8.8.8.8:53

193.0.160.131:80

GET / HTTP/1.1
Host: p.rfihub.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

HTTP/1.1 404 Not Found
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 153

193.0.160.131:80

GET /favicon.ico HTTP/1.1
Host: p.rfihub.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://p.rfihub.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

HTTP/1.1 404 Not Found
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 153

193.0.160.131:80

GET / HTTP/1.1
Host: p.rfihub.com
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

HTTP/1.1 404 Not Found
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 153

193.0.160.131:80

GET / HTTP/1.1
Host: p.rfihub.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

HTTP/1.1 404 Not Found
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 153

193.0.160.131:80

GET / HTTP/1.1
Host: p.rfihub.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

HTTP/1.1 404 Not Found
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 153

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

216.58.214.10:443

GET /v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAlL1An4iaKj4hIFDUqFnlI=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CNvoygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

8.8.8.8:53

142.251.36.14:443

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

142.251.39.99:443

GET /verify/AGXHOl1hJ16tdVBwxvrCTcDktiyx2GTeSdNKrFXNksZBnDL4UxwNLZ-8_aWzBSm23RAQTNOtsO1jFn_1dBC9PrlIjezuBHTyKXom-9OXZ0f03Vo HTTP/2.0
host: id.google.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CNvoygE=
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: AEC=AUEFqZcUi8ug6rZKlifI8ntUWeTULWt12G-4mhlmMw3ybNQ-LlCtBUqywg
cookie: NID=511=JSzfHkE2rmNUiQgarw62cDp6XQp11PmWv2oF_RB1rWEPIEHfr8zX-j8avTFcOX6PqhIrBRAay9Gu76MY-PtG3YtPwLgujmcyfltv99uSYva51Lpk9zMCb0H-xHhi-pf2ohWAnQGqiWlFYfjS5snetHgD_zF6CwGGkHoqjl5KFrQ
cookie: 1P_JAR=2023-06-28-17

8.8.8.8:53

8.8.8.8:53

104.26.8.188:443

GET /blogs/remove-p-rfihub-com/ HTTP/2.0
host: malwaretips.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
date: Wed, 28 Jun 2023 17:13:07 GMT
content-type: text/html; charset=UTF-8
cf-ray: 7de78efc0f5b0b70-AMS
cf-cache-status: DYNAMIC
link: <https://malwaretips.com/blogs/wp-json/>; rel="https://api.w.org/", <https://malwaretips.com/blogs/wp-json/wp/v2/posts/61962>; rel="alternate"; type="application/json", <https://malwaretips.com/blogs/?p=61962>; rel=shortlink
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-railgun: direct (starting new WAN connection)
wpo-cache-message: In the settings, caching is disabled for matches for one of the current request's GET parameters
wpo-cache-status: not cached
x-powered-by: centminmod
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zY95x%2FRsxwIHkz9otFL6GLNKFhf7DTPJDeTl%2B4CUtLzVJexQzvmv86mDzfXzF%2BmEdZ1Q6asgO96cWaZTjXDj8GiTnqmKle%2B1CuV9YBljjund2D0TXHWzAIPWO4C0%2BaiUwA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

8.8.8.8:53

8.8.8.8:53

142.250.179.130:443

GET /pagead/html/r20230620/r20190131/zrt_lookup.html HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://malwaretips.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

192.0.73.2:443

GET /avatar/e0751a5cec343d088082e4bb3a7a3b3b?s=35&d=wavatar&r=g HTTP/2.0
host: secure.gravatar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://malwaretips.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

192.0.73.2:443

GET /avatar/e0751a5cec343d088082e4bb3a7a3b3b?s=33&d=wavatar&r=g HTTP/2.0
host: secure.gravatar.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://malwaretips.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

8.8.8.8:53

142.251.36.2:443

GET /gampad/cookie.js?domain=malwaretips.com&callback=_gfp_s_&client=ca-pub-7750719144850257 HTTP/2.0
host: partner.googleadservices.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://malwaretips.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

142.251.36.1:443

GET /simgad/11109686247690101921?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qm3lGmNOIN49KIAHgnqC61QGnm_7A HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

142.251.36.1:443

GET /pagead/js/r20230620/r20110914/abg_lite_fy2021.js HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

8.8.8.8:53

172.217.23.194:443

GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/2.0
host: www.googletagservices.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

