Report - other.landerhd.com/923686280

Report Overview

Submitted URL
other.landerhd.com/923686280
IP
188.240.52.20
ASN
#20857 Signet B.V.
Submitted
2022-11-06 06:01:38
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
cdn.jsdelivr.net	439	2012-09-30T02:15:09Z	2023-03-10T11:13:22Z	806 B	19 kB	151.101.85.229
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-10T05:11:10Z	2.1 kB	4.2 kB	142.250.74.35
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-03-10T13:35:34Z	374 B	21 kB	142.250.74.174
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	3.2 kB	58 kB	34.120.237.76
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	2.0 kB	4.8 kB	93.184.220.29
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	333 B	229 B	34.117.237.239
other.landerhd.com	unknown	2022-06-20T17:26:20Z	2023-02-25T15:37:45Z	2.5 kB	212 kB	188.240.52.20
novidash.com	35171	2021-06-24T11:21:46Z	2023-03-07T16:17:21Z	4.2 kB	11 kB	188.240.52.20
static.hotjar.com	641	2014-11-01T06:14:27Z	2023-03-10T09:34:35Z	379 B	3.4 kB	143.204.55.54
www.dropbox.com	1994	2012-05-21T22:31:28Z	2023-03-10T16:49:44Z	431 B	3.0 kB	162.125.71.18
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	413 B	5.8 kB	34.160.144.191
ocsp.globalsign.com	2075	2012-07-20T19:46:16Z	2023-03-10T05:11:21Z	368 B	1.9 kB	104.18.20.226
use.fontawesome.com	942	2017-01-30T05:43:25Z	2023-03-10T11:05:46Z	930 B	76 kB	172.64.132.15
www.spotify.com	1130	2012-06-20T20:23:09Z	2023-03-10T18:12:04Z	402 B	4.0 kB	35.186.224.25
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	606 B	127 B	35.161.231.36
botd.fpapi.io	297160	2021-06-11T12:56:14Z	2023-03-09T19:21:05Z	486 B	821 B	3.215.11.173
accounts.google.com	81	2016-03-20T13:44:49Z	2023-03-10T12:46:47Z	1.7 kB	5.1 kB	216.58.207.237
stats.g.doubleclick.net	96	2013-06-10T22:21:11Z	2023-03-10T12:41:09Z	610 B	709 B	64.233.162.155
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	1.4 kB	3.5 kB	23.36.77.32
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-10T13:03:15Z	383 B	49 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-06	medium	novidash.com/smartlink-css/63674d8723af0b5b201a67ad?fingerprintid=9e4947f35751465411fd1a4f5c358c78	Phishing
2022-11-06	medium	novidash.com/smartlink-css/63674d8723af0b5b201a67ad	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	other.landerhd.com/923686280	341 B	2023-03-07	2023-08-21
Pretty URL other.landerhd.com/923686280 IP 188.240.52.20 ASN #20857 Signet B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04:00 Last Seen2023-08-21 19:27:28 Times Seen5 Hash 0f9522c6818e7aa63cad4d069d21529a f8f5840df762222a04ee5908bfb75cc2c25886ce 573e0855fe1796a6393b64ac2b113a32232068b80459d190429aa1feb7b3f6c0 Loading...

	other.landerhd.com/923686280	4.9 kB	2023-03-10	2023-03-10
Pretty URL other.landerhd.com/923686280 IP 188.240.52.20 ASN #20857 Signet B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 22:14:52 Last Seen2023-03-10 22:14:52 Times Seen1 Hash b51b50d5b0f4ab999c865e085235f1fc 5bb0ccece9d2be5e74e460778d28781af15ff81f ed80cea742f04bc0c79f240cda9003023921347d8434cd1b310c9e9f40059310 Loading...

	other.landerhd.com/923686280	201 B	2023-03-07	2023-03-17
Pretty URL other.landerhd.com/923686280 IP 188.240.52.20 ASN #20857 Signet B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04:00 Last Seen2023-03-17 12:42:02 Times Seen1 Hash 6a325515b841215a28e5c2fecf2e848f 2d37dbe87f033a179a562d976bae23797d9e2590 7edeab74566fa8c0e6c857da731bf90cf39e37209d6730cf98d3cebefd6f04b5 Loading...

	cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js	9.0 kB	2023-03-07	2023-12-12
Pretty URL cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js IP 151.101.85.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04:00 Last Seen2023-12-12 23:36:16 Times Seen268 Hash 47c385b50143101eb33518d4bdb62b8f 6683889617dc16e817a49c17ce38f358efdf1638 52e6c3e0c3c2d518f8bf787de1e40e557c21e3b072f29c854f6321053e2fbbf3 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-04-24
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-04-24 18:41:20 Times Seen1526 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	static.hotjar.com/c/hotjar-2841648.js?sv=6	5.2 kB	2023-03-10	2023-03-11
Pretty URL static.hotjar.com/c/hotjar-2841648.js?sv=6 IP 143.204.55.54 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 20:21:20 Last Seen2023-03-11 09:00:45 Times Seen1 Hash f6d5103b17684def5ad89b831afc8782 d2ad93e5ff19d8f84f71542e391c4eb305a153fc 44c1181664ebe8addc5db23e887104b9383ff44b287bad69ee40d2d260029769 Loading...

	other.landerhd.com/923686280	390 B	2023-03-07	2023-08-03
Pretty URL other.landerhd.com/923686280 IP 188.240.52.20 ASN #20857 Signet B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04:00 Last Seen2023-08-03 19:02:26 Times Seen2 Hash 37ec97eee90db9751691d233b0d7eedd 7963c49b18fe240baf11a12b8db4e5b7cc5df5df 33a1148e5675c3ef76b2c879aadd190a187a7f1937d4279e54cdd65e40b1c4e5 Loading...

	other.landerhd.com/923686280	838 B	2023-03-07	2023-03-17
Pretty URL other.landerhd.com/923686280 IP 188.240.52.20 ASN #20857 Signet B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:34:54 Last Seen2023-03-17 11:40:57 Times Seen1 Hash 6a2e78eb79ab3d224ecb6f8374a152f1 01430c4b41c3e4ee2fe2022872a1c855baf5dbfb d3b0d867b60b832bb227f6b7d019af71917b25eaecc85bdb3a2138bbe0a7550e Loading...

	other.landerhd.com/923686280	126 B	2023-03-07	2023-08-21
Pretty URL other.landerhd.com/923686280 IP 188.240.52.20 ASN #20857 Signet B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04:00 Last Seen2023-08-21 19:58:13 Times Seen37 Hash dc2ab29926e4c4fba68e9d54511c2b0b 49ab59eeed8d75dfc7f9c24db8bb2d51764bddc5 d824bb9444c588471316cc11c51da26b5a1cb691b0ef4f3cae7aea05c450bcb8 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-TRL5HN2	126 kB	2023-03-10	2023-03-10
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-TRL5HN2 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 22:14:52 Last Seen2023-03-10 22:14:52 Times Seen1 Hash d2aa7e4a5d1bbb0f72b99acedc77da4b b4c2a5bc6cdb9710478fdf54727aae7b91721872 3243c9b3682f0d55f57ac34b082d55cca1e7cc695227d7eb35b45344cd536e17 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 9ad4e1216ab756550243f73914b8cf40	523 B	2023-03-07	2023-03-17
Pretty Observations First Seen2023-03-07 01:34:54 Last Seen2023-03-17 11:40:57 Times Seen1 Hash 9ad4e1216ab756550243f73914b8cf40 86f9009222dca265c17a1b147991fb91a7360281 3d42eee9415522f4e95fcea0cc832841777e9c595370e8a64ddd028a43a6a903 Loading...

