org%252ftrack%252fcmf%252fappnexus%253fttd%253d1%2526anid%253d%2524UID%26ttd_tdid%3De1c0baff-2a44-4665-be4b-51968b49827b HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: https://match.adsrvr.org/track/upb/?adv=h4ebcn2&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k03oi77&upv=1.1.0&OrderCost=undefined
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ib.adnxs.com
Connection: Keep-Alive
Cookie: uuid2=4847311572849152267

Response

HTTP/1.1 302 Found

Server: nginx/1.21.3
Date: Wed, 15 Mar 2023 15:02:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=4847311572849152267&ttd_tdid=e1c0baff-2a44-4665-be4b-51968b49827b
AN-X-Request-Uuid: bfcbaacf-4768-495b-9c16-ca32d636f300
Set-Cookie: uuid2=4847311572849152267; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 13-Jun-2023 15:02:52 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 154.61.71.13; 154.61.71.13; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
GET

https://ib.adnxs.com/setuid?entity=82&code=8b0e2d67-0720-4681-b24b-b03fab0a6605&gdpr=0&gdpr_consent=

IEXPLORE.EXE

Remote address:

185.89.211.116:443

Request

GET /setuid?entity=82&code=8b0e2d67-0720-4681-b24b-b03fab0a6605&gdpr=0&gdpr_consent= HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: https://match.adsrvr.org/track/upb/?adv=h4ebcn2&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k03oi77&upv=1.1.0&OrderCost=undefined
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: ib.adnxs.com
Cookie: uuid2=4847311572849152267

Response

HTTP/1.1 200 OK

Server: nginx/1.21.3
Date: Wed, 15 Mar 2023 15:02:52 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 79770d9c-40a0-4bd7-bac5-8ebe91173e04
Set-Cookie: anj=dTM7k!M4.FEVNsVF']wIg2GVJ<+LXV!@wnfH1YvwOQgD(=Bw-x.Svr_g_wh<lwQg7e9C*u5u)/i<R7h/6'_q/.SWI[ck7cjX(Y75/X%W#.wL4W1Qw3-4+Ax6; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 13-Jun-2023 15:02:52 GMT; Domain=.adnxs.com; Secure; HttpOnly
Set-Cookie: uuid2=4847311572849152267; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 13-Jun-2023 15:02:52 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 154.61.71.13; 154.61.71.13; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
GET

https://ups.analytics.yahoo.com/ups/55953/sync?uid=8b0e2d67-0720-4681-b24b-b03fab0a6605&_origin=1&redir=true&gdpr=0&gdpr_consent=

IEXPLORE.EXE

Remote address:

3.75.62.37:443

Request

GET /ups/55953/sync?uid=8b0e2d67-0720-4681-b24b-b03fab0a6605&_origin=1&redir=true&gdpr=0&gdpr_consent= HTTP/2.0
host: ups.analytics.yahoo.com
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://match.adsrvr.org/track/upb/?adv=n02q0rx&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k6x8du5&upv=1.1.0
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: A3=d=AQABBBveEWQCEN9yEiWrnfwcFpP11pWbyToFEgEBAQEvE2QbZAAAAAAA_eMAAA&S=AQAAAq2gxpAk6SITCvM--4b0CS0

Response

HTTP/2.0 302

date: Wed, 15 Mar 2023 15:02:52 GMT
content-length: 0
strict-transport-security: max-age=31536000
set-cookie: IDSYNC=1769~2aj3;Version=1;Domain=.analytics.yahoo.com;Path=/;Max-Age=31536000;Expires=Thu, 14-Mar-2024 15:02:52 GMT;Secure;SameSite=None
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=rightmedia&yahoo_id=y-gk7vHZ5E2uKntKwIsMYvwN5NDR7SkNo-~A&gdpr=0
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBBveEWQCEN9yEiWrnfwcFpP11pWbyToFEgEBAQEvE2QbZAAAAAAA_eMAAA&S=AQAAAq2gxpAk6SITCvM--4b0CS0; Expires=Thu, 14 Mar 2024 21:02:52 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
GET

https://ups.analytics.yahoo.com/ups/55953/sync?uid=8b0e2d67-0720-4681-b24b-b03fab0a6605&_origin=0&gdpr=0&gdpr_consent=

IEXPLORE.EXE

Remote address:

3.75.62.37:443

Request

GET /ups/55953/sync?uid=8b0e2d67-0720-4681-b24b-b03fab0a6605&_origin=0&gdpr=0&gdpr_consent= HTTP/2.0
host: ups.analytics.yahoo.com
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://match.adsrvr.org/track/upb/?adv=n02q0rx&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k6x8du5&upv=1.1.0
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: A3=d=AQABBBveEWQCEN9yEiWrnfwcFpP11pWbyToFEgEBAQEvE2QbZAAAAAAA_eMAAA&S=AQAAAq2gxpAk6SITCvM--4b0CS0; IDSYNC=1769~2aj3

Response

HTTP/2.0 204

date: Wed, 15 Mar 2023 15:02:52 GMT
strict-transport-security: max-age=31536000
set-cookie: IDSYNC=1769~2aj3;Version=1;Domain=.analytics.yahoo.com;Path=/;Max-Age=31536000;Expires=Thu, 14-Mar-2024 15:02:52 GMT;Secure;SameSite=None
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBBveEWQCEN9yEiWrnfwcFpP11pWbyToFEgEBAQEvE2QbZAAAAAAA_eMAAA&S=AQAAAq2gxpAk6SITCvM--4b0CS0; Expires=Thu, 14 Mar 2024 21:02:52 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
GET

https://ups.analytics.yahoo.com/ups/55953/sync?uid=8b0e2d67-0720-4681-b24b-b03fab0a6605&_origin=0&gdpr=0&gdpr_consent=

IEXPLORE.EXE

Remote address:

3.75.62.37:443

Request

GET /ups/55953/sync?uid=8b0e2d67-0720-4681-b24b-b03fab0a6605&_origin=0&gdpr=0&gdpr_consent= HTTP/2.0
host: ups.analytics.yahoo.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: A3=d=AQABBBveEWQCEN9yEiWrnfwcFpP11pWbyToFEgEBAQEvE2QbZAAAAAAA_eMAAA&S=AQAAAq2gxpAk6SITCvM--4b0CS0; IDSYNC=1769~2aj3

Response

HTTP/2.0 204

date: Wed, 15 Mar 2023 15:02:52 GMT
strict-transport-security: max-age=31536000
set-cookie: IDSYNC=1769~2aj3;Version=1;Domain=.analytics.yahoo.com;Path=/;Max-Age=31536000;Expires=Thu, 14-Mar-2024 15:02:52 GMT;Secure;SameSite=None
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBBveEWQCEN9yEiWrnfwcFpP11pWbyToFEgEBAQEvE2QbZAAAAAAA_eMAAA&S=AQAAAq2gxpAk6SITCvM--4b0CS0; Expires=Thu, 14 Mar 2024 21:02:52 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
DNS

100.39.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

100.39.251.142.in-addr.arpa

IN PTR

Response

100.39.251.142.in-addr.arpa

IN PTR

ams15s48-in-f41e100net
DNS

100.39.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

100.39.251.142.in-addr.arpa

IN PTR

Response

100.39.251.142.in-addr.arpa

IN PTR

ams15s48-in-f41e100net
DNS

68.32.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.32.18.104.in-addr.arpa

IN PTR

Response
DNS

68.32.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.32.18.104.in-addr.arpa

IN PTR

Response
DNS

181.34.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

181.34.239.216.in-addr.arpa

IN PTR

Response
DNS

181.34.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

181.34.239.216.in-addr.arpa

IN PTR

Response
DNS

14.43.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.43.107.13.in-addr.arpa

IN PTR

Response
DNS

14.43.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.43.107.13.in-addr.arpa

IN PTR

Response
DNS

162.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

162.179.250.142.in-addr.arpa

IN PTR

Response

162.179.250.142.in-addr.arpa

IN PTR

ams15s41-in-f21e100net
DNS

162.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

162.179.250.142.in-addr.arpa

IN PTR

Response

162.179.250.142.in-addr.arpa

IN PTR

ams15s41-in-f21e100net
DNS

181.100.82.212.in-addr.arpa

Remote address:

8.8.8.8:53

Request

181.100.82.212.in-addr.arpa

IN PTR

Response

181.100.82.212.in-addr.arpa

IN PTR

spdcpbpvipir2yahoocom
DNS

181.100.82.212.in-addr.arpa

Remote address:

8.8.8.8:53

Request

181.100.82.212.in-addr.arpa

IN PTR

Response

181.100.82.212.in-addr.arpa

IN PTR

spdcpbpvipir2yahoocom
DNS

198.40.223.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.40.223.52.in-addr.arpa

IN PTR

Response

198.40.223.52.in-addr.arpa

IN PTR

a6370ebea231e0c9aawsglobalacceleratorcom
DNS

54.36.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

54.36.239.216.in-addr.arpa

IN PTR

Response
DNS

54.36.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

54.36.239.216.in-addr.arpa

IN PTR

Response
DNS

206.115.237.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.115.237.34.in-addr.arpa

IN PTR

Response

206.115.237.34.in-addr.arpa

IN PTR

ec2-34-237-115-206 compute-1 amazonawscom
DNS

226.20.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.20.18.104.in-addr.arpa

IN PTR

Response
DNS

146.60.190.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.60.190.35.in-addr.arpa

IN PTR

Response

146.60.190.35.in-addr.arpa

IN PTR

1466019035bcgoogleusercontentcom
DNS

146.60.190.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.60.190.35.in-addr.arpa

IN PTR

Response

146.60.190.35.in-addr.arpa

IN PTR

1466019035bcgoogleusercontentcom
DNS

234.23.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.23.18.104.in-addr.arpa

IN PTR

Response
DNS

116.211.89.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

116.211.89.185.in-addr.arpa

IN PTR

Response

116.211.89.185.in-addr.arpa

IN PTR

956bm-nginx-loadbalancermgmtams3adnexusnet
DNS

34.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.36.251.142.in-addr.arpa

IN PTR

Response

34.36.251.142.in-addr.arpa

IN PTR

ams17s12-in-f21e100net
DNS

80.162.19.213.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.162.19.213.in-addr.arpa

IN PTR

Response
DNS

80.162.19.213.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.162.19.213.in-addr.arpa

IN PTR

Response
DNS

37.62.75.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

37.62.75.3.in-addr.arpa

IN PTR

Response

37.62.75.3.in-addr.arpa

IN PTR

ec2-3-75-62-37eu-central-1compute amazonawscom
DNS

37.62.75.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

37.62.75.3.in-addr.arpa

IN PTR

Response

37.62.75.3.in-addr.arpa

IN PTR

ec2-3-75-62-37eu-central-1compute amazonawscom
DNS

action.media6degrees.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

action.media6degrees.com

IN A

Response

action.media6degrees.com

IN CNAME

action.media6degrees.com.cdn.cloudflare.net

action.media6degrees.com.cdn.cloudflare.net

IN A

104.18.23.234

action.media6degrees.com.cdn.cloudflare.net

IN A

104.18.22.234
DNS

action.media6degrees.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

action.media6degrees.com

IN A

Response

action.media6degrees.com

IN CNAME

action.media6degrees.com.cdn.cloudflare.net

action.media6degrees.com.cdn.cloudflare.net

IN A

104.18.22.234

action.media6degrees.com.cdn.cloudflare.net

IN A

104.18.23.234
GET

https://action.media6degrees.com/orbserv/nsjs?adv=cl163664677529317&ns=6532&nc=Grammarly-ConsumerSiteVisit&ncv=58

IEXPLORE.EXE

Remote address:

104.18.23.234:443

Request

GET /orbserv/nsjs?adv=cl163664677529317&ns=6532&nc=Grammarly-ConsumerSiteVisit&ncv=58 HTTP/2.0
host: action.media6degrees.com
accept: application/javascript, */*;q=0.8
referer: https://www.grammarly.com/--
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 15 Mar 2023 15:02:52 GMT
content-type: text/html;charset=ISO-8859-1
p3p: CP="COM NAV INT STA NID OUR IND NOI"
pragma: no-cache
cache-control: no-cache
content-language: en-US
set-cookie: clid=2rrkhss01170sfccbe5k23re0000000122010b01301; Domain=media6degrees.com; Expires=Mon, 11-Sep-2023 15:02:52 GMT; Path=/; Secure; SameSite=None
set-cookie: sglst=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=None
set-cookie: rdrlst=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=None
set-cookie: acs=012020k1rrkhssxzt10; Domain=media6degrees.com; Expires=Mon, 11-Sep-2023 15:02:52 GMT; Path=/; Secure; SameSite=None
set-cookie: JSESSIONID=E3B937C2CF041F6F334F2DF0CDFE7D78; Path=/orbserv/; HttpOnly
access-control-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7a85a3d1bf63b986-AMS
content-encoding: gzip
DNS

trc-events.taboola.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

trc-events.taboola.com

IN A

Response

trc-events.taboola.com

IN CNAME

sg-trc-events.taboola.com

sg-trc-events.taboola.com

IN CNAME

sg-vip001.taboola.com

sg-vip001.taboola.com

IN A

141.226.229.48
DNS

trc-events.taboola.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

trc-events.taboola.com

IN A

Response

trc-events.taboola.com

IN CNAME

sg-trc-events.taboola.com

sg-trc-events.taboola.com

IN CNAME

sg-vip001.taboola.com

sg-vip001.taboola.com

IN A

141.226.229.48
GET

https://trc-events.taboola.com/1155799/log/3/unip?en=pre_d_eng_tb&tos=1945&scd=0&ssd=1&est=1678896169354&ver=36&isls=true&src=i&invt=1500&msa=0&rv=1&tim=1678896171303&vi=1678896169278&ri=35aa941fb516b5ebb96533598709911e&sd=v2_1f0fee6fb1a042da605a2223eca4011b_bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b_1678892571_1678892571_CNawjgYQ18VGGL6CirDuMCABKAEwZziY0QpA548QSK3x1gNQ____________AVgAYABoopyqvanCqcmOAXAB&ui=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b&ref=null&cv=20230312-9-RELEASE&item-url=https%3A%2F%2Fwww.grammarly.com%2F--

IEXPLORE.EXE

Remote address:

141.226.229.48:443

Request

GET /1155799/log/3/unip?en=pre_d_eng_tb&tos=1945&scd=0&ssd=1&est=1678896169354&ver=36&isls=true&src=i&invt=1500&msa=0&rv=1&tim=1678896171303&vi=1678896169278&ri=35aa941fb516b5ebb96533598709911e&sd=v2_1f0fee6fb1a042da605a2223eca4011b_bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b_1678892571_1678892571_CNawjgYQ18VGGL6CirDuMCABKAEwZziY0QpA548QSK3x1gNQ____________AVgAYABoopyqvanCqcmOAXAB&ui=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b&ref=null&cv=20230312-9-RELEASE&item-url=https%3A%2F%2Fwww.grammarly.com%2F-- HTTP/2.0
host: trc-events.taboola.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
cookie: t_gid=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b

Response

HTTP/2.0 204

server: nginx
date: Wed, 15 Mar 2023 15:02:53 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.grammarly.com
access-control-allow-credentials: true
set-cookie: t_gid=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b;Version=1;Path=/;Domain=.taboola.com;Expires=Thu, 14-Mar-2024 15:02:53 GMT;Max-Age=31536000;Secure;SameSite=None
cache-control: no-cache
pragma: no-cache
GET

https://trc-events.taboola.com/1155799/log/3/unip?en=pre_d_eng_tb&tos=5162&scd=0&ssd=1&est=1678896169354&ver=36&isls=true&src=i&invt=3000&msa=0&rv=1&tim=1678896174520&vi=1678896169278&ri=35aa941fb516b5ebb96533598709911e&sd=v2_1f0fee6fb1a042da605a2223eca4011b_bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b_1678892571_1678892571_CNawjgYQ18VGGL6CirDuMCABKAEwZziY0QpA548QSK3x1gNQ____________AVgAYABoopyqvanCqcmOAXAB&ui=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b&ref=null&cv=20230312-9-RELEASE&item-url=https%3A%2F%2Fwww.grammarly.com%2F--