213.155.156.181:443

GET /cookies/google?google_gid=CAESEPVWZ-cxZvUzCi3dzWSOXME&google_cver=1&google_push=ATf1kGPDMtMHZT_41fcrESb0V8eZwwqyE0lPkQ2zMAiiWS25kZdJxIkgfmbmnFntYHOw0Kgo2Jfj0aOl7H17eFQETSZcx8aI3yD4 HTTP/2.0
host: d5p.de17a.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pagead2.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
content-length: 35
content-type: image/gif
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

35.208.249.213:443

GET /cs/google?google_gid=CAESEAE4ZqG4Fyjchg9dycOBSik&google_cver=1&google_push=ATf1kGO4nNzmR2SsBlJ-NDF2vfs2jlwQOGI1ngNEJSzPt4I_XoWJR_uCB6s7foGVw8OBSrLwwSCcVTtgTbiEaBV24Ruq-uitMffY4bI HTTP/2.0
host: trace.mediago.io
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pagead2.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

142.251.36.2:443

GET /pixel/attr?d=AHNF13JmKCkvctsFwUHzvVZ6gGwTx9nBxEvDYzCtWyPko0JKY3GujUvrB5tpRMu2BmLJhOLxB7Ae0Log HTTP/2.0
host: cm.g.doubleclick.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pagead2.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: IDE=AHWqTUlhkzcg0mQ1Z-DSOzRVhQjD09rJWvo1RMoOfM_3DHXCUpOZjS3-x9-3r5pGbEE
cookie: DSID=NO_DATA

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

209.234.236.22:443

GET /embed/a5878a3d6f2be40db26311f6f8fb21a3/8192.0.js.160x600/xaSxk-2RvCna?click=https://a.rfihub.com/ac/b/c3Q9aHRtbCZhYT01MDk1ODIzLDEyMjM3NzYyMywyNDE4MDg5LDI3MDU3OTE5NywxODc5MjUsMTU3ODM2NSw1YTkxZDc2MzczZDIxNTA3NjUyZjlkMzAwODEyY2MyYixwLDQyOTc3LDU2ODk3Myw3Nzc4MTA3Myw1MDE3NDksMTMwMzYxMyZtdD0xJnJiPTQ0NSZyZT0xMjM4NiZoY2k9JnV1aWQ9NTU5OTYzMTU2NjY5ODI5MTA3MCZkaT0mZGM9MyZkaXNyYz0wJmJpcD0xNTQuNjEuNzEuMCZkaWQ9dGlkXzE1NzgzNjV8bWVkX3JlZ3VsYXI./n/ HTTP/1.1
Host: ad.wsod.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Jun 2023 17:13:19 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.16
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip

209.234.236.22:443

GET /user_privacy.php?v=20230105b HTTP/1.1
Host: ad.wsod.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Jun 2023 17:13:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.16
Cache-Control: private, max-age=5184000
Content-Encoding: gzip