	#2 Eval - 7a000d32bbf1305420abd4e347bf90d1	5.8 kB	2023-03-10	2023-03-10
Pretty Observations First Seen2023-03-10 22:14:52 Last Seen2023-03-10 22:14:52 Times Seen1 Hash 7a000d32bbf1305420abd4e347bf90d1 62c130384a99ac3a1237cbdcba72e728df99b683 eb1afca1a9e327f5e6fbba6c98eceb22d3c6b4905320d9e26d6f336b4b3d62ee Loading...

		Size	First Seen	Last Seen
	#1 Write - 01a314c1b9df8a1e936aee8eb0691f89	13 B	2023-03-10	2023-03-11
Pretty Observations First Seen2023-03-10 20:21:20 Last Seen2023-03-11 22:48:34 Times Seen1 Hash 01a314c1b9df8a1e936aee8eb0691f89 97e459bef21de91867f3129361393aa77a6b98a5 62f748cc31e029c1a12139a036536b9b79bdb7ca173a8bd9cef8d4e2264a1011 Loading...

HTTP Transactions (54)

URL IP Response Size

other.landerhd.com/923686280

188.240.52.20

200 OK

6.9 kB

URL HTTP/1.1
other.landerhd.com/923686280
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4905)
Size
6.9 kB (6915 bytes)
Hash
d84a4880bb79fbcea729d4c078441c11
6a38db943ca17e375ed7146c13f76af18082ad3b
a0923d20d81de09701ce0d38bb236665377b5b55ef12ca44671da5ff0eb765f7

HTTP Headers

GET /923686280 HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sun, 06 Nov 2022 06:01:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private, must-revalidate
pragma: no-cache
expires: -1
Set-Cookie: XSRF-TOKEN=eyJpdiI6Im1YbTlwZGhMd1l4WGxxdjRtT2diRXc9PSIsInZhbHVlIjoiNTF6K2lQd0wzbGltWm5aOXhzTExnb0RsWTBBeEFZSmh1MzJMWVBrZHA5UFZ0RzlKSEN4UHlLNXlkRDhtam1xOUZJbko3YzVCVTlJbzBJV1NsSWFxUVdZMXBHbDZCa1F0NHBZUmVnV2gvWkpuaGs0bys2VnhqcmZobVl2d3hPQzEiLCJtYWMiOiJhOTBhZDNhNjNmNmQwMmNkNzMyZjRlOGEzYTJlMTlhMWU5ZDA0MjFlYWZlMDEyOTAzZWM4MmQ2NmQzNTk5MTA4IiwidGFnIjoiIn0%3D; expires=Sun, 06-Nov-2022 08:01:27 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IjBKVTdLYkN2V0oweWVVUkhDT3c3VlE9PSIsInZhbHVlIjoiSVZxMzdKSzJEVWdZMFBOYzNmVDl5Rmc5cTZIREZMYlZ6TVRWOWdPUStxSmh3RzUxVWZINjVPMko3S3lWQTA0K0ltUFczQ1QyYXBaZ1VibFoxalJ4c3JkY0x3eVRGSFJkZXdTc3Z6bGtvZGNTUEh1VlFPUFhWTkxFallYaXlNVHQiLCJtYWMiOiIzZmU2YjM2MzFlYmJmNWIyYWFiODNjMTMyN2E0ZTU4MjJiZThmZWJhNjE5NDNhM2Q1MTAzM2ZkN2Y0MTk5Njk1IiwidGFnIjoiIn0%3D; expires=Sun, 06-Nov-2022 08:01:27 GMT; Max-Age=7200; path=/; httponly; samesite=lax
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b720c31d9c036cd2ef10e35fa29f5345
ac625d2e69284e5080bede4b37c31af62c26338b
323b76eceb5d3ad339a1c55bfa7eea4e39741258e08d5005b691f712a9e9c81c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "323B76ECEB5D3AD339A1C55BFA7EEA4E39741258E08D5005B691F712A9E9C81C"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7875
Expires: Sun, 06 Nov 2022 08:12:42 GMT
Date: Sun, 06 Nov 2022 06:01:27 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
72c64df35304c35cd95e4ed6e101e795
a39287987854d644a8da295da536fb31de8b44c1
a9bf0da57e0f108b376781ede4b9762ae1b0d088910d26fb7be98c2d03e69092

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3851
Cache-Control: max-age=102828
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 06:01:27 GMT
Etag: "63662d58-1d7"
Expires: Mon, 07 Nov 2022 10:35:15 GMT
Last-Modified: Sat, 05 Nov 2022 09:31:04 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
078950c3ba9ad01927f3da494b1d1de4
443c8a8247e4e3e04c14d21e0227fc4e8f396142
dd5dd09fec51669adf36b3014bbf65d7bff608f72018d037f9ed9b414675037c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DD5DD09FEC51669ADF36B3014BBF65D7BFF608F72018D037F9ED9B414675037C"
Last-Modified: Fri, 04 Nov 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7831
Expires: Sun, 06 Nov 2022 08:11:58 GMT
Date: Sun, 06 Nov 2022 06:01:27 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: lEqQOhASJdnBIDSTBAlSoiqpZQewBMLXmvfuzMHwMgQZoBuXGKHun25Mhqpj11J0OM8m0EeoLhc=
x-amz-request-id: 8DC9SRA6RHRGQ7KZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 06 Nov 2022 05:47:31 GMT
age: 836
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 06:01:27 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

other.landerhd.com/landingpages/mcafee/os_versions.png

188.240.52.20

200 OK

3.1 kB

URL HTTP/2
other.landerhd.com/landingpages/mcafee/os_versions.png
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type
PNG image data, 135 x 26, 8-bit/color RGBA, interlaced\012- data
Size
3.1 kB (3073 bytes)
Hash
e662ac219b9626c6488250a2b09640c5
45636878adece610ed4d2c44bb177ac53e68adfb
cb28be8a2c6c7ef36afd59c211b5a1f50ad26229c14ae714c39df687c96ab823

HTTP Headers

GET /landingpages/mcafee/os_versions.png HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 06 Nov 2022 06:01:27 GMT
content-type: image/png
content-length: 3073
last-modified: Fri, 04 Nov 2022 14:33:51 GMT
etag: "636522cf-c01"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

other.landerhd.com/landingpages/mcafee/360.png

188.240.52.20

200 OK

38 kB

URL HTTP/2
other.landerhd.com/landingpages/mcafee/360.png
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type
PNG image data, 125 x 168, 8-bit/color RGBA, non-interlaced\012- data
Size
38 kB (38110 bytes)
Hash
15f432f9006e7256a9452bdd27835619
7042133d844e198542a7cc1fadcc513059130fe6
010ba660952072e4c859f26dd1f74bc21cc2d7bdbf7c37b90d9e3ed279ad500f

HTTP Headers

GET /landingpages/mcafee/360.png HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 06 Nov 2022 06:01:27 GMT
content-type: image/png
content-length: 38110
last-modified: Fri, 04 Nov 2022 14:33:53 GMT
etag: "636522d1-94de"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js