IEXPLORE.EXE

Remote address:

141.226.229.48:443

Request

GET /1155799/log/3/unip?en=pre_d_eng_tb&tos=5162&scd=0&ssd=1&est=1678896169354&ver=36&isls=true&src=i&invt=3000&msa=0&rv=1&tim=1678896174520&vi=1678896169278&ri=35aa941fb516b5ebb96533598709911e&sd=v2_1f0fee6fb1a042da605a2223eca4011b_bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b_1678892571_1678892571_CNawjgYQ18VGGL6CirDuMCABKAEwZziY0QpA548QSK3x1gNQ____________AVgAYABoopyqvanCqcmOAXAB&ui=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b&ref=null&cv=20230312-9-RELEASE&item-url=https%3A%2F%2Fwww.grammarly.com%2F-- HTTP/2.0
host: trc-events.taboola.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
cookie: t_gid=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b

Response

HTTP/2.0 204

server: nginx
date: Wed, 15 Mar 2023 15:02:56 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.grammarly.com
access-control-allow-credentials: true
set-cookie: t_gid=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b;Version=1;Path=/;Domain=.taboola.com;Expires=Thu, 14-Mar-2024 15:02:56 GMT;Max-Age=31536000;Secure;SameSite=None
cache-control: no-cache
pragma: no-cache
GET

https://trc-events.taboola.com/1155799/log/3/unip?en=pre_d_eng_tb&tos=11364&scd=0&ssd=1&est=1678896169354&ver=36&isls=true&src=i&invt=6000&msa=0&rv=1&tim=1678896180722&vi=1678896169278&ri=35aa941fb516b5ebb96533598709911e&sd=v2_1f0fee6fb1a042da605a2223eca4011b_bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b_1678892571_1678892571_CNawjgYQ18VGGL6CirDuMCABKAEwZziY0QpA548QSK3x1gNQ____________AVgAYABoopyqvanCqcmOAXAB&ui=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b&ref=null&cv=20230312-9-RELEASE&item-url=https%3A%2F%2Fwww.grammarly.com%2F--

IEXPLORE.EXE

Remote address:

141.226.229.48:443

Request

GET /1155799/log/3/unip?en=pre_d_eng_tb&tos=11364&scd=0&ssd=1&est=1678896169354&ver=36&isls=true&src=i&invt=6000&msa=0&rv=1&tim=1678896180722&vi=1678896169278&ri=35aa941fb516b5ebb96533598709911e&sd=v2_1f0fee6fb1a042da605a2223eca4011b_bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b_1678892571_1678892571_CNawjgYQ18VGGL6CirDuMCABKAEwZziY0QpA548QSK3x1gNQ____________AVgAYABoopyqvanCqcmOAXAB&ui=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b&ref=null&cv=20230312-9-RELEASE&item-url=https%3A%2F%2Fwww.grammarly.com%2F-- HTTP/2.0
host: trc-events.taboola.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
cookie: t_gid=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b

Response

HTTP/2.0 204

server: nginx
date: Wed, 15 Mar 2023 15:03:02 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.grammarly.com
access-control-allow-credentials: true
set-cookie: t_gid=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b;Version=1;Path=/;Domain=.taboola.com;Expires=Thu, 14-Mar-2024 15:03:02 GMT;Max-Age=31536000;Secure;SameSite=None
cache-control: no-cache
pragma: no-cache
GET

https://trc-events.taboola.com/1155799/log/3/unip?en=pre_d_eng_tb&tos=23488&scd=0&ssd=1&est=1678896169354&ver=36&isls=true&src=i&invt=12000&msa=0&rv=1&tim=1678896192846&vi=1678896169278&ri=35aa941fb516b5ebb96533598709911e&sd=v2_1f0fee6fb1a042da605a2223eca4011b_bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b_1678892571_1678892571_CNawjgYQ18VGGL6CirDuMCABKAEwZziY0QpA548QSK3x1gNQ____________AVgAYABoopyqvanCqcmOAXAB&ui=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b&ref=null&cv=20230312-9-RELEASE&item-url=https%3A%2F%2Fwww.grammarly.com%2F--

IEXPLORE.EXE

Remote address:

141.226.229.48:443

Request

GET /1155799/log/3/unip?en=pre_d_eng_tb&tos=23488&scd=0&ssd=1&est=1678896169354&ver=36&isls=true&src=i&invt=12000&msa=0&rv=1&tim=1678896192846&vi=1678896169278&ri=35aa941fb516b5ebb96533598709911e&sd=v2_1f0fee6fb1a042da605a2223eca4011b_bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b_1678892571_1678892571_CNawjgYQ18VGGL6CirDuMCABKAEwZziY0QpA548QSK3x1gNQ____________AVgAYABoopyqvanCqcmOAXAB&ui=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b&ref=null&cv=20230312-9-RELEASE&item-url=https%3A%2F%2Fwww.grammarly.com%2F-- HTTP/2.0
host: trc-events.taboola.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
cookie: t_gid=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b

Response

HTTP/2.0 204

server: nginx
date: Wed, 15 Mar 2023 15:03:14 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.grammarly.com
access-control-allow-credentials: true
set-cookie: t_gid=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b;Version=1;Path=/;Domain=.taboola.com;Expires=Thu, 14-Mar-2024 15:03:14 GMT;Max-Age=31536000;Secure;SameSite=None
cache-control: no-cache
pragma: no-cache
GET

https://trc-events.taboola.com/1155799/log/3/unip?en=pre_d_eng_tb&tos=47630&scd=0&ssd=1&est=1678896169354&ver=36&isls=true&src=i&invt=24000&msa=0&rv=1&tim=1678896216989&vi=1678896169278&ri=35aa941fb516b5ebb96533598709911e&sd=v2_1f0fee6fb1a042da605a2223eca4011b_bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b_1678892571_1678892571_CNawjgYQ18VGGL6CirDuMCABKAEwZziY0QpA548QSK3x1gNQ____________AVgAYABoopyqvanCqcmOAXAB&ui=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b&ref=null&cv=20230312-9-RELEASE&item-url=https%3A%2F%2Fwww.grammarly.com%2F--

IEXPLORE.EXE

Remote address:

141.226.229.48:443

Request

GET /1155799/log/3/unip?en=pre_d_eng_tb&tos=47630&scd=0&ssd=1&est=1678896169354&ver=36&isls=true&src=i&invt=24000&msa=0&rv=1&tim=1678896216989&vi=1678896169278&ri=35aa941fb516b5ebb96533598709911e&sd=v2_1f0fee6fb1a042da605a2223eca4011b_bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b_1678892571_1678892571_CNawjgYQ18VGGL6CirDuMCABKAEwZziY0QpA548QSK3x1gNQ____________AVgAYABoopyqvanCqcmOAXAB&ui=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b&ref=null&cv=20230312-9-RELEASE&item-url=https%3A%2F%2Fwww.grammarly.com%2F-- HTTP/2.0
host: trc-events.taboola.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
cookie: t_gid=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b

Response

HTTP/2.0 204

server: nginx
date: Wed, 15 Mar 2023 15:03:38 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.grammarly.com
access-control-allow-credentials: true
set-cookie: t_gid=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b;Version=1;Path=/;Domain=.taboola.com;Expires=Thu, 14-Mar-2024 15:03:38 GMT;Max-Age=31536000;Secure;SameSite=None
cache-control: no-cache
pragma: no-cache
GET

https://trc-events.taboola.com/1155799/log/3/unip?en=pre_d_eng_tb&tos=95786&scd=0&ssd=1&est=1678896169354&ver=36&isls=true&src=i&invt=48000&msa=0&rv=1&tim=1678896265144&vi=1678896169278&ri=35aa941fb516b5ebb96533598709911e&sd=v2_1f0fee6fb1a042da605a2223eca4011b_bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b_1678892571_1678892571_CNawjgYQ18VGGL6CirDuMCABKAEwZziY0QpA548QSK3x1gNQ____________AVgAYABoopyqvanCqcmOAXAB&ui=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b&ref=null&cv=20230312-9-RELEASE&item-url=https%3A%2F%2Fwww.grammarly.com%2F--

IEXPLORE.EXE

Remote address:

141.226.229.48:443

Request

GET /1155799/log/3/unip?en=pre_d_eng_tb&tos=95786&scd=0&ssd=1&est=1678896169354&ver=36&isls=true&src=i&invt=48000&msa=0&rv=1&tim=1678896265144&vi=1678896169278&ri=35aa941fb516b5ebb96533598709911e&sd=v2_1f0fee6fb1a042da605a2223eca4011b_bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b_1678892571_1678892571_CNawjgYQ18VGGL6CirDuMCABKAEwZziY0QpA548QSK3x1gNQ____________AVgAYABoopyqvanCqcmOAXAB&ui=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b&ref=null&cv=20230312-9-RELEASE&item-url=https%3A%2F%2Fwww.grammarly.com%2F-- HTTP/2.0
host: trc-events.taboola.com
accept: */*
referer: https://www.grammarly.com/--
accept-language: en-US
origin: https://www.grammarly.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
cookie: t_gid=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b

Response

HTTP/2.0 204

server: nginx
date: Wed, 15 Mar 2023 15:04:26 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.grammarly.com
access-control-allow-credentials: true
set-cookie: t_gid=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b;Version=1;Path=/;Domain=.taboola.com;Expires=Thu, 14-Mar-2024 15:04:26 GMT;Max-Age=31536000;Secure;SameSite=None
cache-control: no-cache
pragma: no-cache
DNS

48.229.226.141.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.226.141.in-addr.arpa

IN PTR

Response
DNS

48.229.226.141.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.226.141.in-addr.arpa

IN PTR

Response
DNS

200.232.18.117.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.232.18.117.in-addr.arpa

IN PTR

Response
DNS

200.232.18.117.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.232.18.117.in-addr.arpa

IN PTR

Response
DNS

97.238.32.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.238.32.23.in-addr.arpa

IN PTR

Response

97.238.32.23.in-addr.arpa

IN PTR

a23-32-238-97deploystaticakamaitechnologiescom
DNS

97.238.32.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.238.32.23.in-addr.arpa

IN PTR

Response

97.238.32.23.in-addr.arpa

IN PTR

a23-32-238-97deploystaticakamaitechnologiescom
DNS

2.77.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.77.109.52.in-addr.arpa

IN PTR

Response
DNS

2.77.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.77.109.52.in-addr.arpa

IN PTR

Response
DNS

2.36.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.36.159.162.in-addr.arpa

IN PTR

Response
DNS

2.36.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.36.159.162.in-addr.arpa

IN PTR

Response
DNS

176.122.125.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

176.122.125.40.in-addr.arpa

IN PTR

Response

34.232.86.156:443

https://www.grammarly.com/api/tracking/pageShow?pageId=error404&userId=-283546029845916416&requestId=dKxxxUx4mLEIYmtU3Vol&isInitial=true&containerId=uqor7rqrjih80ao1

tls, http2

IEXPLORE.EXE

3.1kB
22.4kB
38
33

HTTP Request

GET https://www.grammarly.com/--

HTTP Response

404

HTTP Request

GET https://www.grammarly.com/api/tracking/load?userId=-283546029845916416&containerId=uqor7rqrjih80ao1&pageId=error404&isInitial=true&requestId=dKxxxUx4mLEIYmtU3Vol

HTTP Response

200

HTTP Request

GET https://www.grammarly.com/api/tracking/scriptExecuted?requestId=dKxxxUx4mLEIYmtU3Vol&pageId=error404

HTTP Response

200

HTTP Request

GET https://www.grammarly.com/api/tracking/pageShow?pageId=error404&userId=-283546029845916416&requestId=dKxxxUx4mLEIYmtU3Vol&isInitial=true&containerId=uqor7rqrjih80ao1

HTTP Response

200
34.232.86.156:443

www.grammarly.com

tls, http2

IEXPLORE.EXE

1.4kB
6.5kB
20
18
18.65.32.234:80

http://ocsp.r2m01.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEAXR1xNPN9IZ9rJMbVgVilA%3D

http

IEXPLORE.EXE

1.2kB
3.3kB
10
9

HTTP Request

GET http://ocsp.r2m01.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEApvFVbJ5ICVn6cgT%2F2N8xQ%3D

HTTP Response

200

HTTP Request

GET http://ocsp.r2m01.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEAcaEqhmoFHIRA8JgC%2F%2Bh4Q%3D

HTTP Response

200

HTTP Request

GET http://ocsp.r2m01.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEAXR1xNPN9IZ9rJMbVgVilA%3D

HTTP Response

200
104.19.188.97:443

cdn.cookielaw.org

tls, http2

IEXPLORE.EXE

1.0kB
3.5kB
13
9
104.19.188.97:443

https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/otCommonStyles.css

tls, http2

IEXPLORE.EXE

7.3kB
140.9kB
131
122

HTTP Request

GET https://cdn.cookielaw.org/consent/c6c558ad-cd49-418e-af8a-61680371a5f2/OtAutoBlock.js

HTTP Request

GET https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cdn.cookielaw.org/consent/c6c558ad-cd49-418e-af8a-61680371a5f2/c6c558ad-cd49-418e-af8a-61680371a5f2.json

HTTP Response

200

HTTP Request

GET https://cdn.cookielaw.org/scripttemplates/202211.2.0/otBannerSdk.js

HTTP Response

200

HTTP Request

GET https://cdn.cookielaw.org/consent/c6c558ad-cd49-418e-af8a-61680371a5f2/6dc75446-ad78-45cc-8266-579a014a8320/en.json

HTTP Response

200

HTTP Request

GET https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/otFlat.json

HTTP Request

GET https://cdn.cookielaw.org/scripttemplates/202211.2.0/assets/otCommonStyles.css

HTTP Response

200

HTTP Response

200
18.65.39.100:443

static.grammarly.com

tls, http2

IEXPLORE.EXE

1.1kB
6.6kB
15
11
18.65.39.100:443

https://static.grammarly.com/assets/files/2340c99e5888c621067307ab254ae533/favicon-16x16.png

tls, http2

IEXPLORE.EXE

151.3kB
3.3MB
2441
2409

HTTP Request

GET https://static.grammarly.com/assets/files/011ca8e2dff4aaab3dee2e23ea596228/instagram.svg

HTTP Request

GET https://static.grammarly.com/assets/files/5de36dcb71b73df81e64b8df4e59b595/logo.svg

HTTP Request

GET https://static.grammarly.com/assets/files/5d05ce2d651b6061eb640d5674bc076c/facebook.svg

HTTP Request

GET https://static.grammarly.com/assets/files/cec7137434d7c1fd568c54c6ec623e83/twitter.svg

HTTP Request

GET https://static.grammarly.com/assets/files/b87493b2cca3637c0e07f6e37f3cdd83/linkedin.svg

HTTP Request

GET https://static.grammarly.com/assets/js/b45f0c572b5d45725a8e/vendor.js

HTTP Request

GET https://static.grammarly.com/assets/js/d108f61b2f4e49ca7f48/main.js

HTTP Request

GET https://static.grammarly.com/assets/js/bd86025ed9fe19c849a9/accountDeleted~accountTypeSelection~affiliateHome~businessActivate~businessAdminWelcome~businessConf~1876d008.js

HTTP Request

GET https://static.grammarly.com/assets/js/c2509c8e2f40468b27ff/error404.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.grammarly.com/assets/files/a2300ffba93d1b8986f6351e8bb5296b/lato-light.woff

HTTP Request

GET https://static.grammarly.com/assets/files/f37bc8b02ffedbffa9445e40238fbfa4/lato-regular.woff

HTTP Request

GET https://static.grammarly.com/assets/files/3a12ad1b87191806ec79ad06d2b69f10/lato-light-italic.woff

HTTP Request

GET https://static.grammarly.com/assets/files/701f653bd5effdfb332789a497531f0c/lato-italic.woff

