This page is served from a DIFFERENT origin than dice.fm.
It runs a credentialed fetch to https://p-api.staging.dice.fm/graphql.
The victim's browser holds the SameSite=None _kim_key cookie.
_kim_key
running...