151.101.85.229

200 OK

14 kB

URL HTTP/2
cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js
IP
151.101.85.229:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (33322)
Size
14 kB (14187 bytes)
Hash
aae718b2a0cb61c252946cb2c90eee97
b80eb9c3bde5f4dd455940832989f52d39deafcc
7ac3def7374012c4a78adafd9f76513168890454ad16f053d58060836a582f7f

HTTP Headers

GET /npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.3.6
x-jsd-version-type: version
etag: W/"8378-YyDrsgfkSqD4ErmTv6bGJ5gw0yk"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 06 Nov 2022 06:01:27 GMT
age: 41404
x-served-by: cache-fra-eddf8230075-FRA, cache-bma1637-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 14187
X-Firefox-Spdy: h2

other.landerhd.com/landingpages/mcafee/logo.png

188.240.52.20

200 OK

30 kB

URL HTTP/2
other.landerhd.com/landingpages/mcafee/logo.png
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type
PNG image data, 1280 x 257, 8-bit/color RGBA, non-interlaced\012- data
Size
30 kB (30211 bytes)
Hash
26740ccd6ca2d5d3542f4b0d540bd30c
13c7ccbb771765399a7aeb351a9c8d79e668c480
9db2bed7f1778805e72f7f079f0b8789eaf039e3d9124145d2e88dab53e22ae2

HTTP Headers

GET /landingpages/mcafee/logo.png HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 06 Nov 2022 06:01:27 GMT
content-type: image/png
content-length: 30211
last-modified: Fri, 04 Nov 2022 14:33:53 GMT
etag: "636522d1-7603"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js

151.101.85.229

200 OK

3.1 kB

URL HTTP/2
cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js
IP
151.101.85.229:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (8836)
Size
3.1 kB (3067 bytes)
Hash
b066530dd980f68abf6d92414bc4c7ed
34ad41df121cf682a0471d60e19ca4590fb5314f
b494f22ff0e7d3f34e58eed4232718aec04e61857777fff1bee495f488a52084

HTTP Headers

GET /npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.1.20
x-jsd-version-type: version
etag: W/"2349-ZoOIlhfcFugXpJwXzjjzWO/fFjg"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 06 Nov 2022 06:01:27 GMT
age: 15768
x-served-by: cache-fra-eddf8230022-FRA, cache-bma1637-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3067
X-Firefox-Spdy: h2

ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1

104.18.20.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1462 bytes)
Hash
6865f732ff3df7551ab37e18bd5ff0bd
4df6d1eec4fa346cf284ce2f3bcde69fae1875df
57e14b01e32495d0eddda96eda3ddbe8461636a195d6b0d7ad4eb16ef81a8961

HTTP Headers

POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 06 Nov 2022 06:01:27 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "E0612BEA933CBA086E56A3C6774D2587DAD713E0"
Expires: Sun, 06 Nov 2022 16:00:00 GMT
Last-Modified: Sun, 06 Nov 2022 04:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 3157
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 765b9d5acbc60b4d-OSL

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
1e589c96559102a7bcabd65e8aa78759
2d58005fa5a77b2cddae4fd340d3bcdb61fe58cd
844ac6bcebc216c5925ede01a2f5b266bb161a4ecc50a0b48d0256d185425aa8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 432
Cache-Control: max-age=94373
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 06:01:27 GMT
Etag: "636619ad-1d7"
Expires: Mon, 07 Nov 2022 08:14:20 GMT
Last-Modified: Sat, 05 Nov 2022 08:07:09 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e13e65ad7f6f12300b12d6cd6936d621
575faf606b5c5e39e0fbbef59998bcd3625aa141
10787f99c02b63d52b9b74fcec9497108d67c56c4a9436e0e3c9a7129d727dda

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 06:01:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

other.landerhd.com/landingpages/mcafee/bg.jpg

188.240.52.20

200 OK

130 kB

URL HTTP/2
other.landerhd.com/landingpages/mcafee/bg.jpg
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x613, components 3\012- data
Size
130 kB (129948 bytes)
Hash
444f46588f202bb38dceb8191f606f3e
f4eb55005df6be8068bb9c78d7fc0cd70651a1dc
86102483f8cb9a2d5bd4771914f960e1ea0bf6b1866aa1c2b86f75a1018b94ce

HTTP Headers

GET /landingpages/mcafee/bg.jpg HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 06 Nov 2022 06:01:27 GMT
content-type: image/jpeg
content-length: 129948
last-modified: Fri, 04 Nov 2022 14:33:53 GMT
etag: "636522d1-1fb9c"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
52ac7cf11bc087d232ad0b9209a66e15
698b084e136cac7617fb246cafb47d09b346fae5
8b2d0a8224d50f9930801bbdca121f9845ce4b83ed5acda8bdd76203af571cdd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3349
Cache-Control: max-age=119232
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 06:01:27 GMT
Etag: "63666f62-1d7"
Expires: Mon, 07 Nov 2022 15:08:39 GMT
Last-Modified: Sat, 05 Nov 2022 14:12:50 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
db63d54b77502dd6c7bdc792d4fd093e
026ad8186833988279468829c004c6e2a2f2626f
eff89ef67baa622e8a196ffcadc44d29aafff009bb531da3e979a1f47c3b1c36

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5352
Cache-Control: max-age=99271
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 06:01:28 GMT
Etag: "63661997-1d7"
Expires: Mon, 07 Nov 2022 09:35:59 GMT
Last-Modified: Sat, 05 Nov 2022 08:06:47 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

www.googletagmanager.com/gtm.js?id=GTM-TRL5HN2

142.250.74.168

200 OK

48 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-TRL5HN2
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (3238)
Size
48 kB (48150 bytes)
Hash
d2d442add802875e0edd43d791316be6
ce8ab7766ec6f2a12568fa94b53ccf6ffde39fd8
dbb55d930aa3bf69cb503857866e85ce098c85ebd654af1d6fb144d49777b616

HTTP Headers

GET /gtm.js?id=GTM-TRL5HN2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 06 Nov 2022 06:01:28 GMT
expires: Sun, 06 Nov 2022 06:01:28 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 48150
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e13e65ad7f6f12300b12d6cd6936d621
575faf606b5c5e39e0fbbef59998bcd3625aa141
10787f99c02b63d52b9b74fcec9497108d67c56c4a9436e0e3c9a7129d727dda

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 06:01:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
52ac7cf11bc087d232ad0b9209a66e15
698b084e136cac7617fb246cafb47d09b346fae5
8b2d0a8224d50f9930801bbdca121f9845ce4b83ed5acda8bdd76203af571cdd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3350
Cache-Control: max-age=119232
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 06:01:28 GMT
Etag: "63666f62-1d7"
Expires: Mon, 07 Nov 2022 15:08:40 GMT
Last-Modified: Sat, 05 Nov 2022 14:12:50 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff2

172.64.132.15

200 OK

74 kB

URL HTTP/2
use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff2
IP
172.64.132.15:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 74348, version 329.31064\012- data
Size
74 kB (74348 bytes)
Hash
462806316fea535a6a57651bc2b000b0
80644191098f863f25be27841c0d92c452cf2327
4f9ee3d8f6e621642979e6a8f7e75c57cb9da34918cc08a38abfe178dbae1dd2