209.234.236.22:443

GET /embed/a5878a3d6f2be40db26311f6f8fb21a3/8192.0.js.160x600/1687972399**;1,0,0;1280x720x1;https%3A_@2F_@2Fgoogleads.g.doubleclick.net_@2Fpagead_@2Fads_@3Fclient%3Dca-pub-7750719144850257_@26output%3Dhtml_@26h%3D600_@26slotname%3D6376638919_@26adk%3D3861630186_@26adf%3D3093873505_@26pi%3Dt.ma~as.6376638919_@26w%3D256_@26fwrn%3D4_@26fwrnh%3D100_@26lmt%3D1687972396_@26rafmt%3D1_@26format%3D256x600_@26url%3Dhttps%253A%252F%252Fmalwaretips.com%252Fblogs%252Fremove-p-rfihub-com%252F_@26fwr%3D0_@26rpe%3D1_@26resp_fmts%3D4_@26wgl%3D1_@26uach%3DWyJXaW5kb3dzIiwiNC4wLjAiLCJ4ODYiLCIiLCIxMDYuMC41MjQ5LjExOSIsW10sMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxMDYuMC41MjQ5LjExOSJdLFsiR29vZ2xlIENocm9tZSIsIjEwNi4wLjUyNDkuMTE5Il0sWyJOb3Q7QT1CcmFuZCIsIjk5LjAuMC4wIl1dLDBd_@26dt%3D1687972396808_@26bpp%3D1_@26bdt%3D10484_@26idt%3D0_@26shv%3Dr20230620_@26mjsv%3Dm202306161001_@26ptt%3D9_@26saldr%3Daa_@26abxe%3D1_@26cookie%3DID%253D14458b3ad5d06fdb-22ee111d05e20045%253AT%253D1687972389%253ART%253D1687972389%253AS%253DALNI_MarsksMJDVfeXToUBl1T1ATeUTd-Q_@26gpic%3DUID%253D00000c7a70aa4021%253AT%253D1687972389%253ART%253D1687972389%253AS%253DALNI_MZ9dei8rNcJ_CeDn9bLZCrEwH_uEA_@26prev_fmts%3D0x0%252C256x600%252C867x280_@26nras%3D1_@26correlator%3D8198946555259_@26frm%3D20_@26pv%3D1_@26ga_vid%3D37881037.1687972388_@26ga_sid%3D1687972388_@26ga_hid%3D1239201660;;;?click=https://a.rfihub.com/ac/b/c3Q9aHRtbCZhYT01MDk1ODIzLDEyMjM3NzYyMywyNDE4MDg5LDI3MDU3OTE5NywxODc5MjUsMTU3ODM2NSw1YTkxZDc2MzczZDIxNTA3NjUyZjlkMzAwODEyY2MyYixwLDQyOTc3LDU2ODk3Myw3Nzc4MTA3Myw1MDE3NDksMTMwMzYxMyZtdD0xJnJiPTQ0NSZyZT0xMjM4NiZoY2k9JnV1aWQ9NTU5OTYzMTU2NjY5ODI5MTA3MCZkaT0mZGM9MyZkaXNyYz0wJmJpcD0xNTQuNjEuNzEuMCZkaWQ9dGlkXzE1NzgzNjV8bWVkX3JlZ3VsYXI./n/ HTTP/1.1
Host: ad.wsod.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Jun 2023 17:13:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.16
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Set-Cookie: ub=L5744649c6a302666c:0:1280:720:1; expires=Sun, 27-Aug-2023 17:13:20 GMT; path=/; domain=.wsod.com; SameSite=None; secure; httponly
Set-Cookie: f25=!!!!!!0:1687972400; expires=Sat, 29-Jul-2023 17:13:20 GMT; path=/; domain=.wsod.com; SameSite=None; secure; httponly
Set-Cookie: g36013=84:8192:7626:969:__::1687972400:L!!!!!!!!; expires=Sat, 29-Jul-2023 17:13:20 GMT; path=/; domain=.wsod.com; SameSite=None; secure; httponly
Content-Encoding: gzip

209.234.236.22:443

GET //pixel/lr.php HTTP/1.1
Host: ad.wsod.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: tmpUB=S31178322673081028; ub=L5744649c6a302666c:0:1280:720:1; f25=!!!!!!0:1687972400; g36013=84:8192:7626:969:__::1687972400:L!!!!!!!!

HTTP/1.1 302 Found
Server: nginx
Date: Wed, 28 Jun 2023 17:13:20 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Set-Cookie: mp=L5744649c6a302666c; expires=Wed, 05-Jul-2023 17:13:20 GMT; path=/; domain=.wsod.com; SameSite=None; secure; httponly
Location: //idsync.rlcdn.com/403486.gif?partner_uid=L5744649c6a302666c

209.234.236.22:443

GET /view/a5878a3d6f2be40db26311f6f8fb21a3/8192.7626.1.160x600.1687972400.L5744649c6a302666c.6245.__.0/1687972399007.4275**;; HTTP/1.1
Host: ad.wsod.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: tmpUB=S31178322673081028; ub=L5744649c6a302666c:0:1280:720:1; f25=!!!!!!0:1687972400; g36013=84:8192:7626:969:__::1687972400:L!!!!!!!!; mp=L5744649c6a302666c

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Jun 2023 17:13:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.16
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip

209.234.236.22:443

GET /view/a5878a3d6f2be40db26311f6f8fb21a3/8192.7626.10_101.160x600.1687972400.L5744649c6a302666c.6245.__.0/1687972399007.4275**;101%7C1%7C1; HTTP/1.1
Host: ad.wsod.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: tmpUB=S31178322673081028; ub=L5744649c6a302666c:0:1280:720:1; f25=!!!!!!0:1687972400; g36013=84:8192:7626:969:__::1687972400:L!!!!!!!!; mp=L5744649c6a302666c