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.grammarly.com/assets/files/93ef2254d41ece1d04166cc29b599458/Inter-Thin-BETA.woff

HTTP Request

GET https://static.grammarly.com/assets/files/a65720437b6a770ccaffae97c8bd67b9/Inter-ThinItalic-BETA.woff

HTTP Request

GET https://static.grammarly.com/assets/files/a09af54a43cae85600f0f10583ad19fb/Inter-ExtraLight-BETA.woff

HTTP Request

GET https://static.grammarly.com/assets/files/5be26fde07593fcad7123610d055a33c/Inter-ExtraLightItalic-BETA.woff

HTTP Request

GET https://static.grammarly.com/assets/files/39a510c28179c25e0e4f65524d8d5394/Inter-Light-BETA.woff

HTTP Request

GET https://static.grammarly.com/assets/files/8c35c38451d802f149fcbc7e9004193e/Inter-LightItalic-BETA.woff

HTTP Request

GET https://static.grammarly.com/assets/files/88b63c27cdce33467477f6b31373c11b/Inter-Italic.woff

HTTP Request

GET https://static.grammarly.com/assets/files/da83100fc42a3c359ae8e3038a4a5e90/Inter-Regular.woff

HTTP Request

GET https://static.grammarly.com/assets/files/70f84e39477b8c33dbc1900a4bacb20f/Inter-Medium.woff

HTTP Request

GET https://static.grammarly.com/assets/files/de9b0866cf73188ae7ca0292a439d6a4/Inter-MediumItalic.woff

HTTP Request

GET https://static.grammarly.com/assets/files/548fae5eac276c84e8e47658147c1dd0/Inter-SemiBold.woff

HTTP Request

GET https://static.grammarly.com/assets/files/f576c8b25d49a2b711be3760e7be4022/Inter-SemiBoldItalic.woff

HTTP Request

GET https://static.grammarly.com/assets/files/b788e8a0ec2b2ab3fe6f0d17e4508835/Inter-Bold.woff

HTTP Request

GET https://static.grammarly.com/assets/files/ebef654642ae42ba62e081cb7c9799d1/Inter-BoldItalic.woff

HTTP Request

GET https://static.grammarly.com/assets/files/120ea2c83162244cf5f1e3e95e42a4a7/Inter-ExtraBold.woff

HTTP Request

GET https://static.grammarly.com/assets/files/58948c2c7a1c604287e36da46a9b26ac/Inter-ExtraBoldItalic.woff

HTTP Request

GET https://static.grammarly.com/assets/files/abaeaaad10bd44e916afa871d0905620/Inter-Black.woff

HTTP Request

GET https://static.grammarly.com/assets/files/b2f912ae1e6328973104ebcc98b01088/Inter-BlackItalic.woff

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.grammarly.com/assets/files/3761a367585958358e00be33a74be39e/home.png

HTTP Request

GET https://static.grammarly.com/assets/files/191f4507e3dfd224fdd2cb997e1ce0b4/back.png

HTTP Request

GET https://static.grammarly.com/assets/files/26c40894a1389840dad349139cdfe4ee/support.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.grammarly.com/assets/files/2340c99e5888c621067307ab254ae533/favicon-16x16.png

HTTP Response

200
18.65.39.100:443

static.grammarly.com

tls, http2

IEXPLORE.EXE

1.1kB
6.7kB
16
13
18.65.39.100:443

static.grammarly.com

tls, http2

IEXPLORE.EXE

1.1kB
6.6kB
15
11
18.65.39.100:443

static.grammarly.com

tls, http2

IEXPLORE.EXE

1.1kB
6.7kB
16
13
18.65.39.100:443

static.grammarly.com

tls, http2

IEXPLORE.EXE

1.1kB
6.6kB
15
11
34.120.195.249:443

https://o565714.ingest.sentry.io/api/4504171580555264/envelope/?sentry_key=aaae17b2988c48ca823101d95adec9fd&sentry_version=7&sentry_client=sentry.javascript.react%2F7.28.1

tls, http2

IEXPLORE.EXE

2.4kB
6.0kB
23
18

HTTP Request

POST https://o565714.ingest.sentry.io/api/4504171580555264/envelope/?sentry_key=aaae17b2988c48ca823101d95adec9fd&sentry_version=7&sentry_client=sentry.javascript.react%2F7.28.1

HTTP Response

200
54.84.71.5:443

f-log-at.grammarly.io

tls, http2

IEXPLORE.EXE

1.4kB
7.1kB
21
19
54.84.71.5:443

https://f-log-at.grammarly.io/log

tls, http2

IEXPLORE.EXE

10.1kB
15.0kB
79
58

HTTP Request

OPTIONS https://f-log-at.grammarly.io/log

HTTP Request

OPTIONS https://f-log-at.grammarly.io/log

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://f-log-at.grammarly.io/log

HTTP Request

POST https://f-log-at.grammarly.io/log

HTTP Request

OPTIONS https://f-log-at.grammarly.io/log

HTTP Response

200

HTTP Response

200

HTTP Request

OPTIONS https://f-log-at.grammarly.io/log

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://f-log-at.grammarly.io/log

HTTP Request

POST https://f-log-at.grammarly.io/log

HTTP Response

200

HTTP Response

200

HTTP Request

OPTIONS https://f-log-at.grammarly.io/log

HTTP Response

204

HTTP Request

OPTIONS https://f-log-at.grammarly.io/log

HTTP Request

POST https://f-log-at.grammarly.io/log

HTTP Response

204

HTTP Request

OPTIONS https://f-log-at.grammarly.io/log

HTTP Request

POST https://f-log-at.grammarly.io/log

HTTP Request

OPTIONS https://f-log-at.grammarly.io/log

HTTP Response

204

HTTP Request

POST https://f-log-at.grammarly.io/log

HTTP Response

200

HTTP Response

200

HTTP Response

204

HTTP Request

POST https://f-log-at.grammarly.io/log

HTTP Response

200

HTTP Response

200
3.216.158.246:443

gnar.grammarly.com

tls, http2

IEXPLORE.EXE

1.4kB
6.5kB
21
19
3.216.158.246:443

https://gnar.grammarly.com/events

tls, http2

IEXPLORE.EXE

5.7kB
8.4kB
37
28

HTTP Request

OPTIONS https://gnar.grammarly.com/events

HTTP Request

OPTIONS https://gnar.grammarly.com/events

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://gnar.grammarly.com/events

HTTP Request

POST https://gnar.grammarly.com/events

HTTP Request

POST https://gnar.grammarly.com/events

HTTP Response

200

HTTP Response

200

HTTP Response

200
52.1.61.109:443

https://f-log-test.grammarly.io/ts?p=prod.error404.internet%2520explorer&c.uncaughtError=1

tls, http2

IEXPLORE.EXE

2.3kB
10.0kB
29
26

HTTP Request

GET https://f-log-test.grammarly.io/ts?p=prod.error404.internet%2520explorer&c.pageVisit=1

HTTP Request

GET https://f-log-test.grammarly.io/ts?p=prod.error404.internet%2520explorer.11-0.IN&t.app-did-mount=2597.4865&t.app-init-end=2903.4865&t.app-init-start=2413.0865&t.ttfb=1

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://f-log-test.grammarly.io/ts?p=prod.error404.internet%2520explorer&c.uncaughtError=1

HTTP Response

200

HTTP Request

GET https://f-log-test.grammarly.io/ts?p=prod.error404.internet%2520explorer&c.uncaughtError=1

HTTP Response

200
52.1.61.109:443

f-log-test.grammarly.io

tls, http2

IEXPLORE.EXE

1.5kB
7.1kB
22
20
172.64.144.98:443

geolocation.onetrust.com

tls, http2

IEXPLORE.EXE

1.0kB
3.5kB
13
9
172.64.144.98:443

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

tls, http2

IEXPLORE.EXE

1.3kB
4.0kB
16
11

HTTP Request

GET https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

HTTP Response

200
18.65.32.234:80

http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAf%2BMPsxcsnDtCfMRMwOVxM%3D

http

IEXPLORE.EXE

1.6kB
4.3kB
13
11

HTTP Request

GET http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAeiswKB0mzix3YNZYvDguQ%3D

HTTP Response

200

HTTP Request

GET http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEA3FU0FUe3KQSDlXezEJT%2Fw%3D

HTTP Response

200

HTTP Request

GET http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAfrzp4T%2FCf%2FcMZzWJWsAyE%3D

HTTP Response

200

HTTP Request

GET http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAf%2BMPsxcsnDtCfMRMwOVxM%3D

HTTP Response

200
18.65.32.234:80

http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAf%2BMPsxcsnDtCfMRMwOVxM%3D

http

IEXPLORE.EXE

860 B
2.2kB
8
7

HTTP Request

GET http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEA3FU0FUe3KQSDlXezEJT%2Fw%3D

HTTP Response

200

HTTP Request

GET http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAf%2BMPsxcsnDtCfMRMwOVxM%3D

HTTP Response

200
142.250.102.154:443

stats.g.doubleclick.net

tls, http2

IEXPLORE.EXE

1.1kB
5.3kB
15
11
142.250.102.154:443

https://stats.g.doubleclick.net/g/collect?v=2&tid=G-CBK9K2ZWWE&cid=349171042.1678896169&gtm=45je33d0&aip=1

tls, http2

IEXPLORE.EXE

2.1kB
6.1kB
24
17

HTTP Request

POST https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-6331378-16&cid=349171042.1678896169&jid=884347075&gjid=1076967261&_gid=58853605.1678896169&_u=aGBAgEYQAAAAAEgAI~&z=54064273

HTTP Response

200

HTTP Request

GET https://stats.g.doubleclick.net/g/collect?v=2&tid=G-CBK9K2ZWWE&cid=349171042.1678896169&gtm=45je33d0&aip=1

HTTP Response

204
34.232.31.155:443

https://q.quora.com/_/ad/87aec589ac364d478f819f2ef53afe3a/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.grammarly.com%2F--

tls, http

IEXPLORE.EXE

1.5kB
5.5kB
17
12

HTTP Request

GET https://q.quora.com/_/ad/87aec589ac364d478f819f2ef53afe3a/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.grammarly.com%2F--

HTTP Response

200
34.232.31.155:443

q.quora.com

tls

IEXPLORE.EXE

1.0kB
5.0kB
15
11
142.250.179.130:443

googleads.g.doubleclick.net

tls, http2

IEXPLORE.EXE

1.1kB
5.3kB
15
11
23.32.238.152:443

snap.licdn.com

tls, http2

IEXPLORE.EXE

1.2kB
5.0kB
16
15
23.32.238.152:443

https://snap.licdn.com/li.lms-analytics/insight.min.js

tls, http2

IEXPLORE.EXE

1.7kB
10.3kB
23
22

HTTP Request

GET https://snap.licdn.com/li.lms-analytics/insight.min.js

HTTP Response

200
142.250.179.130:443

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/956476927/?random=1678896168820&cv=11&fst=1678896168820&bg=ffffff&guid=ON&async=1&gtm=45He33d0&u_w=1280&u_h=720&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.grammarly.com%2F--&tiba=Page%20not%20found%20%7C%20Grammarly&auid=1719944168.1678896169&rfmt=3&fmt=4

tls, http2

IEXPLORE.EXE

1.8kB
7.6kB
21
17

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/viewthroughconversion/956476927/?random=1678896168820&cv=11&fst=1678896168820&bg=ffffff&guid=ON&async=1&gtm=45He33d0&u_w=1280&u_h=720&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.grammarly.com%2F--&tiba=Page%20not%20found%20%7C%20Grammarly&auid=1719944168.1678896169&rfmt=3&fmt=4

HTTP Response

200
151.101.60.157:443

https://static.ads-twitter.com/uwt.js

tls, http2

IEXPLORE.EXE

1.8kB
21.4kB
27
26

HTTP Request

GET https://static.ads-twitter.com/uwt.js

HTTP Response

200
151.101.60.157:443

static.ads-twitter.com

tls, http2

IEXPLORE.EXE

1.1kB
4.8kB
14
13
18.208.121.3:443

i.geistm.com

tls, http2

IEXPLORE.EXE

1.4kB
6.5kB
20
19
18.208.121.3:443

https://i.geistm.com/x/GRAM?gtmcb=178180223

tls, http2

IEXPLORE.EXE

1.7kB
6.8kB
23
19

HTTP Request

GET https://i.geistm.com/x/GRAM?gtmcb=178180223

HTTP Response

200
151.101.1.44:443

https://cdn.taboola.com/libtrc/unip/1155799/tfa.js

tls, http2

IEXPLORE.EXE

2.0kB
24.5kB
30
29

HTTP Request

GET https://cdn.taboola.com/libtrc/unip/1155799/tfa.js

HTTP Response

200
151.101.1.44:443

cdn.taboola.com

tls, http2

IEXPLORE.EXE

1.0kB
4.8kB
14
13
151.101.1.140:443

https://www.redditstatic.com/ads/pixel.js

tls, http2

IEXPLORE.EXE

1.5kB
13.1kB
21
20

HTTP Request

GET https://www.redditstatic.com/ads/pixel.js

HTTP Response

200
142.250.179.134:443

https://11910764.fls.doubleclick.net/ddm/fls/r/src=11910764;type=gramm0;cat=gramm0;ord=6751340060560;gtm=45He33d0;auiddc=1719944168.1678896169;~oref=https%3A%2F%2Fwww.grammarly.com%2F--

tls, http2

IEXPLORE.EXE

2.3kB
7.9kB
27
21

HTTP Request

GET https://11910764.fls.doubleclick.net/activityi;src=11910764;type=gramm0;cat=gramm0;ord=6751340060560;gtm=45He33d0;auiddc=1719944168.1678896169;~oref=https%3A%2F%2Fwww.grammarly.com%2F--?