HTTP Headers

GET /releases/v5.7.2/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 06 Nov 2022 06:01:28 GMT
content-type: font/woff2
content-length: 74348
x-amz-id-2: qN+aJxZLZ84MfemqSA8nNNg9sivOEwS7Ki2RVTogPJ3fjWzpasCFX1bSxlnkhkaji6Rh1MuTP3w=
x-amz-request-id: QA904QTM8W51FB9W
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:46:18 GMT
etag: "462806316fea535a6a57651bc2b000b0"
cache-control: max-age=31556926
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RKRdYR%2F%2F1jG8%2BzDcLfFdoPzbk5VHeSvEfRLzmt4bggrxQU80Z9mSnCpJNbhdkubR0wnaEHkTX9ATwuE6kHOr%2BDtffVy7f8GQ6yUKpN0N%2FMQxi8kWF3WO85i0lhCEznUVlT%2Fs76%2Bg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 765b9d5d5c2476fb-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.spotify.com/de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico

35.186.224.25

302 Found

2.6 kB

URL HTTP/2
www.spotify.com/de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico
IP
35.186.224.25:0
ASN
#15169 GOOGLE

File type
data
Size
2.6 kB (2631 bytes)
Hash
eadc9df6fa9159915e258bd2d265f10e
0d342e32cfefae984bce8f4b1b4b568c89f02ebb
21b5b13c0bfb347cfb2ff517e75b0876c05118b635fd232a14fe7cf1432b6a5d

HTTP Headers

GET /de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico HTTP/1.1
Host: www.spotify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Sun, 06 Nov 2022 06:01:28 GMT
x-powered-by: Express
set-cookie: sp_usid=ee1c8d0f-b8b0-4264-9a76-15084c9fa13a; Max-Age=1800; Domain=spotify.com; Path=/; Secure
sp_m=de; Path=/; Domain=.spotify.com; Max-Age=115516800; Expires=Sun, 05 Jul 2026 06:01:28 GMT; Secure; HttpOnly; SameSite=Lax
sp_t=eeb259e1-3450-468c-9456-1a4deaaf8ff1; Path=/; Domain=.spotify.com; Max-Age=31536000; Expires=Mon, 06 Nov 2023 06:01:28 GMT; Secure
sp_new=1; Path=/; Domain=.spotify.com; Max-Age=86400; Expires=Mon, 07 Nov 2022 06:01:28 GMT; Secure
sp_landing=https%3A%2F%2Fwww.spotify.com%2Fde%2Flogin%2F; Path=/; Domain=.spotify.com; Max-Age=86400; Expires=Mon, 07 Nov 2022 06:01:28 GMT; Secure; HttpOnly
location: https://accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE
x-join-the-band: https://www.spotify.com/jobs/
content-security-policy: base-uri 'none'; connect-src https: wss:; form-action https:; frame-ancestors 'self' https://*.spotify.com https://*.spotify.net; object-src 'none'
sp-trace-id: 77984eac6210345a
x-envoy-upstream-service-time: 14
server: envoy
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
vary: Accept-Encoding
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

push.services.mozilla.com/

35.161.231.36

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.161.231.36:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8EhFVPyMTfC2zEJiqGAjJg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: iPiklrJ0O5DXzsUFKv3EU3px/hA=

botd.fpapi.io/api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20

3.215.11.173

200 OK

325 B

URL HTTP/2
botd.fpapi.io/api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20
IP
3.215.11.173:0
ASN
#14618 AMAZON-AES

File type
data
Size
325 B (325 bytes)
Hash
22b469b82f0cf25a3382ba9c4fd7c152
b335a6dedf23b89d77ad8504082b143d33138b77
04b9938a34d142ee1a39ee0c8a1f797dbf1fb2370da7338f29559734d06b957b

HTTP Headers

POST /api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20 HTTP/1.1
Host: botd.fpapi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://other.landerhd.com/
Content-Type: text/plain
Origin: http://other.landerhd.com
Content-Length: 20860
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 06 Nov 2022 06:01:28 GMT
content-type: application/octet-stream
content-length: 325
server: nginx
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Origin, Content-Length, Accept-Encoding, Authorization, Auth-Subscriptions, Botd-Password
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://other.landerhd.com
x-amzn-trace-id: Root=1-63674db8-691f92ff2abfde63181a1127
X-Firefox-Spdy: h2

other.landerhd.com/landingpages/mcafee/favicon.ico

188.240.52.20

200 OK

1.2 kB

URL HTTP/2
other.landerhd.com/landingpages/mcafee/favicon.ico
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
ff7441c3264d89023f376e5319dad793
1f0be835d947eb2de35d945ea5b9b92578a8cbd7
93130759a18703dcad5862bc2fd2973edf9ab7e48ba2c0b4cd4fcfaf832df223

HTTP Headers

GET /landingpages/mcafee/favicon.ico HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 06 Nov 2022 06:01:28 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Fri, 04 Nov 2022 14:33:51 GMT
etag: "636522cf-47e"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
498a93ef6474e78f5c7b8ec391786b1c
2fdbd636d3ec6c2476c2ac34697ba171eecdb768
ab9705c42b3e1f2c2cc005974f4dd27f75c27a053bd29e81d2a99824200dcef7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6210
Cache-Control: max-age=169600
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 06:01:28 GMT
Etag: "636728f7-1d7"
Expires: Tue, 08 Nov 2022 05:08:08 GMT
Last-Modified: Sun, 06 Nov 2022 03:24:39 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

www.google-analytics.com/analytics.js

142.250.74.174

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20039 bytes)
Hash
47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 06 Nov 2022 04:41:09 GMT
expires: Sun, 06 Nov 2022 06:41:09 GMT
cache-control: public, max-age=7200
age: 4819
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
138669aacfe3c5c3dbfaad8256736eb1
b10b54047c043a723a5dbc452f01c90d4c56ca03
98bf3006d2b5401089ea2be634624d6263f777bb41f5a3b08d9f5f8fc38bdd10

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 06:01:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
138669aacfe3c5c3dbfaad8256736eb1
b10b54047c043a723a5dbc452f01c90d4c56ca03
98bf3006d2b5401089ea2be634624d6263f777bb41f5a3b08d9f5f8fc38bdd10

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 06:01:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

novidash.com/smartlink-css/63674d8723af0b5b201a67ad?fingerprintid=9e4947f35751465411fd1a4f5c358c78

188.240.52.20

200 OK

397 B

URL HTTP/2
novidash.com/smartlink-css/63674d8723af0b5b201a67ad?fingerprintid=9e4947f35751465411fd1a4f5c358c78
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)\012- data
Size
397 B (397 bytes)
Hash
52c2394da694cb93fe8de2d3962a026c
e0b742a399a61caae21e0ca8235d5ba6e0c47b7c
90a17f481d83322c4ddc0a8324c9d8e720794a4901a965649c756870d44a7724