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Jun 2023 17:13:23 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.16
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Set-Cookie: g36013=84:8192:7626:969:__::1687972400:L!!!!!!84:8192:7626:969:__::1687972403:L!!; expires=Sat, 29-Jul-2023 17:13:23 GMT; path=/; domain=.wsod.com; SameSite=None; secure; httponly
Content-Encoding: gzip

209.234.236.22:443

GET /view/a5878a3d6f2be40db26311f6f8fb21a3/8192.7626.101.160x600.1687972400.L5744649c6a302666c.6245.__.0/1687972399007.4275**;101%7C0%7C5; HTTP/1.1
Host: ad.wsod.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: tmpUB=S31178322673081028; ub=L5744649c6a302666c:0:1280:720:1; f25=!!!!!!0:1687972400; mp=L5744649c6a302666c; g36013=84:8192:7626:969:__::1687972400:L!!!!!!84:8192:7626:969:__::1687972403:L!!

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Jun 2023 17:13:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.16
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip

209.234.236.22:443

GET /view/a5878a3d6f2be40db26311f6f8fb21a3/8192.7626.101.160x600.1687972400.L5744649c6a302666c.6245.__.0/1687972399007.4275**;101%7C0%7C25; HTTP/1.1
Host: ad.wsod.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: tmpUB=S31178322673081028; ub=L5744649c6a302666c:0:1280:720:1; f25=!!!!!!0:1687972400; mp=L5744649c6a302666c; g36013=84:8192:7626:969:__::1687972400:L!!!!!!84:8192:7626:969:__::1687972403:L!!

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Jun 2023 17:13:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.16
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

142.250.179.134:443

GET /activityi;src=1620481;type=tdame177;cat=modin0;u15=L5744649c6a302666c;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=1? HTTP/2.0
host: 1620481.fls.doubleclick.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: IDE=AHWqTUlhkzcg0mQ1Z-DSOzRVhQjD09rJWvo1RMoOfM_3DHXCUpOZjS3-x9-3r5pGbEE
cookie: DSID=NO_DATA

23.221.248.25:443

GET /adview/madview-min-0.0.19-0.js HTTP/2.0
host: ad.wsodcdn.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
content-type: application/javascript
cache-control: max-age=315360000
content-encoding: br
etag: W/"5b85c6c5-5c68"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Thu, 24 Sep 2020 16:53:47 GMT
server: Akamai Resource Optimizer
vary: Accept-Encoding
content-length: 8076
date: Wed, 28 Jun 2023 17:13:20 GMT

18.66.147.14:443

GET /t/beacon?adn=3&ca=221&cr=7626&ord=1687972400&pl=8192&pr=12237&si=84 HTTP/2.0
host: tag.researchnow.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
content-type: image/gif
content-length: 42
date: Wed, 28 Jun 2023 16:20:38 GMT
server: Apache/2.4.57 ()
x-powered-by: PHP/7.2.34
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
p3p: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 87fae571c6ea0d7d1101b71cc2131bba.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-cf-id: Zk032ftrmDRLyjXgBBoiH76qmA1sqVFN91shVQz_J_cZVmsIUIajTA==
age: 3162

8.8.8.8:53

35.190.60.146:443

GET /403486.gif?partner_uid=L5744649c6a302666c HTTP/2.0
host: idsync.rlcdn.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