HTTP Response

200

HTTP Request

GET https://11910764.fls.doubleclick.net/ddm/fls/r/src=11910764;type=gramm0;cat=gramm0;ord=6751340060560;gtm=45He33d0;auiddc=1719944168.1678896169;~oref=https%3A%2F%2Fwww.grammarly.com%2F--

HTTP Response

200
142.250.179.134:443

11910764.fls.doubleclick.net

tls, http2

IEXPLORE.EXE

1.1kB
5.3kB
15
11
151.101.1.140:443

www.redditstatic.com

tls, http2

IEXPLORE.EXE

1.0kB
4.7kB
14
13
173.223.113.34:443

https://p.teads.tv/teads-fellow.js

tls, http

IEXPLORE.EXE

1.6kB
13.8kB
21
19

HTTP Request

GET https://p.teads.tv/teads-fellow.js

HTTP Response

200
173.223.113.34:443

p.teads.tv

tls

IEXPLORE.EXE

1.0kB
6.5kB
15
12
204.79.197.200:443

https://bat.bing.com/action/0?ti=4001981&Ver=2&mid=f52b6dec-5a03-447c-aa09-bfd8a9b609d0&sid=d5ab1c40c34a11ed824501a20a4408eb&vid=d5ab8e20c34a11ed9c451b585095e3e1&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=720&sc=24&tl=Page%20not%20found%20%7C%20Grammarly&p=https%3A%2F%2Fwww.grammarly.com%2F--&r=&lt=2877&evt=pageLoad&sv=1&rn=355809

tls, http2

IEXPLORE.EXE

2.5kB
21.7kB
33
32

HTTP Request

GET https://bat.bing.com/bat.js

HTTP Response

200

HTTP Request

GET https://bat.bing.com/p/action/4001981.js

HTTP Request

GET https://bat.bing.com/action/0?ti=4001981&Ver=2&mid=f52b6dec-5a03-447c-aa09-bfd8a9b609d0&sid=d5ab1c40c34a11ed824501a20a4408eb&vid=d5ab8e20c34a11ed9c451b585095e3e1&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=720&sc=24&tl=Page%20not%20found%20%7C%20Grammarly&p=https%3A%2F%2Fwww.grammarly.com%2F--&r=&lt=2877&evt=pageLoad&sv=1&rn=355809

HTTP Response

204

HTTP Response

204
204.79.197.200:443

bat.bing.com

tls, http2

IEXPLORE.EXE

1.2kB
8.1kB
17
16
157.240.221.35:443

https://www.facebook.com/tr?id=828127113879905&ev=PageView&noscript=1

tls, http2

IEXPLORE.EXE

1.5kB
4.3kB
19
15

HTTP Request

GET https://www.facebook.com/tr?id=828127113879905&ev=PageView&noscript=1

HTTP Response

200
157.240.221.35:443

www.facebook.com

tls, http2

IEXPLORE.EXE

1.2kB
4.0kB
16
13
35.212.132.154:443

https://u.fg8dgt.com/ttdsync?ssp=ttd&tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605

tls, http2

IEXPLORE.EXE

2.1kB
8.2kB
28
21

HTTP Request

GET https://u.fg8dgt.com/pixel?type=js&id=368&cb=22808780

HTTP Response

200

HTTP Request

GET https://u.fg8dgt.com/ttdsync?ssp=ttd&tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605

HTTP Response

200
35.212.132.154:443

u.fg8dgt.com

tls, http2

IEXPLORE.EXE

1.1kB
5.8kB
16
12
54.75.24.234:443

adresults-19-adswizz.attribution.adswizz.com

tls, http2

IEXPLORE.EXE

1.2kB
6.3kB
17
14
54.75.24.234:443

https://adresults-19-adswizz.attribution.adswizz.com/fire?pixelId=024319d4-d553-4f8d-948b-07eb508c9ef0&type=sitevisit&subtype=PageVisit1&aw_0_req.gdpr=true&redirectURL=aHR0cHM6Ly9waXhlbC50YXBhZC5jb20vaWRzeW5jL2V4L3JlY2VpdmU_cGFydG5lcl9pZD0yOTk0JjwjaWYgcmVxdWVzdC5saXN0ZW5lcklkP21hdGNoZXMoJ1swLTlhLWZdezh9LVswLTlhLWZdezR9LVswLTlhLWZdezR9LVswLTlhLWZdezR9LVswLTlhLWZdezEyfScpPnBhcnRuZXJfdHlwZWRfZGlkPSU3QiUyMkhBUkRXQVJFX0FORFJPSURfQURfSUQlMjIlM0ElMjIke3JlcXVlc3QubGlzdGVuZXJJZH0lMjIlN0Q8I2Vsc2VpZiByZXF1ZXN0Lmxpc3RlbmVySWQ_bWF0Y2hlcygnWzAtOUEtRl17OH0tWzAtOUEtRl17NH0tWzAtOUEtRl17NH0tWzAtOUEtRl17NH0tWzAtOUEtRl17MTJ9Jyk-cGFydG5lcl90eXBlZF9kaWQ9JTdCJTIySEFSRFdBUkVfSURGQSUyMiUzQSUyMiR7cmVxdWVzdC5saXN0ZW5lcklkfSUyMiU3RDwjZWxzZT5wYXJ0bmVyX2RldmljZV9pZD0ke3JlcXVlc3QubGlzdGVuZXJJZCF9PC8jaWY-Cg

tls, http2

IEXPLORE.EXE

2.2kB
6.5kB
20
16

HTTP Request

GET https://adresults-19-adswizz.attribution.adswizz.com/fire?pixelId=024319d4-d553-4f8d-948b-07eb508c9ef0&type=sitevisit&subtype=PageVisit1&aw_0_req.gdpr=true&redirectURL=aHR0cHM6Ly9waXhlbC50YXBhZC5jb20vaWRzeW5jL2V4L3JlY2VpdmU_cGFydG5lcl9pZD0yOTk0JjwjaWYgcmVxdWVzdC5saXN0ZW5lcklkP21hdGNoZXMoJ1swLTlhLWZdezh9LVswLTlhLWZdezR9LVswLTlhLWZdezR9LVswLTlhLWZdezR9LVswLTlhLWZdezEyfScpPnBhcnRuZXJfdHlwZWRfZGlkPSU3QiUyMkhBUkRXQVJFX0FORFJPSURfQURfSUQlMjIlM0ElMjIke3JlcXVlc3QubGlzdGVuZXJJZH0lMjIlN0Q8I2Vsc2VpZiByZXF1ZXN0Lmxpc3RlbmVySWQ_bWF0Y2hlcygnWzAtOUEtRl17OH0tWzAtOUEtRl17NH0tWzAtOUEtRl17NH0tWzAtOUEtRl17NH0tWzAtOUEtRl17MTJ9Jyk-cGFydG5lcl90eXBlZF9kaWQ9JTdCJTIySEFSRFdBUkVfSURGQSUyMiUzQSUyMiR7cmVxdWVzdC5saXN0ZW5lcklkfSUyMiU3RDwjZWxzZT5wYXJ0bmVyX2RldmljZV9pZD0ke3JlcXVlc3QubGlzdGVuZXJJZCF9PC8jaWY-Cg

HTTP Response

302
35.244.142.80:443

cdn.pdst.fm

tls, http2

IEXPLORE.EXE

1.1kB
5.4kB
15
11
35.244.142.80:443

https://cdn.pdst.fm/ping.min.js

tls, http2

IEXPLORE.EXE

1.7kB
12.3kB
23
18

HTTP Request

GET https://cdn.pdst.fm/ping.min.js

HTTP Response

200
104.16.101.12:443

ws.zoominfo.com

tls, http2

IEXPLORE.EXE

1.0kB
3.6kB
14
10
104.16.101.12:443

https://ws.zoominfo.com/pixel/62264a4323a597001cd9312d

tls, http2

IEXPLORE.EXE

1.5kB
7.1kB
19
14

HTTP Request

GET https://ws.zoominfo.com/pixel/62264a4323a597001cd9312d

HTTP Response

200
52.54.98.146:443

data.adxcel-ec2.com

tls

IEXPLORE.EXE

1.1kB
6.0kB
16
12
52.54.98.146:443

https://data.adxcel-ec2.com/pixel/?ad_log=referer&action=lead&pixid=52b11b79-9426-44db-b03d-b2ba4122285f

tls, http

IEXPLORE.EXE

1.6kB
6.3kB
19
15

HTTP Request

GET https://data.adxcel-ec2.com/pixel/?ad_log=referer&action=lead&pixid=52b11b79-9426-44db-b03d-b2ba4122285f

HTTP Response

200
3.138.41.239:443

collector-21641.us.tvsquared.com

tls

IEXPLORE.EXE

1.0kB
5.9kB
15
11
3.138.41.239:443

https://collector-21641.us.tvsquared.com/tv2track.php?action_name=Page%20not%20found%20%7C%20Grammarly&idsite=TV-7281365481-1&rec=1&r=027492&h=16&m=2&s=49&url=https%3A%2F%2Fwww.grammarly.com%2F--&_id=b1385fae57031674&_idts=1678896170&_idvc=0&_idn=1&_viewts=&java=1&cookie=1&res=1280x720&gt_ms=195

tls, http

IEXPLORE.EXE

2.4kB
15.4kB
25
19

HTTP Request

GET https://collector-21641.us.tvsquared.com/tv2track.js

HTTP Response

200

HTTP Request

GET https://collector-21641.us.tvsquared.com/tv2track.php?action_name=Page%20not%20found%20%7C%20Grammarly&idsite=TV-7281365481-1&rec=1&r=027492&h=16&m=2&s=49&url=https%3A%2F%2Fwww.grammarly.com%2F--&_id=b1385fae57031674&_idts=1678896170&_idvc=0&_idn=1&_viewts=&java=1&cookie=1&res=1280x720&gt_ms=195

HTTP Response

200
13.227.222.181:443

js.adsrvr.org

tls

IEXPLORE.EXE

961 B
6.2kB
14
11
13.227.222.181:443

https://js.adsrvr.org/universal_pixel.1.1.0.js

tls, http

IEXPLORE.EXE

1.9kB
9.8kB
17
15

HTTP Request

GET https://js.adsrvr.org/up_loader.1.1.0.js

HTTP Response

200

HTTP Request

GET https://js.adsrvr.org/universal_pixel.1.1.0.js

HTTP Response

200
18.65.39.109:443

tag.segmetrics.io

tls, http2

IEXPLORE.EXE

1.1kB
6.6kB
15
12
18.65.39.109:443

https://tag.segmetrics.io/aZBxp9.js

tls, http2

IEXPLORE.EXE

1.4kB
7.2kB
18
13

HTTP Request

GET https://tag.segmetrics.io/aZBxp9.js

HTTP Response

403
23.23.235.15:443

https://px.adentifi.com/Pixels?a_id=7576;uq=649723923;

tls, http2

IEXPLORE.EXE

1.7kB
6.8kB
22
18

HTTP Request

GET https://px.adentifi.com/Pixels?a_id=7576;uq=649723923;

HTTP Response

302
23.23.235.15:443

px.adentifi.com

tls, http2

IEXPLORE.EXE

1.4kB
6.4kB
20
17
87.248.114.11:443

https://s.yimg.com/wi/config/419167.json

tls, http2

IEXPLORE.EXE

1.8kB
13.2kB
24
19

HTTP Request

GET https://s.yimg.com/wi/ytc.js

HTTP Response

200

HTTP Request

GET https://s.yimg.com/wi/config/419167.json

HTTP Response

200
87.248.114.11:443

s.yimg.com

tls, http2

IEXPLORE.EXE

1.1kB
5.9kB
16
12
108.156.28.36:443

cdn.linkedin.oribi.io

tls, http2

IEXPLORE.EXE

1.1kB
6.7kB
16
13
108.156.28.36:443

https://cdn.linkedin.oribi.io/partner/429908/domain/grammarly.com/token

tls, http2

IEXPLORE.EXE

1.4kB
7.1kB
17
14

HTTP Request

GET https://cdn.linkedin.oribi.io/partner/429908/domain/grammarly.com/token

HTTP Response

200
13.107.42.14:443

px.ads.linkedin.com

tls, http2

IEXPLORE.EXE

1.2kB
5.6kB
15
14
13.107.42.14:443

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=429908&time=1678896169213&url=https%3A%2F%2Fwww.grammarly.com%2F--&cookiesTest=true&liSync=true

tls, http2

IEXPLORE.EXE

2.4kB
7.4kB
21
20

HTTP Request

GET https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=429908&time=1678896169213&url=https%3A%2F%2Fwww.grammarly.com%2F--

HTTP Response

302

HTTP Request

GET https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=429908&time=1678896169213&url=https%3A%2F%2Fwww.grammarly.com%2F--&cookiesTest=true

HTTP Response

302

HTTP Request

GET https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=429908&time=1678896169213&url=https%3A%2F%2Fwww.grammarly.com%2F--&cookiesTest=true&liSync=true

HTTP Response

200
104.244.42.197:443

https://t.co/i/adsct?bci=3&eci=2&event_id=765ae81f-33d8-46b5-b6e0-b83b65ecbe20&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=110ae7ba-cb39-49ef-86ef-e65eb4b19742&tw_document_href=https%3A%2F%2Fwww.grammarly.com%2F--&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o2m57&type=javascript&version=2.3.29

tls, http2

IEXPLORE.EXE

1.5kB
4.0kB
15
13

HTTP Request

GET https://t.co/i/adsct?bci=3&eci=2&event_id=765ae81f-33d8-46b5-b6e0-b83b65ecbe20&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=110ae7ba-cb39-49ef-86ef-e65eb4b19742&tw_document_href=https%3A%2F%2Fwww.grammarly.com%2F--&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o2m57&type=javascript&version=2.3.29

HTTP Response

200
104.244.42.197:443

t.co

tls, http2

IEXPLORE.EXE

987 B
3.5kB
13
11
151.101.1.140:443

https://alb.reddit.com/rp.gif?ts=1678896169271&id=t2_gfzsc&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&uuid=7d952c44-246b-47e7-99b2-bf780fdf5b24&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1280&sw=720&v=rdt_65e23bc4

tls, http2

IEXPLORE.EXE

1.5kB
5.0kB
16
15

HTTP Request

GET https://alb.reddit.com/rp.gif?ts=1678896169271&id=t2_gfzsc&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&uuid=7d952c44-246b-47e7-99b2-bf780fdf5b24&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1280&sw=720&v=rdt_65e23bc4

HTTP Response

200
151.101.1.140:443

alb.reddit.com

tls, http2

IEXPLORE.EXE

1.0kB
4.7kB
14
13
104.244.42.195:443

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=765ae81f-33d8-46b5-b6e0-b83b65ecbe20&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=110ae7ba-cb39-49ef-86ef-e65eb4b19742&tw_document_href=https%3A%2F%2Fwww.grammarly.com%2F--&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o2m57&type=javascript&version=2.3.29

tls, http2

IEXPLORE.EXE

1.5kB
4.0kB
15
13

HTTP Request

GET https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=765ae81f-33d8-46b5-b6e0-b83b65ecbe20&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=110ae7ba-cb39-49ef-86ef-e65eb4b19742&tw_document_href=https%3A%2F%2Fwww.grammarly.com%2F--&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o2m57&type=javascript&version=2.3.29

HTTP Response

200
104.244.42.195:443

analytics.twitter.com

tls, http2

IEXPLORE.EXE

1.0kB
3.5kB
13
11
18.65.32.234:80

http://ocsp.r2m01.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEAXR1xNPN9IZ9rJMbVgVilA%3D

http

IEXPLORE.EXE

519 B
1.2kB
6
5

HTTP Request

GET http://ocsp.r2m01.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEAXR1xNPN9IZ9rJMbVgVilA%3D

HTTP Response

200
18.65.32.234:80

http://ocsp.r2m01.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEAjA4ZqYLyrlvxNTcgHtrhw%3D

http

IEXPLORE.EXE

519 B
1.2kB
6
5

HTTP Request

GET http://ocsp.r2m01.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEAjA4ZqYLyrlvxNTcgHtrhw%3D

HTTP Response

200
151.101.1.44:443

https://trc.taboola.com/1155799/trc/3/json?tim=1678896169412&data=%7B%22id%22%3A26%2C%22ii%22%3A%22%2F--%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1678896169278%2C%22cv%22%3A%2220230312-9-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.grammarly.com%2F--%3F%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dgrammarly-network%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1678896169411%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fwww.grammarly.com%2F--%22%2C%22tos%22%3A52%2C%22ssd%22%3A1%2C%22scd%22%3A0%2C%22supv%22%3Atrue%7D%7D&pubit=i

tls, http2

IEXPLORE.EXE

2.0kB
7.0kB
17
15

HTTP Request

GET https://trc.taboola.com/1155799/trc/3/json?tim=1678896169412&data=%7B%22id%22%3A26%2C%22ii%22%3A%22%2F--%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1678896169278%2C%22cv%22%3A%2220230312-9-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.grammarly.com%2F--%3F%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dgrammarly-network%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1678896169411%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fwww.grammarly.com%2F--%22%2C%22tos%22%3A52%2C%22ssd%22%3A1%2C%22scd%22%3A0%2C%22supv%22%3Atrue%7D%7D&pubit=i

HTTP Response

200
151.101.1.44:443

trc.taboola.com

tls, http2

IEXPLORE.EXE

1.0kB
4.8kB
14
13
34.111.113.62:443

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2994&partner_device_id=bbb0b3a3872b2c4b2b1a8e9a4faa7511

tls, http2

IEXPLORE.EXE

1.9kB
5.7kB
23
18

HTTP Request

GET https://pixel.tapad.com/idsync/ex/receive?partner_id=2994&partner_device_id=bbb0b3a3872b2c4b2b1a8e9a4faa7511

HTTP Response

302

HTTP Request

GET https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2994&partner_device_id=bbb0b3a3872b2c4b2b1a8e9a4faa7511