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /smartlink-css/63674d8723af0b5b201a67ad?fingerprintid=9e4947f35751465411fd1a4f5c358c78 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 22286
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 06 Nov 2022 06:01:28 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IkthbmE1WHZraWNNQjZ4byt5VitlYkE9PSIsInZhbHVlIjoiemhvTGlwaGt6dkxPVXp6R3FSZkJFeWxRU3VnQlA5YWEyM0x1ekI1bVZlQ3hUcWEwdExsbCs5M1BWc0lNSmFmdWhnTzlNKzNTNTUyZzVpbnNocXUwdDRBL0FzdlJON2NVL1N0NWhXTUk3anBaaSs3MExOTUZ2OERINzVlZlRqcUoiLCJtYWMiOiJjZmUzNzNhNDg0ODcwOTgyOWM1YTFjYzI2MDBjNzQxMDVkMGJlMTU4NmEyZjVjM2QwNjM3ZDZiNmUwNWJkZDM1IiwidGFnIjoiIn0%3D; expires=Sun, 06-Nov-2022 08:01:28 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6ImJVNlVJR0NvenhGR2VPMi8vVzJnRHc9PSIsInZhbHVlIjoiVjNuR1RPWjgxaXVObDZ6aURsaGdZajdKdm90ZkZSWWJFWE00SSs4MU01NjAvUjYxMXRuUFFTcUdXZ1RneTNKMDJIOFhteFV1b09DUnRueVk5Q2Fkem5SOG1jNmVBbHp3dEFKQzNIWUgrYUk3Z2NZR3hQR09ZWWpveGtLdDBaMHAiLCJtYWMiOiJhZTM3YmJkMDk1ZTg5N2I0YmEyOTY4N2M4NTE3OTEyNzY2MTY3NGViZDA3MDY4OTI2OTU2M2ZhNDM0MTVjMTJjIiwidGFnIjoiIn0%3D; expires=Sun, 06-Nov-2022 08:01:28 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail

216.58.207.237

302 Found

391 B

URL HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
216.58.207.237:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Size
391 B (391 bytes)
Hash
84fa240f14bb3d3ae55436a82783b228
1b187c476c8f94bfe5ec33c0f174b98658e52f5f
2b0a969b3806b1eb8981d4d394a702767ebd2dda7246ee80d71b1575cb325788

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 06 Nov 2022 06:01:28 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S856626013%3A1667714488620500&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAtUlbnApvJDSF3NNXOPfLpNf9u8RABDlvFu1aAyKZOAbyFJMpl2K1--8DHZGiMlXyX3LN2YtA
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-PWX50-qV3MT8PBhR-XcuEw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 391
server: GSE
set-cookie: __Host-GAPS=1:FzsMbEoxlXCHPZkPQaeQOX8XKuEzAw:mSxT2JoAkYkL2QOI;Path=/;Expires=Tue, 05-Nov-2024 06:01:28 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

static.hotjar.com/c/hotjar-2841648.js?sv=6

143.204.55.54

200 OK

2.7 kB

URL HTTP/2
static.hotjar.com/c/hotjar-2841648.js?sv=6
IP
143.204.55.54:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (3790)
Size
2.7 kB (2728 bytes)
Hash
2226d4d45a72dfe8d497dd7c9015dd03
f97f95f4c3a508293a3b3af8f9b4d244f15baeaa
840d3ec1b7008aa6f053a2c072563160804450a251b5dc9bb25ef98a3fce392f

HTTP Headers

GET /c/hotjar-2841648.js?sv=6 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
date: Sun, 06 Nov 2022 06:01:28 GMT
cache-control: max-age=60
etag: W/f6d5103b17684def5ad89b831afc8782
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: gtwLJ2Z3JaM4aF2jNC38e8HU-R02LYqVuAAM1ateEW-jHLvY3d8UPg==
X-Firefox-Spdy: h2

novidash.com/smartlink-css/63674d8723af0b5b201a67ad

188.240.52.20

200 OK

471 B

URL HTTP/2
novidash.com/smartlink-css/63674d8723af0b5b201a67ad
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type
data
Size
471 B (471 bytes)
Hash
498a93ef6474e78f5c7b8ec391786b1c
2fdbd636d3ec6c2476c2ac34697ba171eecdb768
ab9705c42b3e1f2c2cc005974f4dd27f75c27a053bd29e81d2a99824200dcef7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /smartlink-css/63674d8723af0b5b201a67ad HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 364
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 06 Nov 2022 06:01:28 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6InoyVVJDZm40aWt6bVdRa2ZmQWkwVGc9PSIsInZhbHVlIjoiS0hwelZtVURyWEJENzZNRkQ2THdvTUp0UTBRTkpFUkI2ak9LYUs2NWhqVVo1emcwUGNnWk1tNE1BZ3VDRUZpK2lHcm9NZXRHM1hYYVJiU0hBVWw0Ykw2UU13Mnk1ejExbUFMdlNmcTdsS280akoxK3VmNkE3bE4yL094UUphZWMiLCJtYWMiOiI1ZGMxYzdkMDMxY2U3MTc3ZTFmNDg3MDBkZGU2MWMzNDJmOWMyMTBjZDY0NDkwNWQ1ZmYxZmYxZjBlMWI3OWI3IiwidGFnIjoiIn0%3D; expires=Sun, 06-Nov-2022 08:01:28 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IitRUXRyYVRYRWFuMFNQOHdvb05JZWc9PSIsInZhbHVlIjoid0x5aWFmMGVxQndzWk5jNzQwZXZVQm9aS0xDcWkwMjdZRFJ3c2JRQkZCbzNHMHlDUHk3OVJLVlhydkdVM3d1R2tvSzBuQnRNM2hvU3AzMExrajhZZG93bTBnUUR6MTJ1UVYxRUFNVTBxWUMwdEJoSml2R1dIL0FoV2xmc1VEYk4iLCJtYWMiOiJjYmI4MWNiNWNlODYzMmEyYWQ1OGU1NGI2NGEyMTQ0ODYyNjgwNmFmNTU2MjU4ZDdhNWFkOTVmNjFhOTkzMDg4IiwidGFnIjoiIn0%3D; expires=Sun, 06-Nov-2022 08:01:28 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f3832eb0418d94ec98c40df1bcf3ce5b
74dd7fa6ff4f9da9324c0772d075da5f42ab5879
cc42acc8dffa6c7f0c4c3a16ffe8c88919daf4859b7524a7a0ffc6e4b169c50d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 06:01:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-165133312-2&cid=1249547424.1667714487&jid=1487260894&gjid=79732688&_gid=2079564720.1667714487&_u=YEBAAEAAAAAAACAAI~&z=1070366381

64.233.162.155

200 OK

1 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-165133312-2&cid=1249547424.1667714487&jid=1487260894&gjid=79732688&_gid=2079564720.1667714487&_u=YEBAAEAAAAAAACAAI~&z=1070366381
IP
64.233.162.155:0
ASN
#15169 GOOGLE

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-165133312-2&cid=1249547424.1667714487&jid=1487260894&gjid=79732688&_gid=2079564720.1667714487&_u=YEBAAEAAAAAAACAAI~&z=1070366381 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: http://other.landerhd.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 06 Nov 2022 06:01:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f3832eb0418d94ec98c40df1bcf3ce5b
74dd7fa6ff4f9da9324c0772d075da5f42ab5879
cc42acc8dffa6c7f0c4c3a16ffe8c88919daf4859b7524a7a0ffc6e4b169c50d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 06:01:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8598
Expires: Sun, 06 Nov 2022 08:24:47 GMT
Date: Sun, 06 Nov 2022 06:01:29 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8598
Expires: Sun, 06 Nov 2022 08:24:47 GMT
Date: Sun, 06 Nov 2022 06:01:29 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8df47f1e-c13a-452f-b0e2-28c141dbb191.jpeg