104.18.24.173:443

GET /i.match?p=b6&u=CAESEKkb6QduRLwOZ7ZCuKqApRY&google_cver=1&google_push=ATf1kGP745ZYPkDBEhZVRtkLqnC21FGs_oW5_IRmqwX7k5Ld7VmgK3B6NaKkV-c09iH-IYR8f4rxgFYU0V9A0ivckPpiffXVScX6kRY&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGP745ZYPkDBEhZVRtkLqnC21FGs_oW5_IRmqwX7k5Ld7VmgK3B6NaKkV-c09iH-IYR8f4rxgFYU0V9A0ivckPpiffXVScX6kRY%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP/2.0
host: a.tribalfusion.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pagead2.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 302
date: Wed, 28 Jun 2023 17:13:20 GMT
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEKkb6QduRLwOZ7ZCuKqApRY&google_cver=1&google_push=ATf1kGP745ZYPkDBEhZVRtkLqnC21FGs_oW5_IRmqwX7k5Ld7VmgK3B6NaKkV-c09iH-IYR8f4rxgFYU0V9A0ivckPpiffXVScX6kRY&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGP745ZYPkDBEhZVRtkLqnC21FGs_oW5_IRmqwX7k5Ld7VmgK3B6NaKkV-c09iH-IYR8f4rxgFYU0V9A0ivckPpiffXVScX6kRY%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 206
x-reuse-index: 54
cache-control: no-cache
cache-control: private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: ANON_ID=aenoeUu4YUtmqcnc2vKNbUscMT2ceZc6t5UTZcPNmI; path=/; domain=.tribalfusion.com; expires=Tue, 26-Sep-2023 17:13:20 GMT; SameSite=None; Secure;
set-cookie: ANON_ID_old=aenoeUu4YUtmqcnc2vKNbUscMT2ceZc6t5UTZcPNmI; path=/; domain=.tribalfusion.com; expires=Tue, 26-Sep-2023 17:13:20 GMT;
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7de78f4f4ed3b785-AMS
alt-svc: h3=":443"; ma=86400

104.18.24.173:443

GET /z/i.match?p=b6&u=CAESEKkb6QduRLwOZ7ZCuKqApRY&google_cver=1&google_push=ATf1kGP745ZYPkDBEhZVRtkLqnC21FGs_oW5_IRmqwX7k5Ld7VmgK3B6NaKkV-c09iH-IYR8f4rxgFYU0V9A0ivckPpiffXVScX6kRY&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGP745ZYPkDBEhZVRtkLqnC21FGs_oW5_IRmqwX7k5Ld7VmgK3B6NaKkV-c09iH-IYR8f4rxgFYU0V9A0ivckPpiffXVScX6kRY%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP/2.0
host: s.tribalfusion.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pagead2.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ANON_ID=aenoeUu4YUtmqcnc2vKNbUscMT2ceZc6t5UTZcPNmI

HTTP/2.0 200
date: Wed, 28 Jun 2023 17:13:20 GMT
content-type: image/gif; charset=utf-8
content-length: 43
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 302
cache-control: no-cache
cache-control: private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: ANON_ID=aanseFx2eNlSE0U7bdvNWxTTvvvnMpq6mnUb3PrEg2XxMZdXAvNCFNZdnGbRWM553c9oZbvJ5PeatTnnxNn5QNr; path=/; domain=.tribalfusion.com; expires=Tue, 26-Sep-2023 17:13:20 GMT; SameSite=None; Secure;
set-cookie: ANON_ID_old=aanseFx2eNlSE0U7bdvNWxTTvvvnMpq6mnUb3PrEg2XxMZdXAvNCFNZdnGbRWM553c9oZbvJ5PeatTnnxNn5QNr; path=/; domain=.tribalfusion.com; expires=Tue, 26-Sep-2023 17:13:20 GMT;
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7de78f5098c0b785-AMS
alt-svc: h3=":443"; ma=86400

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

104.17.24.14:443

GET /ajax/libs/gsap/1.18.2/TweenMax.min.js HTTP/2.0
host: cdnjs.cloudflare.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.wsoddata.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
date: Wed, 28 Jun 2023 17:13:22 GMT
content-type: application/javascript; charset=utf-8
content-length: 31489
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e71-1a78a"
last-modified: Mon, 04 May 2020 16:10:25 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 471786
expires: Mon, 17 Jun 2024 17:13:22 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RAxJ3MyChyVBXtKHdTV3ZNNHoPzzwiZc1kkvW8%2FBe3iDXd7Lwq%2FCDKKu%2BWfd%2BJrt%2BLOUo9oI%2FR8Q49VmN2FqG7qYZOv%2F4hUcS%2F8G7yx8yc0vFjaCZ%2FNFks%2BBLaTMAozM665n72BT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7de78f588da6b7a3-AMS
alt-svc: h3=":443"; ma=86400

8.8.8.8:53

8.8.8.8:53

216.58.213.3:443

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 504
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

216.58.213.3:443

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 1714
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

8.8.8.8:53