HTTP Response

200
34.111.113.62:443

pixel.tapad.com

tls, http2

IEXPLORE.EXE

1.0kB
4.2kB
14
10
216.239.34.181:443

analytics.google.com

tls, http2

IEXPLORE.EXE

1.1kB
7.6kB
16
12
216.239.34.181:443

https://analytics.google.com/g/collect?v=2&tid=G-CBK9K2ZWWE&gtm=45je33d0&_p=1331267522&_gaz=1&cid=349171042.1678896169&ul=en-us&sr=1280x720&_s=1&sid=1678896169&sct=1&seg=0&dl=https%3A%2F%2Fwww.grammarly.com%2F--&dt=Page%20not%20found%20%7C%20Grammarly&uid=&en=page_view&_fv=1&_ss=2&ep.template_name=all-pages

tls, http2

IEXPLORE.EXE

3.0kB
8.6kB
28
22

HTTP Request

GET https://analytics.google.com/g/collect?v=2&tid=G-CBK9K2ZWWE&gtm=45je33d0&_p=1331267522&cid=349171042.1678896169&ul=en-us&sr=1280x720&_s=2&sid=1678896169&sct=1&seg=0&dl=https%3A%2F%2Fwww.grammarly.com%2F--&dt=Page%20not%20found%20%7C%20Grammarly&en=scroll_depth_25&_et=110

HTTP Request

GET https://analytics.google.com/g/collect?v=2&tid=G-CBK9K2ZWWE&gtm=45je33d0&_p=1331267522&cid=349171042.1678896169&ul=en-us&sr=1280x720&_s=3&sid=1678896169&sct=1&seg=0&dl=https%3A%2F%2Fwww.grammarly.com%2F--&dt=Page%20not%20found%20%7C%20Grammarly&en=scroll_depth_50&_et=10

HTTP Request

GET https://analytics.google.com/g/collect?v=2&tid=G-CBK9K2ZWWE&gtm=45je33d0&_p=1331267522&cid=349171042.1678896169&ul=en-us&sr=1280x720&_s=4&sid=1678896169&sct=1&seg=0&dl=https%3A%2F%2Fwww.grammarly.com%2F--&dt=Page%20not%20found%20%7C%20Grammarly&en=scroll_depth_75&_et=21

HTTP Request

GET https://analytics.google.com/g/collect?v=2&tid=G-CBK9K2ZWWE&gtm=45je33d0&_p=1331267522&cid=349171042.1678896169&ul=en-us&sr=1280x720&_s=5&sid=1678896169&sct=1&seg=0&dl=https%3A%2F%2Fwww.grammarly.com%2F--&dt=Page%20not%20found%20%7C%20Grammarly&en=scroll&epn.percent_scrolled=90&_et=23

HTTP Request

GET https://analytics.google.com/g/collect?v=2&tid=G-CBK9K2ZWWE&gtm=45je33d0&_p=1331267522&_gaz=1&cid=349171042.1678896169&ul=en-us&sr=1280x720&_s=1&sid=1678896169&sct=1&seg=0&dl=https%3A%2F%2Fwww.grammarly.com%2F--&dt=Page%20not%20found%20%7C%20Grammarly&uid=&en=page_view&_fv=1&_ss=2&ep.template_name=all-pages

HTTP Response

204

HTTP Response

204

HTTP Response

204

HTTP Response

204

HTTP Response

204
216.239.34.181:443

analytics.google.com

tls, http2

IEXPLORE.EXE

1.1kB
7.6kB
16
12
216.239.34.181:443

analytics.google.com

tls, http2

IEXPLORE.EXE

1.1kB
7.6kB
16
12
216.239.34.181:443

analytics.google.com

tls, http2

IEXPLORE.EXE

1.1kB
7.7kB
16
14
13.107.43.14:443

www.linkedin.com

tls, http2

IEXPLORE.EXE

1.2kB
5.6kB
15
14
13.107.43.14:443

https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D429908%26time%3D1678896169213%26url%3Dhttps%253A%252F%252Fwww.grammarly.com%252F--%26cookiesTest%3Dtrue%26liSync%3Dtrue

tls, http2

IEXPLORE.EXE

2.0kB
7.3kB
18
17

HTTP Request

GET https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D429908%26time%3D1678896169213%26url%3Dhttps%253A%252F%252Fwww.grammarly.com%252F--%26cookiesTest%3Dtrue%26liSync%3Dtrue

HTTP Response

302
212.82.100.181:443

https://sp.analytics.yahoo.com/sp.pl?a=10000&d=Wed%2C%2015%20Mar%202023%2016%3A02%3A49%20GMT&n=0&b=Page%20not%20found%20%7C%20Grammarly&.yp=419167&f=https%3A%2F%2Fwww.grammarly.com%2F--&enc=utf-8&yv=1.13.0&tagmgr=gtm

tls, http2

IEXPLORE.EXE

1.6kB
8.5kB
19
15

HTTP Request

GET https://sp.analytics.yahoo.com/sp.pl?a=10000&d=Wed%2C%2015%20Mar%202023%2016%3A02%3A49%20GMT&n=0&b=Page%20not%20found%20%7C%20Grammarly&.yp=419167&f=https%3A%2F%2Fwww.grammarly.com%2F--&enc=utf-8&yv=1.13.0&tagmgr=gtm

HTTP Response

200
212.82.100.181:443

sp.analytics.yahoo.com

tls, http2

IEXPLORE.EXE

1.2kB
7.8kB
17
13
52.223.40.198:443

https://insight.adsrvr.org/track/up?adv=n02q0rx&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k6x8du5&upv=1.1.0

tls, http2

IEXPLORE.EXE

2.0kB
5.9kB
23
19

HTTP Request

GET https://insight.adsrvr.org/track/up?adv=h4ebcn2&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k03oi77&upv=1.1.0&OrderCost=undefined

HTTP Request

GET https://insight.adsrvr.org/track/up?adv=n02q0rx&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k6x8du5&upv=1.1.0

HTTP Response

302

HTTP Response

302
52.223.40.198:443

insight.adsrvr.org

tls, http2

IEXPLORE.EXE

1.3kB
4.3kB
18
16
34.237.115.206:443

https://rtb.adentifi.com/CookieSyncAdXCheck?google_ula=6802874232,2

tls, http2

IEXPLORE.EXE

1.9kB
6.9kB
25
22

HTTP Request

GET https://rtb.adentifi.com/CookieSyncAdX

HTTP Response

302

HTTP Request

GET https://rtb.adentifi.com/CookieSyncAdXCheck?google_ula=6802874232,2

HTTP Response

204
34.237.115.206:443

rtb.adentifi.com

tls, http2

IEXPLORE.EXE

1.4kB
6.5kB
20
18
216.239.36.54:443

us-central1-adaptive-growth.cloudfunctions.net

tls, http2

IEXPLORE.EXE

1.4kB
12.1kB
20
16
216.239.36.54:443

https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink

tls, http2

IEXPLORE.EXE

2.9kB
13.7kB
33
28

HTTP Request

OPTIONS https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink

HTTP Response

200

HTTP Request

POST https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink

HTTP Response

204
52.223.40.198:443

match.adsrvr.org

tls, http2

IEXPLORE.EXE

1.3kB
4.3kB
19
17
52.223.40.198:443

https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=4847311572849152267&ttd_tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605

tls, http2

IEXPLORE.EXE

4.8kB
15.3kB
49
39

HTTP Request

GET https://match.adsrvr.org/track/cmf/generic?ttd_pid=1q65303&ttd_tpi=1

HTTP Request

GET https://match.adsrvr.org/track/upb/?adv=h4ebcn2&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k03oi77&upv=1.1.0&OrderCost=undefined

HTTP Request

GET https://match.adsrvr.org/track/upb/?adv=n02q0rx&ref=https%3A%2F%2Fwww.grammarly.com%2F--&upid=k6x8du5&upv=1.1.0

HTTP Response

302

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://match.adsrvr.org/track/cmb/generic?ttd_pid=1q65303&ttd_tpi=1

HTTP Response

302

HTTP Request

GET https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=e1c0baff-2a44-4665-be4b-51968b49827b&google_gid=CAESEEdAtTRYjGxwU7Os-MQs1ug&google_cver=1

HTTP Request

GET https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605&google_gid=CAESEEdAtTRYjGxwU7Os-MQs1ug&google_cver=1

HTTP Response

302

HTTP Response

302

HTTP Request

GET https://match.adsrvr.org/track/cmf/rubicon?gdpr=0

HTTP Response

302

HTTP Request

GET https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=4847311572849152267&ttd_tdid=e1c0baff-2a44-4665-be4b-51968b49827b

HTTP Response

302

HTTP Request

GET https://match.adsrvr.org/track/cmf/generic?ttd_pid=rightmedia&yahoo_id=y-gk7vHZ5E2uKntKwIsMYvwN5NDR7SkNo-~A&gdpr=0

HTTP Request

GET https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=4847311572849152267&ttd_tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605

HTTP Response

302

HTTP Response

302
104.18.23.234:443

action.dstillery.com

tls, http2

IEXPLORE.EXE

1.1kB
6.5kB
16
12
104.18.23.234:443

https://action.dstillery.com/orbserv/nsjs?adv=cl163664677529317&ns=6532&nc=Grammarly-ConsumerSiteVisit&ncv=58

tls, http2

IEXPLORE.EXE

1.5kB
7.1kB
18
14

HTTP Request

GET https://action.dstillery.com/orbserv/nsjs?adv=cl163664677529317&ns=6532&nc=Grammarly-ConsumerSiteVisit&ncv=58

HTTP Response

302
35.190.60.146:443

https://idsync.rlcdn.com/458319.gif?partner_uid=

tls, http2

IEXPLORE.EXE

1.7kB
7.5kB
23
18

HTTP Request

GET https://idsync.rlcdn.com/458319.gif?partner_uid=

HTTP Response

400
35.190.60.146:443

idsync.rlcdn.com

tls, http2

IEXPLORE.EXE

1.2kB
7.0kB
17
15
52.223.40.198:443

match.adsrvr.org

tls, http2

IEXPLORE.EXE

1.2kB
4.2kB
17
15
142.251.36.34:443

https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_hm=OGIwZTJkNjctMDcyMC00NjgxLWIyNGItYjAzZmFiMGE2NjA1&google_push&gdpr=0&gdpr_consent=&ttd_tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605

tls, http2

IEXPLORE.EXE

3.4kB
9.0kB
39
32

HTTP Request

GET https://cm.g.doubleclick.net/pixel?google_nid=adtheorent&google_hm=dNlPksNCEe2gIxJtpCvJYw&google_redir=https%3A%2F%2Frtb.adentifi.com%2FCookieSyncAdXCheck&google_ula=6802874232

HTTP Request

GET https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=ZTFjMGJhZmYtMmE0NC00NjY1LWJlNGItNTE5NjhiNDk4Mjdi&gdpr=0&gdpr_consent=&ttd_tdid=e1c0baff-2a44-4665-be4b-51968b49827b

HTTP Request

GET https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=OGIwZTJkNjctMDcyMC00NjgxLWIyNGItYjAzZmFiMGE2NjA1&gdpr=0&gdpr_consent=&ttd_tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605

HTTP Response

302

HTTP Response

302

HTTP Request

GET https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_hm=OGIwZTJkNjctMDcyMC00NjgxLWIyNGItYjAzZmFiMGE2NjA1&google_push&gdpr=0&gdpr_consent=&ttd_tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605

HTTP Request

GET https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_hm=OGIwZTJkNjctMDcyMC00NjgxLWIyNGItYjAzZmFiMGE2NjA1&google_push&gdpr=0&gdpr_consent=&ttd_tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605

HTTP Response

302

HTTP Response

200

HTTP Response

200
142.251.36.34:443

cm.g.doubleclick.net

tls, http2

IEXPLORE.EXE

1.1kB
5.3kB
15
11
142.251.36.34:443

cm.g.doubleclick.net

tls, http2

IEXPLORE.EXE

1.1kB
5.3kB
15
11
213.19.162.80:443

https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=8b0e2d67-0720-4681-b24b-b03fab0a6605&gdpr=0&gdpr_consent=&expires=30

tls, http

IEXPLORE.EXE

2.7kB
5.4kB
15
11

HTTP Request

GET https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=e1c0baff-2a44-4665-be4b-51968b49827b&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon

HTTP Response

302

HTTP Request

GET https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=8b0e2d67-0720-4681-b24b-b03fab0a6605&gdpr=0&gdpr_consent=&expires=30

HTTP Response

200
185.89.211.116:443

https://ib.adnxs.com/setuid?entity=82&code=8b0e2d67-0720-4681-b24b-b03fab0a6605&gdpr=0&gdpr_consent=

tls, http

IEXPLORE.EXE

2.9kB
7.1kB
18
15

HTTP Request

GET https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=8b0e2d67-0720-4681-b24b-b03fab0a6605

HTTP Response

307

HTTP Request

GET https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fmatch.adsrvr.org%252ftrack%252fcmf%252fappnexus%253fttd%253d1%2526anid%253d%2524UID%26ttd_tdid%3D8b0e2d67-0720-4681-b24b-b03fab0a6605

HTTP Response

302

HTTP Request

GET https://ib.adnxs.com/setuid?entity=82&code=8b0e2d67-0720-4681-b24b-b03fab0a6605&gdpr=0&gdpr_consent=

HTTP Response

200
213.19.162.80:443

pixel.rubiconproject.com

tls

IEXPLORE.EXE

859 B
3.9kB
11
9
185.89.211.116:443

https://ib.adnxs.com/setuid?entity=82&code=8b0e2d67-0720-4681-b24b-b03fab0a6605&gdpr=0&gdpr_consent=

tls, http

IEXPLORE.EXE

2.8kB
7.1kB
18
15

HTTP Request

GET https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=e1c0baff-2a44-4665-be4b-51968b49827b

HTTP Response

307

HTTP Request

GET https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fmatch.adsrvr.org%252ftrack%252fcmf%252fappnexus%253fttd%253d1%2526anid%253d%2524UID%26ttd_tdid%3De1c0baff-2a44-4665-be4b-51968b49827b

HTTP Response

302

HTTP Request

GET https://ib.adnxs.com/setuid?entity=82&code=8b0e2d67-0720-4681-b24b-b03fab0a6605&gdpr=0&gdpr_consent=

HTTP Response

200
3.75.62.37:443

https://ups.analytics.yahoo.com/ups/55953/sync?uid=8b0e2d67-0720-4681-b24b-b03fab0a6605&_origin=0&gdpr=0&gdpr_consent=

tls, http2

IEXPLORE.EXE

2.0kB
5.5kB
20
14

HTTP Request

GET https://ups.analytics.yahoo.com/ups/55953/sync?uid=8b0e2d67-0720-4681-b24b-b03fab0a6605&_origin=1&redir=true&gdpr=0&gdpr_consent=

HTTP Response

302

HTTP Request

GET https://ups.analytics.yahoo.com/ups/55953/sync?uid=8b0e2d67-0720-4681-b24b-b03fab0a6605&_origin=0&gdpr=0&gdpr_consent=

HTTP Response

204

HTTP Request

GET https://ups.analytics.yahoo.com/ups/55953/sync?uid=8b0e2d67-0720-4681-b24b-b03fab0a6605&_origin=0&gdpr=0&gdpr_consent=

HTTP Response

204
3.75.62.37:443

ups.analytics.yahoo.com

tls, http2

IEXPLORE.EXE

1.1kB
4.7kB
14
10
104.18.23.234:443

action.media6degrees.com

tls, http2

IEXPLORE.EXE

1.1kB
6.5kB
16
12
104.18.23.234:443

https://action.media6degrees.com/orbserv/nsjs?adv=cl163664677529317&ns=6532&nc=Grammarly-ConsumerSiteVisit&ncv=58

tls, http2

IEXPLORE.EXE

1.5kB
7.3kB
19
15

HTTP Request

GET https://action.media6degrees.com/orbserv/nsjs?adv=cl163664677529317&ns=6532&nc=Grammarly-ConsumerSiteVisit&ncv=58

HTTP Response

200
141.226.229.48:443

trc-events.taboola.com

tls, http2

IEXPLORE.EXE

1.1kB
4.8kB
15
10
141.226.229.48:443

https://trc-events.taboola.com/1155799/log/3/unip?en=pre_d_eng_tb&tos=95786&scd=0&ssd=1&est=1678896169354&ver=36&isls=true&src=i&invt=48000&msa=0&rv=1&tim=1678896265144&vi=1678896169278&ri=35aa941fb516b5ebb96533598709911e&sd=v2_1f0fee6fb1a042da605a2223eca4011b_bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b_1678892571_1678892571_CNawjgYQ18VGGL6CirDuMCABKAEwZziY0QpA548QSK3x1gNQ____________AVgAYABoopyqvanCqcmOAXAB&ui=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b&ref=null&cv=20230312-9-RELEASE&item-url=https%3A%2F%2Fwww.grammarly.com%2F--

tls, http2

IEXPLORE.EXE

4.7kB
7.5kB
25
16

HTTP Request

GET https://trc-events.taboola.com/1155799/log/3/unip?en=pre_d_eng_tb&tos=1945&scd=0&ssd=1&est=1678896169354&ver=36&isls=true&src=i&invt=1500&msa=0&rv=1&tim=1678896171303&vi=1678896169278&ri=35aa941fb516b5ebb96533598709911e&sd=v2_1f0fee6fb1a042da605a2223eca4011b_bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b_1678892571_1678892571_CNawjgYQ18VGGL6CirDuMCABKAEwZziY0QpA548QSK3x1gNQ____________AVgAYABoopyqvanCqcmOAXAB&ui=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b&ref=null&cv=20230312-9-RELEASE&item-url=https%3A%2F%2Fwww.grammarly.com%2F--

HTTP Response

204

HTTP Request

GET https://trc-events.taboola.com/1155799/log/3/unip?en=pre_d_eng_tb&tos=5162&scd=0&ssd=1&est=1678896169354&ver=36&isls=true&src=i&invt=3000&msa=0&rv=1&tim=1678896174520&vi=1678896169278&ri=35aa941fb516b5ebb96533598709911e&sd=v2_1f0fee6fb1a042da605a2223eca4011b_bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b_1678892571_1678892571_CNawjgYQ18VGGL6CirDuMCABKAEwZziY0QpA548QSK3x1gNQ____________AVgAYABoopyqvanCqcmOAXAB&ui=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b&ref=null&cv=20230312-9-RELEASE&item-url=https%3A%2F%2Fwww.grammarly.com%2F--

HTTP Response

204

HTTP Request

GET https://trc-events.taboola.com/1155799/log/3/unip?en=pre_d_eng_tb&tos=11364&scd=0&ssd=1&est=1678896169354&ver=36&isls=true&src=i&invt=6000&msa=0&rv=1&tim=1678896180722&vi=1678896169278&ri=35aa941fb516b5ebb96533598709911e&sd=v2_1f0fee6fb1a042da605a2223eca4011b_bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b_1678892571_1678892571_CNawjgYQ18VGGL6CirDuMCABKAEwZziY0QpA548QSK3x1gNQ____________AVgAYABoopyqvanCqcmOAXAB&ui=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b&ref=null&cv=20230312-9-RELEASE&item-url=https%3A%2F%2Fwww.grammarly.com%2F--

HTTP Response

204

HTTP Request

GET https://trc-events.taboola.com/1155799/log/3/unip?en=pre_d_eng_tb&tos=23488&scd=0&ssd=1&est=1678896169354&ver=36&isls=true&src=i&invt=12000&msa=0&rv=1&tim=1678896192846&vi=1678896169278&ri=35aa941fb516b5ebb96533598709911e&sd=v2_1f0fee6fb1a042da605a2223eca4011b_bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b_1678892571_1678892571_CNawjgYQ18VGGL6CirDuMCABKAEwZziY0QpA548QSK3x1gNQ____________AVgAYABoopyqvanCqcmOAXAB&ui=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b&ref=null&cv=20230312-9-RELEASE&item-url=https%3A%2F%2Fwww.grammarly.com%2F--

HTTP Response

204

HTTP Request

GET https://trc-events.taboola.com/1155799/log/3/unip?en=pre_d_eng_tb&tos=47630&scd=0&ssd=1&est=1678896169354&ver=36&isls=true&src=i&invt=24000&msa=0&rv=1&tim=1678896216989&vi=1678896169278&ri=35aa941fb516b5ebb96533598709911e&sd=v2_1f0fee6fb1a042da605a2223eca4011b_bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b_1678892571_1678892571_CNawjgYQ18VGGL6CirDuMCABKAEwZziY0QpA548QSK3x1gNQ____________AVgAYABoopyqvanCqcmOAXAB&ui=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b&ref=null&cv=20230312-9-RELEASE&item-url=https%3A%2F%2Fwww.grammarly.com%2F--

HTTP Response

204

HTTP Request

GET https://trc-events.taboola.com/1155799/log/3/unip?en=pre_d_eng_tb&tos=95786&scd=0&ssd=1&est=1678896169354&ver=36&isls=true&src=i&invt=48000&msa=0&rv=1&tim=1678896265144&vi=1678896169278&ri=35aa941fb516b5ebb96533598709911e&sd=v2_1f0fee6fb1a042da605a2223eca4011b_bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b_1678892571_1678892571_CNawjgYQ18VGGL6CirDuMCABKAEwZziY0QpA548QSK3x1gNQ____________AVgAYABoopyqvanCqcmOAXAB&ui=bc3989cf-3fcf-47a3-bbd1-0e65702f20e7-tuctb0b639b&ref=null&cv=20230312-9-RELEASE&item-url=https%3A%2F%2Fwww.grammarly.com%2F--

HTTP Response

204
52.152.108.96:443

260 B
5
20.189.173.3:443

322 B
7
93.184.220.29:80

322 B
7
93.184.221.240:80

322 B
7
93.184.221.240:80

322 B
7
173.223.113.164:443

322 B
7
173.223.113.131:80

322 B
7
204.79.197.203:80

322 B
7
204.79.197.200:443

ieonline.microsoft.com

tls, http2

iexplore.exe

1.2kB
8.1kB
15
14

8.8.8.8:53

www.grammarly.com

dns

IEXPLORE.EXE

63 B
111 B
1
1

DNS Request

www.grammarly.com

DNS Response

34.232.86.156

44.207.206.245

54.84.161.29
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

ocsp.r2m01.amazontrust.com

dns

IEXPLORE.EXE

72 B
88 B
1
1

DNS Request

ocsp.r2m01.amazontrust.com

DNS Response

18.65.32.234
8.8.8.8:53

156.86.232.34.in-addr.arpa

dns

72 B
127 B
1
1

DNS Request

156.86.232.34.in-addr.arpa
8.8.8.8:53

136.61.156.108.in-addr.arpa

dns

73 B
130 B
1
1

DNS Request

136.61.156.108.in-addr.arpa
8.8.8.8:53

208.137.222.52.in-addr.arpa

dns

73 B
131 B
1
1

DNS Request

208.137.222.52.in-addr.arpa
8.8.8.8:53

133.137.222.52.in-addr.arpa

dns

73 B
131 B
1
1

DNS Request

133.137.222.52.in-addr.arpa
8.8.8.8:53

142.145.190.20.in-addr.arpa

dns

73 B
172 B
1
1

DNS Request

142.145.190.20.in-addr.arpa
8.8.8.8:53

cdn.cookielaw.org

dns

IEXPLORE.EXE

63 B
95 B
1
1

DNS Request

cdn.cookielaw.org

DNS Response

104.19.188.97

104.19.187.97
8.8.8.8:53

static.grammarly.com

dns

IEXPLORE.EXE

66 B
173 B
1
1

DNS Request

static.grammarly.com

DNS Response

18.65.39.100

18.65.39.79

18.65.39.53

18.65.39.31
8.8.8.8:53

treatment.grammarly.com

dns

iexplore.exe

69 B
262 B
1
1

DNS Request

treatment.grammarly.com

DNS Response

52.86.179.7

54.237.209.135

44.194.142.66

52.7.23.180

52.207.122.210

35.153.122.130

54.87.203.245

18.205.210.195
8.8.8.8:53

234.32.65.18.in-addr.arpa

dns

142 B
252 B
2
2

DNS Request

234.32.65.18.in-addr.arpa

DNS Request

234.32.65.18.in-addr.arpa
8.8.8.8:53

210.81.184.52.in-addr.arpa

dns

144 B
292 B
2
2

DNS Request

210.81.184.52.in-addr.arpa

DNS Request

210.81.184.52.in-addr.arpa
8.8.8.8:53

97.188.19.104.in-addr.arpa

dns

144 B
268 B
2
2

DNS Request

97.188.19.104.in-addr.arpa

DNS Request

97.188.19.104.in-addr.arpa
8.8.8.8:53

100.39.65.18.in-addr.arpa

dns

142 B
252 B
2
2

DNS Request

100.39.65.18.in-addr.arpa

DNS Request

100.39.65.18.in-addr.arpa
8.8.8.8:53

200.179.250.142.in-addr.arpa

dns

148 B
224 B
2
2

DNS Request

200.179.250.142.in-addr.arpa

DNS Request

200.179.250.142.in-addr.arpa
8.8.8.8:53

o565714.ingest.sentry.io

dns

IEXPLORE.EXE

140 B
172 B
2
2

DNS Request

o565714.ingest.sentry.io

DNS Request

o565714.ingest.sentry.io

DNS Response

34.120.195.249

DNS Response

34.120.195.249
8.8.8.8:53

f-log-at.grammarly.io

dns

IEXPLORE.EXE

134 B
390 B
2
2

DNS Request

f-log-at.grammarly.io

DNS Request

f-log-at.grammarly.io

DNS Response

54.84.71.5

34.196.39.218

18.205.218.99

54.158.168.54

107.23.64.210

52.4.230.178

3.213.125.214

54.147.131.109

DNS Response

54.84.71.5

34.196.39.218

18.205.218.99

54.158.168.54

107.23.64.210

52.4.230.178

3.213.125.214

54.147.131.109
8.8.8.8:53

35.36.251.142.in-addr.arpa

dns

144 B
220 B
2
2

DNS Request

35.36.251.142.in-addr.arpa

DNS Request

35.36.251.142.in-addr.arpa
8.8.8.8:53

110.39.251.142.in-addr.arpa

dns

146 B
224 B
2
2

DNS Request

110.39.251.142.in-addr.arpa

DNS Request

110.39.251.142.in-addr.arpa
8.8.8.8:53

249.195.120.34.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

249.195.120.34.in-addr.arpa
8.8.8.8:53

gnar.grammarly.com

dns

IEXPLORE.EXE

64 B
192 B
1
1

DNS Request

gnar.grammarly.com

DNS Response

3.216.158.246

44.194.66.36

34.199.50.218

52.55.101.44

100.24.132.158

3.231.255.137

34.235.23.129

3.211.127.7
8.8.8.8:53

f-log-test.grammarly.io

dns

IEXPLORE.EXE

138 B
394 B
2
2

DNS Request

f-log-test.grammarly.io

DNS Request

f-log-test.grammarly.io

DNS Response

52.1.61.109

34.239.197.243

44.213.140.124

34.194.107.134

34.231.226.0

3.208.62.181

34.224.155.157

23.22.96.25

DNS Response

50.16.222.188

54.87.93.122

3.209.171.220

54.204.52.243

35.170.91.227

34.194.107.134

54.147.131.109

44.205.72.237
8.8.8.8:53

geolocation.onetrust.com

dns

IEXPLORE.EXE

140 B
204 B
2
2

DNS Request

geolocation.onetrust.com

DNS Request

geolocation.onetrust.com

DNS Response

172.64.144.98

104.18.43.158

DNS Response

172.64.144.98

104.18.43.158
8.8.8.8:53

ocsp.r2m02.amazontrust.com

dns

IEXPLORE.EXE

144 B
176 B
2
2

DNS Request

ocsp.r2m02.amazontrust.com

DNS Request

ocsp.r2m02.amazontrust.com

DNS Response

18.65.32.234

DNS Response

18.65.32.234
8.8.8.8:53

67.55.52.23.in-addr.arpa

dns

140 B
266 B
2
2

DNS Request

67.55.52.23.in-addr.arpa

DNS Request

67.55.52.23.in-addr.arpa
8.8.8.8:53

5.71.84.54.in-addr.arpa

dns

138 B
242 B
2
2

DNS Request

5.71.84.54.in-addr.arpa

DNS Request

5.71.84.54.in-addr.arpa
8.8.8.8:53

9.175.53.84.in-addr.arpa

dns

140 B
266 B
2
2

DNS Request

9.175.53.84.in-addr.arpa

DNS Request

9.175.53.84.in-addr.arpa
8.8.8.8:53

246.158.216.3.in-addr.arpa

dns

144 B
254 B
2
2

DNS Request

246.158.216.3.in-addr.arpa

DNS Request

246.158.216.3.in-addr.arpa
8.8.8.8:53

98.144.64.172.in-addr.arpa

dns

144 B
268 B
2
2

DNS Request

98.144.64.172.in-addr.arpa

DNS Request

98.144.64.172.in-addr.arpa
8.8.8.8:53

109.61.1.52.in-addr.arpa

dns

140 B
246 B
2
2

DNS Request

109.61.1.52.in-addr.arpa

DNS Request

109.61.1.52.in-addr.arpa
8.8.8.8:53

stats.g.doubleclick.net

dns

IEXPLORE.EXE

138 B
266 B
2
2

DNS Request

stats.g.doubleclick.net

DNS Request

stats.g.doubleclick.net

DNS Response

142.250.102.154

142.250.102.155

142.250.102.157

142.250.102.156

DNS Response

142.250.102.157

142.250.102.154

142.250.102.156

142.250.102.155
8.8.8.8:53

q.quora.com

dns

IEXPLORE.EXE

114 B
338 B
2
2

DNS Request

q.quora.com

DNS Request

q.quora.com

DNS Response

34.232.31.155

23.20.85.144

54.209.227.7

18.232.20.22

52.0.8.169

3.209.34.109

54.87.222.150

DNS Response

52.0.8.169

54.87.222.150

54.209.227.7

34.232.31.155

23.20.85.144

3.209.34.109

18.232.20.22
8.8.8.8:53

googleads.g.doubleclick.net

dns

IEXPLORE.EXE

146 B
178 B
2
2

DNS Request

googleads.g.doubleclick.net

DNS Request

googleads.g.doubleclick.net

DNS Response

142.250.179.130

DNS Response

142.250.179.194
8.8.8.8:53

snap.licdn.com

dns

IEXPLORE.EXE

60 B
164 B
1
1

DNS Request

snap.licdn.com

DNS Response

23.32.238.152

23.32.238.144
8.8.8.8:53

static.ads-twitter.com

dns

IEXPLORE.EXE

136 B
258 B
2
2

DNS Request

static.ads-twitter.com

DNS Response

151.101.60.157

DNS Request

static.ads-twitter.com

DNS Response

151.101.60.157
8.8.8.8:53

i.geistm.com

dns

IEXPLORE.EXE

116 B
180 B
2
2

DNS Request

i.geistm.com

DNS Request

i.geistm.com

DNS Response

18.208.121.3

52.73.149.107

DNS Response

18.208.121.3

52.73.149.107
8.8.8.8:53

cdn.taboola.com

dns

IEXPLORE.EXE

61 B
167 B
1
1

DNS Request

cdn.taboola.com

DNS Response

151.101.1.44

151.101.65.44

151.101.129.44

151.101.193.44
8.8.8.8:53

11910764.fls.doubleclick.net

dns

IEXPLORE.EXE

148 B
222 B
2
2

DNS Request

11910764.fls.doubleclick.net

DNS Request

11910764.fls.doubleclick.net

DNS Response

142.250.179.134

DNS Response

142.250.179.134
8.8.8.8:53

www.redditstatic.com

dns

IEXPLORE.EXE

132 B
350 B
2
2

DNS Request

www.redditstatic.com

DNS Request

www.redditstatic.com

DNS Response

151.101.1.140

151.101.65.140

151.101.129.140

151.101.193.140

DNS Response

151.101.1.140

151.101.65.140

151.101.129.140

151.101.193.140
8.8.8.8:53

p.teads.tv

dns

IEXPLORE.EXE

112 B
290 B
2
2

DNS Request

p.teads.tv

DNS Request

p.teads.tv

DNS Response

173.223.113.34

DNS Response

173.223.113.34
8.8.8.8:53

bat.bing.com

dns

IEXPLORE.EXE

116 B
324 B
2
2

DNS Request

bat.bing.com

DNS Request

bat.bing.com

DNS Response

204.79.197.200

13.107.21.200

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

www.facebook.com

dns

IEXPLORE.EXE

124 B
214 B
2
2

DNS Request

www.facebook.com

DNS Response

157.240.221.35

DNS Request

www.facebook.com

DNS Response

157.240.221.35
8.8.8.8:53

u.fg8dgt.com

dns

IEXPLORE.EXE

116 B
268 B
2
2

DNS Request

u.fg8dgt.com

DNS Request

u.fg8dgt.com

DNS Response

35.212.132.154

DNS Response

35.212.132.154
8.8.8.8:53

adresults-19-adswizz.attribution.adswizz.com

dns

IEXPLORE.EXE

90 B
168 B
1
1

DNS Request

adresults-19-adswizz.attribution.adswizz.com

DNS Response

54.75.24.234

54.76.221.93

54.76.251.139
8.8.8.8:53

data.adxcel-ec2.com

dns

IEXPLORE.EXE

65 B
129 B
1
1

DNS Request

data.adxcel-ec2.com

DNS Response

52.54.98.146

54.85.11.63

52.54.206.209

54.210.54.178
8.8.8.8:53

cdn.pdst.fm

dns

IEXPLORE.EXE

57 B
73 B
1
1

DNS Request

cdn.pdst.fm

DNS Response

35.244.142.80
8.8.8.8:53

ws.zoominfo.com

dns

IEXPLORE.EXE

61 B
93 B
1
1

DNS Request

ws.zoominfo.com

DNS Response

104.16.101.12

104.16.168.82
8.8.8.8:53

collector-21641.us.tvsquared.com

dns

IEXPLORE.EXE

78 B
167 B
1
1

DNS Request

collector-21641.us.tvsquared.com

DNS Response

3.138.41.239

3.13.191.48

3.13.135.56

3.15.82.75
8.8.8.8:53

js.adsrvr.org

dns

IEXPLORE.EXE

118 B
234 B
2
2

DNS Request

js.adsrvr.org

DNS Response

13.227.222.181

DNS Request

js.adsrvr.org

DNS Response

13.227.222.181
8.8.8.8:53

tag.segmetrics.io

dns

IEXPLORE.EXE

126 B
340 B
2
2

DNS Request

tag.segmetrics.io

DNS Request

tag.segmetrics.io

DNS Response

18.65.39.109

18.65.39.84

18.65.39.44

18.65.39.123

DNS Response

18.65.39.109

18.65.39.84

18.65.39.44

18.65.39.123
8.8.8.8:53

px.adentifi.com

dns

IEXPLORE.EXE

122 B
378 B
2
2

DNS Request

px.adentifi.com

DNS Request

px.adentifi.com

DNS Response

23.23.235.15

34.201.238.83

54.85.216.131

34.233.244.186

52.207.206.215

52.200.85.122

52.54.66.175

34.237.115.206

DNS Response

23.23.235.15

34.201.238.83

54.85.216.131

34.233.244.186

52.207.206.215

52.200.85.122

52.54.66.175

34.237.115.206
8.8.8.8:53

s.yimg.com

dns

IEXPLORE.EXE

112 B
254 B
2
2

DNS Request

s.yimg.com

DNS Request

s.yimg.com

DNS Response

87.248.114.11

87.248.114.12

DNS Response

87.248.114.11

87.248.114.12
8.8.8.8:53

cdn.linkedin.oribi.io

dns

IEXPLORE.EXE

134 B
348 B
2
2

DNS Request

cdn.linkedin.oribi.io

DNS Request

cdn.linkedin.oribi.io

DNS Response

108.156.28.36

108.156.28.104

108.156.28.58

108.156.28.93

DNS Response

108.156.28.36

108.156.28.104

108.156.28.58

108.156.28.93
8.8.8.8:53

px.ads.linkedin.com

dns

IEXPLORE.EXE

130 B
326 B
2
2

DNS Request

px.ads.linkedin.com

DNS Request

px.ads.linkedin.com

DNS Response

13.107.42.14

DNS Response

13.107.42.14
8.8.8.8:53

t.co

dns

IEXPLORE.EXE

100 B
180 B
2
2

DNS Request

t.co

DNS Request

t.co

DNS Response

104.244.42.197

104.244.42.5

104.244.42.69

104.244.42.133

DNS Response

104.244.42.133
8.8.8.8:53

analytics.twitter.com

dns

IEXPLORE.EXE

134 B
330 B
2
2

DNS Request

analytics.twitter.com

DNS Request

analytics.twitter.com

DNS Response

104.244.42.195

104.244.42.131

104.244.42.67

104.244.42.3

DNS Response

104.244.42.195

104.244.42.131

104.244.42.67

104.244.42.3
8.8.8.8:53

alb.reddit.com

dns

IEXPLORE.EXE

60 B
159 B
1
1

DNS Request

alb.reddit.com

DNS Response

151.101.1.140

151.101.65.140

151.101.129.140

151.101.193.140
8.8.8.8:53

pixel.tapad.com

dns

IEXPLORE.EXE

122 B
154 B
2
2

DNS Request

pixel.tapad.com

DNS Request

pixel.tapad.com

DNS Response

34.111.113.62

DNS Response

34.111.113.62
8.8.8.8:53

trc.taboola.com

dns

IEXPLORE.EXE

122 B
354 B
2
2

DNS Request

trc.taboola.com

DNS Request

trc.taboola.com

DNS Response

151.101.1.44

151.101.65.44

151.101.129.44

151.101.193.44

DNS Response

151.101.1.44

151.101.65.44

151.101.129.44

151.101.193.44
8.8.8.8:53

analytics.google.com

dns

IEXPLORE.EXE

132 B
316 B
2
2

DNS Request

analytics.google.com

DNS Request

analytics.google.com

DNS Response

216.239.34.181

216.239.32.181

216.239.38.181

216.239.36.181

DNS Response

216.239.34.181

216.239.32.181

216.239.38.181

216.239.36.181
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

34.113.223.173.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

34.113.223.173.in-addr.arpa
8.8.8.8:53

140.1.101.151.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

140.1.101.151.in-addr.arpa
8.8.8.8:53

154.102.250.142.in-addr.arpa

dns

74 B
108 B
1
1

DNS Request

154.102.250.142.in-addr.arpa
8.8.8.8:53

152.238.32.23.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

152.238.32.23.in-addr.arpa
8.8.8.8:53

44.1.101.151.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

44.1.101.151.in-addr.arpa
8.8.8.8:53

157.60.101.151.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

157.60.101.151.in-addr.arpa
8.8.8.8:53

130.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

130.179.250.142.in-addr.arpa
8.8.8.8:53

226.21.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

226.21.18.104.in-addr.arpa
8.8.8.8:53

197.42.244.104.in-addr.arpa

dns

219 B
219 B
3
3

DNS Request

197.42.244.104.in-addr.arpa

DNS Request

197.42.244.104.in-addr.arpa

DNS Request

197.42.244.104.in-addr.arpa
8.8.8.8:53

36.28.156.108.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

36.28.156.108.in-addr.arpa
8.8.8.8:53

15.235.23.23.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

15.235.23.23.in-addr.arpa
8.8.8.8:53

11.114.248.87.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

11.114.248.87.in-addr.arpa
8.8.8.8:53

239.41.138.3.in-addr.arpa

dns

142 B
266 B
2
2

DNS Request

239.41.138.3.in-addr.arpa

DNS Request

239.41.138.3.in-addr.arpa
8.8.8.8:53

154.132.212.35.in-addr.arpa

dns

146 B
252 B
2
2

DNS Request

154.132.212.35.in-addr.arpa

DNS Request

154.132.212.35.in-addr.arpa
8.8.8.8:53

109.39.65.18.in-addr.arpa

dns

71 B
126 B
1
1

DNS Request

109.39.65.18.in-addr.arpa
8.8.8.8:53

181.222.227.13.in-addr.arpa

dns

73 B
131 B
1
1

DNS Request

181.222.227.13.in-addr.arpa
8.8.8.8:53

12.101.16.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

12.101.16.104.in-addr.arpa
8.8.8.8:53

80.142.244.35.in-addr.arpa

dns

144 B
248 B
2
2

DNS Request

80.142.244.35.in-addr.arpa

DNS Request

80.142.244.35.in-addr.arpa
8.8.8.8:53

234.24.75.54.in-addr.arpa

dns

142 B
266 B
2
2

DNS Request

234.24.75.54.in-addr.arpa

DNS Request

234.24.75.54.in-addr.arpa
8.8.8.8:53

35.221.240.157.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

35.221.240.157.in-addr.arpa
8.8.8.8:53

134.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

134.179.250.142.in-addr.arpa
8.8.8.8:53

155.31.232.34.in-addr.arpa

dns

144 B
254 B
2
2

DNS Request

155.31.232.34.in-addr.arpa

DNS Request

155.31.232.34.in-addr.arpa
8.8.8.8:53

3.121.208.18.in-addr.arpa

dns

142 B
250 B
2
2

DNS Request

3.121.208.18.in-addr.arpa

DNS Request

3.121.208.18.in-addr.arpa
8.8.8.8:53

146.98.54.52.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

146.98.54.52.in-addr.arpa
8.8.8.8:53

14.42.107.13.in-addr.arpa

dns

142 B
314 B
2
2

DNS Request

14.42.107.13.in-addr.arpa

DNS Request

14.42.107.13.in-addr.arpa
8.8.8.8:53

195.42.244.104.in-addr.arpa

dns

219 B
219 B
3
3

DNS Request

195.42.244.104.in-addr.arpa

DNS Request

195.42.244.104.in-addr.arpa

DNS Request

195.42.244.104.in-addr.arpa
8.8.8.8:53

62.113.111.34.in-addr.arpa

dns

144 B
248 B
2
2

DNS Request

62.113.111.34.in-addr.arpa

DNS Request

62.113.111.34.in-addr.arpa
8.8.8.8:53

188.155.64.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

188.155.64.172.in-addr.arpa
8.8.8.8:53

www.linkedin.com

dns

IEXPLORE.EXE

124 B
303 B
2
2

DNS Request

www.linkedin.com

DNS Request

www.linkedin.com

DNS Response

13.107.43.14

DNS Response

13.107.42.14
8.8.8.8:53

sp.analytics.yahoo.com

dns

IEXPLORE.EXE

68 B
131 B
1
1

DNS Request

sp.analytics.yahoo.com

DNS Response

212.82.100.181
8.8.8.8:53

insight.adsrvr.org

dns

IEXPLORE.EXE

128 B
256 B
2
2

DNS Request

insight.adsrvr.org

DNS Request

insight.adsrvr.org

DNS Response

52.223.40.198

35.71.131.137

15.197.193.217

3.33.220.150

DNS Response

52.223.40.198

35.71.131.137

15.197.193.217

3.33.220.150
8.8.8.8:53

rtb.adentifi.com

dns

IEXPLORE.EXE

124 B
380 B
2
2

DNS Request

rtb.adentifi.com

DNS Request

rtb.adentifi.com

DNS Response

34.237.115.206

52.54.66.175

52.207.206.215

34.201.238.83

52.21.7.221

54.85.216.131

52.200.85.122

3.212.4.2

DNS Response

34.237.115.206

52.54.66.175

52.207.206.215

34.201.238.83

52.21.7.221

54.85.216.131

52.200.85.122

3.212.4.2
8.8.8.8:53

us-central1-adaptive-growth.cloudfunctions.net

dns

IEXPLORE.EXE

184 B
216 B
2
2

DNS Request

us-central1-adaptive-growth.cloudfunctions.net

DNS Request

us-central1-adaptive-growth.cloudfunctions.net

DNS Response

216.239.36.54

DNS Response

216.239.36.54
8.8.8.8:53

match.adsrvr.org

dns

IEXPLORE.EXE

124 B
252 B
2
2

DNS Request

match.adsrvr.org

DNS Request

match.adsrvr.org

DNS Response

52.223.40.198

35.71.131.137

15.197.193.217

3.33.220.150

DNS Response

52.223.40.198

35.71.131.137

15.197.193.217

3.33.220.150
8.8.8.8:53

idsync.rlcdn.com

dns

IEXPLORE.EXE

124 B
156 B
2
2

DNS Request

idsync.rlcdn.com

DNS Request

idsync.rlcdn.com

DNS Response

35.190.60.146

DNS Response

35.190.60.146
8.8.8.8:53

action.dstillery.com

dns

IEXPLORE.EXE

132 B
310 B
2
2

DNS Request

action.dstillery.com

DNS Request

action.dstillery.com

DNS Response

104.18.23.234

104.18.22.234

DNS Response

104.18.23.234

104.18.22.234
8.8.8.8:53

cm.g.doubleclick.net

dns

IEXPLORE.EXE

132 B
164 B
2
2

DNS Request

cm.g.doubleclick.net

DNS Request

cm.g.doubleclick.net

DNS Response

142.251.36.34

DNS Response

142.251.36.34
8.8.8.8:53

pixel.rubiconproject.com

dns

IEXPLORE.EXE

140 B
302 B
2
2

DNS Request

pixel.rubiconproject.com

DNS Request

pixel.rubiconproject.com

DNS Response

213.19.162.80

213.19.162.90

DNS Response

213.19.162.90

213.19.162.80
8.8.8.8:53

ib.adnxs.com

dns

IEXPLORE.EXE

116 B
598 B
2
2

DNS Request

ib.adnxs.com

DNS Request

ib.adnxs.com

DNS Response

185.89.211.116

185.89.210.244

185.89.210.141

185.89.211.132

185.89.210.20

185.89.211.12

185.83.142.19

185.89.210.90

185.89.210.212

185.89.210.180

185.89.211.84

185.89.210.46

DNS Response

185.89.211.116

185.89.210.244

185.89.210.141

185.89.211.132

185.89.210.20

185.89.211.12

185.83.142.19

185.89.210.90

185.89.210.212

185.89.210.180

185.89.211.84

185.89.210.46
8.8.8.8:53

ups.analytics.yahoo.com

dns

IEXPLORE.EXE

69 B
254 B
1
1

DNS Request

ups.analytics.yahoo.com

DNS Response

3.75.62.37

3.71.149.231
8.8.8.8:53

100.39.251.142.in-addr.arpa

dns

146 B
222 B
2
2

DNS Request

100.39.251.142.in-addr.arpa

DNS Request

100.39.251.142.in-addr.arpa
8.8.8.8:53

68.32.18.104.in-addr.arpa

dns

142 B
266 B
2
2

DNS Request

68.32.18.104.in-addr.arpa

DNS Request

68.32.18.104.in-addr.arpa
8.8.8.8:53

181.34.239.216.in-addr.arpa

dns

146 B
266 B
2
2

DNS Request

181.34.239.216.in-addr.arpa

DNS Request

181.34.239.216.in-addr.arpa
8.8.8.8:53

14.43.107.13.in-addr.arpa

dns

142 B
314 B
2
2

DNS Request

14.43.107.13.in-addr.arpa

DNS Request

14.43.107.13.in-addr.arpa
8.8.8.8:53

162.179.250.142.in-addr.arpa

dns

148 B
224 B
2
2

DNS Request

162.179.250.142.in-addr.arpa

DNS Request

162.179.250.142.in-addr.arpa
8.8.8.8:53

181.100.82.212.in-addr.arpa

dns

146 B
226 B
2
2

DNS Request

181.100.82.212.in-addr.arpa

DNS Request

181.100.82.212.in-addr.arpa
8.8.8.8:53

198.40.223.52.in-addr.arpa

dns

72 B
128 B
1
1

DNS Request

198.40.223.52.in-addr.arpa
8.8.8.8:53

54.36.239.216.in-addr.arpa

dns

144 B
264 B
2
2

DNS Request

54.36.239.216.in-addr.arpa

DNS Request

54.36.239.216.in-addr.arpa
8.8.8.8:53

206.115.237.34.in-addr.arpa

dns

73 B
129 B
1
1

DNS Request

206.115.237.34.in-addr.arpa
8.8.8.8:53

226.20.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

226.20.18.104.in-addr.arpa
8.8.8.8:53

146.60.190.35.in-addr.arpa

dns

144 B
248 B
2
2

DNS Request

146.60.190.35.in-addr.arpa

DNS Request

146.60.190.35.in-addr.arpa
8.8.8.8:53

234.23.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

234.23.18.104.in-addr.arpa
8.8.8.8:53

116.211.89.185.in-addr.arpa

dns

73 B
134 B
1
1

DNS Request

116.211.89.185.in-addr.arpa
8.8.8.8:53

34.36.251.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

34.36.251.142.in-addr.arpa
8.8.8.8:53

80.162.19.213.in-addr.arpa

dns

144 B
144 B
2
2

DNS Request

80.162.19.213.in-addr.arpa

DNS Request

80.162.19.213.in-addr.arpa
8.8.8.8:53

37.62.75.3.in-addr.arpa

dns

138 B
264 B
2
2

DNS Request

37.62.75.3.in-addr.arpa

DNS Request

37.62.75.3.in-addr.arpa
8.8.8.8:53

action.media6degrees.com

dns

IEXPLORE.EXE

140 B
318 B
2
2

DNS Request

action.media6degrees.com

DNS Request

action.media6degrees.com

DNS Response

104.18.23.234

104.18.22.234

DNS Response

104.18.22.234

104.18.23.234
8.8.8.8:53

trc-events.taboola.com

dns

IEXPLORE.EXE

136 B
272 B
2
2

DNS Request

trc-events.taboola.com

DNS Request

trc-events.taboola.com

DNS Response

141.226.229.48

DNS Response

141.226.229.48
8.8.8.8:53

48.229.226.141.in-addr.arpa

dns

146 B
266 B
2
2

DNS Request

48.229.226.141.in-addr.arpa

DNS Request

48.229.226.141.in-addr.arpa
8.8.8.8:53

200.232.18.117.in-addr.arpa

dns

146 B
288 B
2
2

DNS Request

200.232.18.117.in-addr.arpa

DNS Request

200.232.18.117.in-addr.arpa
8.8.8.8:53

97.238.32.23.in-addr.arpa

dns

142 B
270 B
2
2

DNS Request

97.238.32.23.in-addr.arpa

DNS Request

97.238.32.23.in-addr.arpa
8.8.8.8:53

2.77.109.52.in-addr.arpa

dns

140 B
288 B
2
2

DNS Request

2.77.109.52.in-addr.arpa

DNS Request

2.77.109.52.in-addr.arpa
8.8.8.8:53

2.36.159.162.in-addr.arpa

dns

142 B
266 B
2
2

DNS Request

2.36.159.162.in-addr.arpa

DNS Request

2.36.159.162.in-addr.arpa
8.8.8.8:53

176.122.125.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

176.122.125.40.in-addr.arpa

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

Filesize
1KB

MD5
5d1ae35983c18e139283a2053219ad3e

SHA1
f4e90962e0db52c0a01330b199e41766e3ce619f

SHA256
ca4f33ddee85b722b343f20963ec0ed0093fd4dffda18ee7331ca59245b3a23a

SHA512
6b5a3a5177cbd49ae4319bab17ae216440e31b9396947c00198ef8df5415f15b595b621f64d4a6d007cf90b21de83b8525edd7db3d8d4aebe378c767bf8b958c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

Filesize
416B

MD5
d66e1ef4417e36ea877e658480d45ede

SHA1
a4c3646d7ff139593554bd05689023958760167c

SHA256
b19eae886b9dbefbe5fa34e8c8ec88578dad1189a0b902fff69a37d4b4743b09

SHA512
66d8d8c9c26f0a858008e96cc4232f15b7b27a475e70106d2100a48b5da037e5c6b6f2f579060444708a32554142059d592ce46948e159273cb6be7438259029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml

Filesize
106B

MD5
78864a0c2da3a53e002b7b1b7fa0e962

SHA1
21e48f2e5b33a6e23b34705efc0b49e1cec71521

SHA256
0d4b6b029928bdf995d1e3c531e78b7f4e34825dbb10bc58bf03de5fea412a34

SHA512
d47db3c0d66a44a31ccf087526728448e8487a60efa7dcac08801ee693b9faecc9c8521eb05082883c9236efc58d8ac6adb90ebfa274e124330560fd1dfc4a46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml

Filesize
198B

MD5
029b8a7e4a72ce00c0fd38e025d3079f

SHA1
8f6cfa0b561920253b076f6062b1ffdce1209b26

SHA256
c5a3a964b6cf5b84d6dc2654da6e744e19a34fe58686860fc3aa075e470f3fde

SHA512
a01f0334f667bf2345e0ea22600fb7f5136e4c8b7a0964fed7a8812913cdb5b9d40f35500359f27aad8ca9bc62c4e622e1243a7f3a8d72dac849780ef0b6e566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml

Filesize
483B

MD5
d2bd3182b679c9d3cdc325e8e533942b

SHA1
266807f3291d2cf4570e433bce3659f037ec614f

SHA256
665898767fc972ddc07e004445b9d5d9821f338c55a13b6fb57483a2c61fca94

SHA512
f802e0e2bd7659098679e8d252006c9e9f96014ee93f446bc703897855c40c55d03819f4d8df627d2670a3bcedf81627d81cb2669df6b4aabb64667a4ef2dcd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml

Filesize
505B

MD5
05083a401da6f12cde2c6436a6d22651

SHA1
ef2e7cbfa7e4f556260cf1304b99dec9a3409d46

SHA256
0c4d6bd8d05e8b77b48dff7e7648fb1c85b5ed180f843c8926e8030e6c2a1dd5

SHA512
098115590a918fc85cbe1dc7988bc94a67987e36cc7d1766673c17e9ab81dcce23608107f6a380f06c285c9b7bd19e1f003e89d5324329e7a2df98cb211c553a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml

Filesize
505B

MD5
05083a401da6f12cde2c6436a6d22651

SHA1
ef2e7cbfa7e4f556260cf1304b99dec9a3409d46

SHA256
0c4d6bd8d05e8b77b48dff7e7648fb1c85b5ed180f843c8926e8030e6c2a1dd5

SHA512
098115590a918fc85cbe1dc7988bc94a67987e36cc7d1766673c17e9ab81dcce23608107f6a380f06c285c9b7bd19e1f003e89d5324329e7a2df98cb211c553a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml

Filesize
1KB

MD5
1b11c625593c0f0c19f05d27d9ede2fd

SHA1
af6ce058851060f31e725fcb43d6482837a803cc

SHA256
b8f7472ffe927640c86d8efe8bd627971189624c50a8b0fac32c49c1307e5bc1

SHA512
398037a95989056a8a5cb19cb97af3c61400a208feed426ecd725bb15179834d3d809bcde5895e5fd824e7a2c76cd2613a382f68aed1e867e7c60cfa248e06b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml

Filesize
1KB

MD5
fe5ad6746f85ef1de1f0dfe8f6e9e3bf

SHA1
69e18c30e1ec0c0fd227c6b5b002b4c9352280ad

SHA256
c36ed798b17c1c90ac4316bcc7c085f67d5fd8b4d091fa6ecd8972a364a35923

SHA512
e7b9157f15ee5aebe43a6f0e3f863596a242033dc93c093ca02399a408ab3a60b481c45e9b32fb0866ddbb7af2248610ae50305b95da5f784134cefc5cdb2318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml

Filesize
1KB

MD5
c5925d2315bbcef5a8b480c1b90668ad

SHA1
6f67d5f0bcad4328da0fc026550951a9dabcf4da

SHA256
1fc5e8c0d0378fce7931ccdd2b0526233163880f0ac341d26643078eb91b0695

SHA512
e377632b938b40cd8fd6167dd2525bb22a07c4318a12453e3019331d3f7581df886ba0dd3fca0ec3ff8db96aa292ac449fba9a4de0281d0fe53bb396042eaf5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml

Filesize
1KB

MD5
1df9e65b8a41d9e1c1b403351e74d4ac

SHA1
10fc53e2f0e57f35f021e82e06f20813a7b0a26f

SHA256
ce4afa5dd79547192b06c9de2cd9d224a0dab6830073e5aa2420aeaecbd20689

SHA512
7ca8a70a21cc7e4100527cd5e2b7ed522ba8b835369391731be619bcd4198e4ad3822235ad6caab68a6babd45dbbb9815b3906339d6fd764e14b149d4aeb5ac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml

Filesize
1KB

MD5
1df9e65b8a41d9e1c1b403351e74d4ac

SHA1
10fc53e2f0e57f35f021e82e06f20813a7b0a26f

SHA256
ce4afa5dd79547192b06c9de2cd9d224a0dab6830073e5aa2420aeaecbd20689

SHA512
7ca8a70a21cc7e4100527cd5e2b7ed522ba8b835369391731be619bcd4198e4ad3822235ad6caab68a6babd45dbbb9815b3906339d6fd764e14b149d4aeb5ac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml

Filesize
1KB

MD5
8e6cd9752929803e8f86771609812dd0

SHA1
447889d6389f6123a3b7252f519924a31799d371

SHA256
3c60e265fa4714918fc209c7fba034c66db39a858830f0de76eaa13a359203f2

SHA512
9fd86f901dce11dc5557377618f5e1f8d9b5a01d90a06952384162b46ee3f804bb5e43d149665acc240de76667e4d876c24ed304887b0115fdfacd4b35a8f55a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml

Filesize
1KB

MD5
8e6cd9752929803e8f86771609812dd0

SHA1
447889d6389f6123a3b7252f519924a31799d371

SHA256
3c60e265fa4714918fc209c7fba034c66db39a858830f0de76eaa13a359203f2

SHA512
9fd86f901dce11dc5557377618f5e1f8d9b5a01d90a06952384162b46ee3f804bb5e43d149665acc240de76667e4d876c24ed304887b0115fdfacd4b35a8f55a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml

Filesize
1KB

MD5
4155fbbdd8c15fb95211c53d99cd0c32

SHA1
b185c3eebec79a1f0cfba6157f84e73f219a0c5d

SHA256
455ed3d778061569c2a52fc8e3c192ac2f519d8fb80559c41292b056d1ed1fbd

SHA512
125878958d96f0a2ec4be564e749d567fbf81ad1f1ad2aa37041e5bc4e41ac74d1285b94112975bd4c5bf0c780a71964a3194dc3bfabc87da15d5c56915a44b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml

Filesize
1KB

MD5
f2a63d962adc27496dcf816feff21f59

SHA1
06fbb32e45908518dfeb30ea4848a9b91877a39f

SHA256
2b6b217a2a2a39fbac8c363c72731469d9bd7385486fd1778c5cc4089c9d97ba

SHA512
fe845619c8ca0c5e183f504feec70d555dc492821c3c3ce4a99d14341cfd00d3c0ca69f065fcb845a8c8e4549c062a0453e26e0f8019775550c11c79c7508a62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml

Filesize
1KB

MD5
0b2bc5af98c3d1fb1add7a2279bf0db1

SHA1
8138cb9d5ce514bbf6f26efaa9a28770b0e98510

SHA256
64b5ec85087475d347abd33e33a84bac693d457f24b03ee3b6630fddff301ac8

SHA512
b947785e5c7b9f5aed1b33500d57bb872eee72738d5ff747b5120f8be91d05d8dfc6bb3522547e3155b7a6b80a88244b91cc4a36b221b9b73d5aee1cfe75267f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml

Filesize
1KB

MD5
06724cec2d5f9a30c92eedff106ce730

SHA1
cfdbfb56d7060d7bf586bf63ac20ca6de746c224

SHA256
f352820546a46f4a5b35aecc3249e9a35bc0f49914f5cf4b3b51849c27409941

SHA512
1965130b4c658d47bbdf2d518bcf382aaf7a46531825c05c5e4b0b4f6c95bc90eb14b6bd31d22eaaf7645f165cf63846c9df17260af1cd6668837f5a2166c9cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml

Filesize
1KB

MD5
bbb1ec4b9d997a3924981cdff01af0ad

SHA1
3e060ccbb4f3815c49e06b29d756fb2489eee7a9

SHA256
f92943488e553af8885edb7ef62ba320d415c0c4cc62b60568487ef6d6f98b51

SHA512
f48453b0f9388ebf3274bb4eb749700193cbcced94565bad1974e8d5c64c2be8c7a8a69ef844b6ea119127f2ba8097fe962038a46fda48230797ed6546370395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml

Filesize
1KB

MD5
804ecdf68413592447c00353300f978a

SHA1
04ac6321bcbddac198c3672d913fab3afc51d485

SHA256
022f12227f761704b52854a59f576ad28a80c716a0fd06f994c70b14b5483a92

SHA512
9d0db55447ed180f6b79dd5240a1d939246bc824f9aa3f3c2f8562d87d9f7cfcb29148c9707a7eaa8c94e19e80549b3940625ad3073cb2d37d391cca0e6b7de9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\feo4h2u\imagestore.dat

Filesize
632B

MD5
a2fd4e90bbfd6c9693ab28876d015292

SHA1
2b688c58d29cc7720254435920134b15e18c5b53

SHA256
a80e2a8b2af55b488968cbbbcd20913415719de89d5e3c16957e3ad43d4725ae

SHA512
8bd314fea2ce0c2bff46fded64bc16773541524656e654d5f8d15208fc3718300e7a27beb5f9ebc65fc2188dcf0bf0518f2e0a1f3c69e6fd4d677ce4b0fa1bda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\up_loader.1.1.0[1].js

Filesize
4KB

MD5
98d98b3499058b76d58073cf8ede2f10

SHA1
2ec5bc839a187c2a4d93499567e8fff091a6bcc4

SHA256
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

SHA512
dc185d5287645b2d8578fad706446fc337db7a34ddff4ce2a473fc09ec4b85cb13ade474edcdc8c973e4e407853a6fcfbbdcb4e58e5376e37f173150bcd1d066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\analytics[1].js

Filesize
49KB

MD5
54e51056211dda674100cc5b323a58ad

SHA1
26dc5034cb6c7f3bbe061edd37c7fc6006cb835b

SHA256
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

SHA512
e305d190287c28ca0cc2e45b909a304194175bb08351ad3f22825b1d632b1a217fb4b90dfd395637932307a8e0cc01da2f47831fa4eda91a18e49efe6685b74b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\favicon-16x16[1].png

Filesize
402B

MD5
2340c99e5888c621067307ab254ae533

SHA1
88689ead0a6a37314312c7eb7f1eb2a71c50b76e

SHA256
66f23b8274c50c3311e814b31d0386816937b904f53783191d84d02cf55ea7a4

SHA512
f2229477198d4c38399cdf182c377e679f53fecdb3b46d27c745216faee16930d81b420aa4fdeb9282bff86ba3088951f7269c39fa67897246f8786365b315df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\gtm[2].js

Filesize
370KB

MD5
8acd9046081690dd0bbcce6cb995b9e5

SHA1
a4f3106e59915d30dc0bf09b3dea69e814d68a62

SHA256
2f269c6b7198cffb4b51ad0ffcf01319ac1525d651693ee2d271303173ced60d

SHA512
443643b1bf94abe27c58cc7f558f6dce8ea6cd1972f8d44113db6e570bf6088cc30cb40739d7129d576f8b1e96a9fc4561b96af877cfe3481a12f583c23cff5f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response