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8df47f1e-c13a-452f-b0e2-28c141dbb191.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7573 bytes)
Hash
b18a8c9f5539ce33476f843f5811e01d
11d1f2ce72d2aa6686c79f777cd0bdb4ddeb681b
fc20e507eedccb52078979f2132434b11b9d50d917cab512d8e0c99515b1236c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8df47f1e-c13a-452f-b0e2-28c141dbb191.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7573
x-amzn-requestid: d56e7b27-f2cb-4cd3-9f67-ba18d1bfe270
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bDkhGHmjoAMFxxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364813a-3a1c18b13c41f38673890b00;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 03:04:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: c-u9tBFoIve3sEwtbUvIFZoPu6eudy3ZFQi8j2m9mTPNEarihTvddw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 03:24:54 GMT
age: 9395
etag: "11d1f2ce72d2aa6686c79f777cd0bdb4ddeb681b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ddf9fb3-adcc-4e34-a9a7-1927e38830dc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.3 kB (9331 bytes)
Hash
93aada35cf6b5ccf56d7c8c49e566a1e
349f301eab8e4cd3732e9b0fbd1675bbbe3e969b
2285236779612c298f54306c6237df079a3329daa415c3f3a9015bf2a75f99aa

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ddf9fb3-adcc-4e34-a9a7-1927e38830dc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9331
x-amzn-requestid: d67eca4f-66a8-4366-b2d8-fb424e77b438
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bJb3lHQmIAMFemg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366d9c9-77519cf22b23b7e00a23cacc;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 21:46:49 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NmS_T1Nswwtz8lYsrR1lvsjS28XJ8xvvJpKLyoRzHJOx4AshLEcRvw==
via: 1.1 6ca7826fb0f4c565b1af9c7737725c48.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 22:16:36 GMT
age: 27893
etag: "349f301eab8e4cd3732e9b0fbd1675bbbe3e969b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10462 bytes)
Hash
4e2853cc6ec6223160471401e6871f4b
f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10462
x-amzn-requestid: 43480a38-fd89-4c47-b8c4-e6ba90b1321c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aMF6oEz_oAMF8Hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e5043-6617fd2e59cab00135301cdd;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 07:05:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: z6Lnru_eeTvRGdsz-q37-HGFgFfIT6fLSFcJBvT3oPjAPilszTWkDw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 09:11:34 GMT
age: 74995
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff56714e2-704b-4327-92b2-54e71d0c4d40.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (8961 bytes)
Hash
dcc79e66d1e21452efb26d26650f6739
1f727a7ea032082658944cf4041686446fb6b5f2
af1fe8de442a365a108d5c03f0d3ae8b0beb1abb4f267a46979f9c885ee026c6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff56714e2-704b-4327-92b2-54e71d0c4d40.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8961
x-amzn-requestid: 3a50374d-d90e-452e-bb89-82ca14c94b52
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bJarpGtqIAMFkPg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366d7e3-55c356475fb64e6625a338c7;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 21:38:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OR8zISm84Iz0FL3Km-aQOHSnjROX2-S_lKloAhMAThT17igEWRbxkA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 21:44:20 GMT
age: 29829
etag: "1f727a7ea032082658944cf4041686446fb6b5f2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e2df91e-2f0b-4002-ac48-4266b47a731e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.9 kB (5924 bytes)
Hash
a8423ab18c5c01b37008421d5f759d13
b285226d6b0bbd979fa2a9775be7cbb07c008aac
55a8c2181fe43644c158a466596218735693a89170454fc7e918a13fb93816db

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e2df91e-2f0b-4002-ac48-4266b47a731e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5924
x-amzn-requestid: 0d34d489-9d9e-4fcb-835b-6ea0292ec429
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bJabZFOPoAMFdvw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366d77b-16a732a9498bfe3078ccf001;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 21:37:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: d4_ZqFNs0orcXlsijqAHrm00n8vIL_yzmLqfL0VlZHdEJLQDj-Pi2g==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 21:44:20 GMT
age: 29829
etag: "b285226d6b0bbd979fa2a9775be7cbb07c008aac"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1fca0567-0bda-4bac-bb89-67725f8861ba.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9634 bytes)
Hash
011dfec799b7ed1ef3699e117fb952c9
589b1281b11a3f0fba3a1445674d45404e49904b
3af8e1de964a857b56aa5cc59a0279779f29c44f57698f96ad728347eb3675a4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1fca0567-0bda-4bac-bb89-67725f8861ba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9634
x-amzn-requestid: 1247a571-4ebd-42e3-9fc0-f0da104a24fc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bJarpGSWIAMFQMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366d7e3-6f1bcfbd6f12dfd00418b844;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 21:38:43 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VFMcJdDPcwHmVZycXB0FC9yFjIFxuN4ylvBioufWLYCDXIlA9fx-0w==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 22:03:47 GMT
age: 28662
etag: "589b1281b11a3f0fba3a1445674d45404e49904b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

novidash.com/smartlink-css/63674d8723af0b5b201a67ad?sop=8&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0

188.240.52.20

200 OK

0 B

URL HTTP/2
novidash.com/smartlink-css/63674d8723af0b5b201a67ad?sop=8&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /smartlink-css/63674d8723af0b5b201a67ad?sop=8&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 06 Nov 2022 06:01:35 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IlRVaUFJcnA1emhYQmpEdmQ2K1BZWHc9PSIsInZhbHVlIjoiZExCUzJ3TXVWSHozNTQ1U3M4bGxTc1R6U0V1S2VXMzlocWpWTUN1elJhVk5KSE9heXhDajdqRGNzYzhrYmsyQTBQRExZY2FPS1gvaDQ0dHBHbi9VM1p5NWlCVzZ2eS9GQXJNOHpYdWIrZXdiWW5IbkY1R281cE5uWEQwNzc4SEEiLCJtYWMiOiJmZWVkMmVlM2M3YTk5NDVlYmYzNjhlOTE5MWMyYTQ5N2VkNzRhZGE4NjRlZTdkYTlmMzg3NzNmYzViOGNjMDE5IiwidGFnIjoiIn0%3D; expires=Sun, 06-Nov-2022 08:01:35 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IjdvTE1SOFJsZVBjZFVnUFdLQUZuREE9PSIsInZhbHVlIjoiaE8yWnVKc1hCeiswaVpZRzN1K1FiQjU1bDJKblNLWk9TOVNLRUhFclRKRzFTcGpPa1JoS2hoWnd1c3hOVDA3eUtLYlJ1UU1TTWYzdUdscWRJZ1IvQ0wxY2hKcGpNQnQ1anpDSVZOTDZ5cEQ2SU16Zk9rYlRjT3BzYnlPN29ORVUiLCJtYWMiOiJhNzJjY2FmNjQ2OGFlMDA3YTc0Nzc1OWExOWQ5NjYwNjI4OTg5MzdmZGZjOThlZjQ1ODk5NjdjM2M4Nzc5ZDkxIiwidGFnIjoiIn0%3D; expires=Sun, 06-Nov-2022 08:01:35 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

www.dropbox.com/login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif

162.125.71.18

200 OK

0 B

URL HTTP/2
www.dropbox.com/login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif
IP
162.125.71.18:0
ASN
#19679 DROPBOX

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif HTTP/1.1
Host: www.dropbox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: no-cache,no-cache, no-store
content-security-policy: base-uri 'self' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; connect-src https://* ws://127.0.0.1:*/ws ; default-src 'none' ; font-src https://* data: ; form-action 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; img-src https://* data: blob: ; media-src https://* blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' https://www.dropbox.com/static/api/ https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client 'nonce-ayxduNbKB0STFsn8vvGo' ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; worker-src https://www.dropbox.com/static/serviceworker/ blob:, report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-ayxduNbKB0STFsn8vvGo' 'nonce-5koSmccGmzOBK2Ki5RvX'
referrer-policy: strict-origin-when-cross-origin
set-cookie: gvc=MTY3MTQ0NzQ3MjgwOTA5NDUxMDkyMDAwOTQ1NDE5MjcxMjA5Mzcy; expires=Fri, 05 Nov 2027 06:01:28 GMT; HttpOnly; Path=/; SameSite=None; Secure
t=q99ImA2e4v_gWZ0YLoNYJyae; Domain=dropbox.com; expires=Wed, 05 Nov 2025 06:01:28 GMT; HttpOnly; Path=/; SameSite=None; Secure
__Host-js_csrf=q99ImA2e4v_gWZ0YLoNYJyae; expires=Wed, 05 Nov 2025 06:01:28 GMT; Path=/; SameSite=None; Secure
__Host-ss=PgpaNFJ-GA; expires=Wed, 05 Nov 2025 06:01:28 GMT; HttpOnly; Path=/; SameSite=Strict; Secure
locale=en; Domain=dropbox.com; expires=Fri, 05 Nov 2027 06:01:28 GMT; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-server-response-time: 205
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8
date: Sun, 06 Nov 2022 06:01:28 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: be3afd9918494d7f8fa7526f66b799dc
X-Firefox-Spdy: h2

novidash.com/smartlink-css/63674d8723af0b5b201a67ad?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0

188.240.52.20

200 OK

0 B

URL HTTP/2
novidash.com/smartlink-css/63674d8723af0b5b201a67ad?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /smartlink-css/63674d8723af0b5b201a67ad?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 06 Nov 2022 06:01:28 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IlhYVEg5a1NNcHJEYWtUV1hrenNMK0E9PSIsInZhbHVlIjoiMG0rN0gvRktFWTBkQ0lrSGp5S3FTQWlVUlM1ODF6WU1vK1JvenNhYXltWGJJWHFtQVNxdjNCbmVpaklESWJ0YnJQR2JSSE1pMHFOemRuNmh4UmM5eVNWNUZyQjN5KzBtejFwMVVnM09kL3cvM25MRDkxMDdVSHRwYkF6RndIOUYiLCJtYWMiOiJiMDkyNzdjOTZjMDQ2NWIyODgwYmE4NTFkNDlmN2RlZmJlYzQ3ZjI1MTIyMmI1NTVlYWQ4ODM2OTZlYTY5MzVlIiwidGFnIjoiIn0%3D; expires=Sun, 06-Nov-2022 08:01:28 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6InN6Tld0UVFzcXpqcXRsSW5WejFQU0E9PSIsInZhbHVlIjoiTlJTQWE2WUFFQ0laQ0lMT3pNQUVkWjUxcnovK2JNazVDbENDdklDUFdkdHRnQlJsUkl1cFg2ZWVKd2Q5SW82SDJ2L3JtSzRiNkxhbCsrUUhheGtuN0o4LzdnaHRGVDM4ejc5Y2Y2YUFUNmN5ZUVxNkpQdVUvRGFyZGR5Z3N0VzQiLCJtYWMiOiI2OTlkZDQ5NGRlZTE3MTBhZjdkNDk4M2ZiM2RkY2NkZWNmOTRiYjQ2YTViYjI4ZDg2NjFkMGNiYzIxZDI4MmM2IiwidGFnIjoiIn0%3D; expires=Sun, 06-Nov-2022 08:01:28 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

novidash.com/smartlink-css/63674d8723af0b5b201a67ad?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0

188.240.52.20

200 OK

0 B

URL HTTP/2
novidash.com/smartlink-css/63674d8723af0b5b201a67ad?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /smartlink-css/63674d8723af0b5b201a67ad?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 06 Nov 2022 06:01:30 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IlRDamNrNmlZZ2J2dnJKSUxzZkR0aVE9PSIsInZhbHVlIjoiellJN2ZVL3d4VWt3M2x5ZGF3amRndFYweTV3V3k2b3d0enlLMFFFaDEyUE8zL3k0L0dMT1U0TzJ2b29OZWg4VFcvaEpBeG90V1d0enhMd3FCVVRUbTNsU3VXWmtSeW92Y1Z3NFMveFhwWHZUUXQ2amI3MndobTV2Q2R3bUNNUmgiLCJtYWMiOiIyMzdlYWI1MzE0ZmI1OWY4MGFmOGY2ZDE4ZGJjNWNlYTUwZTIzY2UzYjI1MmY1MzMzODRhNmE4NTUyYWEyMmQyIiwidGFnIjoiIn0%3D; expires=Sun, 06-Nov-2022 08:01:30 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IkxDZzk3UEg4VlhUM3hwaGxiV2NwR2c9PSIsInZhbHVlIjoiWkVTY2R5ZVFodFRHNWNtYkNEZFl4WVV3eTFGQkkyNUJNZUQwWHFXU0JNOWdndzE2ZzdnUm0xak53YjJqd1ROVVdHOWZET05HN1gzMjg2aEwyaGNxdnpBM1ZOUkVsWmZlMTFVemQxY0xkT3JsZ1FOeWVmUmhuZkROdVpuRTVJNGYiLCJtYWMiOiI1YWQ3OTEwNGRmYjM1ZDc5YTRlY2JjZDk1M2U5OGNlNDAxZGY1MTgyMjJjYmM5MGY4YTczNzJiNDIzNmVhZDU4IiwidGFnIjoiIn0%3D; expires=Sun, 06-Nov-2022 08:01:30 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

novidash.com/smartlink-css/63674d8723af0b5b201a67ad?sop=4&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0

188.240.52.20

200 OK

0 B

URL HTTP/2
novidash.com/smartlink-css/63674d8723af0b5b201a67ad?sop=4&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /smartlink-css/63674d8723af0b5b201a67ad?sop=4&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 06 Nov 2022 06:01:31 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IkZIVzBoV2dxdFVha1E5TnZ2bDljTkE9PSIsInZhbHVlIjoiaUdmcTJqVkNPeHpEcy8yUkRsVi91Y3BTK1JyZHlBNkNvdTVBV2NyMzZIcTNPS3B2QTZGQ3NTUmlwZ3JnOHo5WE5ZMi9VUmtGakFEWitVZXRrbjBqalg1LzdmNWJTWHY0b3J1QjhwVlJ4YmlQNnZJQmxrcWZWaGtqdS9pR2cvL3QiLCJtYWMiOiIzMWNkZWJkOWZlZTJlZTdlN2M1NTE3OTViZTg1NDVlMWE3ZTQyN2Q5Y2ZjZTNhOWFkOTk5NzAwM2Y3NDIyZTNkIiwidGFnIjoiIn0%3D; expires=Sun, 06-Nov-2022 08:01:31 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IlZnaEFNbDVaclZ6MnM3Vld1VVhqeUE9PSIsInZhbHVlIjoidzQxVjlacDl4MVpaZGp0THZXNGRnalpmYW1ISlZ6QkhzNWNmaUVsVnBTVkxtWUZhWklOMnNieHgydkNETGhZQzh0T1RMd3lpbEVZOTQ3dTF0ckh3dklLVUxQUWRub1JoVUFmLzhDL0VpR2JpOGpwQUJObnBvVytPRXh4UkNCK3IiLCJtYWMiOiIzZWJlYjRiODQ0MTMyY2M4ODgxYzVjNmI5Yjc1MmUxMDZmYWIyZmI3Yjk5YWI5ZDM4OWU3MGY4MGRkNGMzZDYzIiwidGFnIjoiIn0%3D; expires=Sun, 06-Nov-2022 08:01:31 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

novidash.com/smartlink-css/63674d8723af0b5b201a67ad?sop=5&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0

188.240.52.20

200 OK

0 B

URL HTTP/2
novidash.com/smartlink-css/63674d8723af0b5b201a67ad?sop=5&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /smartlink-css/63674d8723af0b5b201a67ad?sop=5&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 06 Nov 2022 06:01:32 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6ImoxZnZWSllWR0J4WmIweE9lZG40Mmc9PSIsInZhbHVlIjoiK01SOWxITy9idURoSVFyenZFcTlRSHo2QkduUTVseElFYTNoYjJOMTdUd012bS94aGlOZ01zUjg2WFhJQ0pjb3lHYXRrQXNabU5aa2lSY0dlaXkyYjRoRkdOcjBxMXFlMGFTdTFJMHZWb01yQ29vRytzS1k4UEw2N2RXOHRuOUwiLCJtYWMiOiJjODhmMzZkYTBmN2FiN2I0ZmY0ZGQyNjA0MWJlZjg0NWZkNGYxZjI0YWIwNmU3Njc0N2RlYzcxMzY3NTA0ZGEwIiwidGFnIjoiIn0%3D; expires=Sun, 06-Nov-2022 08:01:32 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IlJxc0Mzc0JsdDJXM3N0Q0hYelc1Z0E9PSIsInZhbHVlIjoiR3BGc09aT3djQVdlQ3dUSUxBMVFDVGY1SUd2R1JpSjUzSkF6dEN5ckpZa1ppbWc1WWQrWGpnVWpJdEpBVDl3RUhRMjhpSE5KUkNXc2RMRHdPQ3FSc0l4ZFkzVFBCZTlnbWxOTW9zaFlBTi9ZaUp1UFdSbUZXNlova2VyZVA2Q3giLCJtYWMiOiJjNWRkNDk5ZTliZGY5OThhZDZiMTJkMjk0OGI4Yjk4ZjJmMTE4NmJlZWViOGFiY2FmYWExZTdkNjkwNDJlYmI4IiwidGFnIjoiIn0%3D; expires=Sun, 06-Nov-2022 08:01:32 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.7.2/css/all.css

172.64.132.15

200 OK

0 B

URL HTTP/2
use.fontawesome.com/releases/v5.7.2/css/all.css
IP
172.64.132.15:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /releases/v5.7.2/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 06 Nov 2022 06:01:27 GMT
content-type: text/css
x-amz-id-2: geDkQt/t03R+z57Cau84mcSvetGsJaCX77DBaFIcoE4M/J/ZJNS+IfJ5jdL4ZbKvicmVL2LnVok=
x-amz-request-id: QA92SDVR3Z41H0PH
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:57 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iNq0nL1J%2BxSDw0T5mGKaVB8nnCIRjBsknkK9Iqvt0cto22ENQX5Og2PezIZNWCqGIqVfmBH81Ra%2FAX87PlEmPlJhQ9UCHSI7A0w1hEozD%2BW9LXVJu6FAKudVtKV75Dk%2FQoAUMBWx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 765b9d59f88876fb-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?dsh=S856626013%3A1667714488620500&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAtUlbnApvJDSF3NNXOPfLpNf9u8RABDlvFu1aAyKZOAbyFJMpl2K1--8DHZGiMlXyX3LN2YtA

216.58.207.237

403 Forbidden

0 B

URL HTTP/2
accounts.google.com/v3/signin/identifier?dsh=S856626013%3A1667714488620500&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAtUlbnApvJDSF3NNXOPfLpNf9u8RABDlvFu1aAyKZOAbyFJMpl2K1--8DHZGiMlXyX3LN2YtA
IP
216.58.207.237:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /v3/signin/identifier?dsh=S856626013%3A1667714488620500&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAtUlbnApvJDSF3NNXOPfLpNf9u8RABDlvFu1aAyKZOAbyFJMpl2K1--8DHZGiMlXyX3LN2YtA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 06 Nov 2022 06:01:28 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
content-security-policy: script-src 'nonce-5n0AedVupBC8OUIBA4zxgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

novidash.com/smartlink-css/63674d8723af0b5b201a67ad?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0

188.240.52.20

200 OK

0 B

URL HTTP/2
novidash.com/smartlink-css/63674d8723af0b5b201a67ad?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /smartlink-css/63674d8723af0b5b201a67ad?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 06 Nov 2022 06:01:29 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6ImtKUkNwaDlXRDlOSjJ5R01haEtTc1E9PSIsInZhbHVlIjoiUUFCQjdDQnRuUXczL2ZCeDkzN2dRZHlwZGxmSkh3U0FXUUZRRVZnencxQ09teHE3djhlUnc4ODl3b0RUQ1ZUVXA2aTREUGlLLzAxQkR3TmdoZEdLQ1BFOVBKY2RwQnFjSHdmeGNzUWFRTXd5d2h1a0tuWHlJaDVvVG8xRnZZTDAiLCJtYWMiOiJmYTM3ZjU4NmQ5NTMyY2Q4YTU0MzY0YjE1MzMwMTVkYWEzMGU2MDA4Y2EzNjAzNzA0OWY4ZWU2Zjc2Y2M0N2YzIiwidGFnIjoiIn0%3D; expires=Sun, 06-Nov-2022 08:01:29 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6Ikw1cFZqMEFTT084a2o4N0FTN2JwT0E9PSIsInZhbHVlIjoiRVBrVVFwdzVqcXBwQmhZS1p2bWw1NDFHMHFEcXYzN0xqRHNyYmRpRWtqSkVGY2FFaGdCSTQvYUtvTStCM00xMEhvMGVReWtDTWFUVEs3eHBIdkVyV1BpQTYzWUF2RFJUTDdScDc3YXltZld1UXNNZ0VJaGdsaTNaRUQ4QnVDMWoiLCJtYWMiOiJkZjM5N2E2OWIwOGY2NDU2NDU4ZjI2MGYyZGUzOGVkZDQ4YTUyZjllYzc1ZTdhMjhiMjVhZmQ4ODM0NDc1NmVlIiwidGFnIjoiIn0%3D; expires=Sun, 06-Nov-2022 08:01:29 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?dsh=S168740517%3A1667714488573418&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuW73zyWZL6pYaXPufywk0I5K4PJ9_YZlS8BTKw7Yh-3Ivu6HrE8dMFXTD7VSwH7b2nugsAGg

216.58.207.237

403 Forbidden

0 B

URL HTTP/2
accounts.google.com/v3/signin/identifier?dsh=S168740517%3A1667714488573418&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuW73zyWZL6pYaXPufywk0I5K4PJ9_YZlS8BTKw7Yh-3Ivu6HrE8dMFXTD7VSwH7b2nugsAGg
IP
216.58.207.237:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /v3/signin/identifier?dsh=S168740517%3A1667714488573418&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuW73zyWZL6pYaXPufywk0I5K4PJ9_YZlS8BTKw7Yh-3Ivu6HrE8dMFXTD7VSwH7b2nugsAGg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 06 Nov 2022 06:01:28 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-HytayqWDkxGcBUKoC6Ej_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations