other.landerhq.com/917729827
188.240.52.20200 OK 6.9 kB URL HTTP/1.1 other.landerhq.com/917729827
IP 188.240.52.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4905)
Hash 040f14a0f20492384ff7394c978fbb74
9f53df9fd1838e23cccb7e9b226f08d4f16ff823
37c08cc762fd45ce1a8290eb5a646b69ec4b6d24ca3239657f9c2f1e44e90c4e
GET /917729827 HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Wed, 26 Oct 2022 00:12:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private, must-revalidate
pragma: no-cache
expires: -1
Set-Cookie: XSRF-TOKEN=eyJpdiI6IjM0NkltWm9DbVEwRkxUTGV5ME1rVGc9PSIsInZhbHVlIjoiTWNSZEFqVm93YnpLelJFZ3JJd3VHYWRBVUFhbHh3WWZyd3RrR21IQ2xROTlFZVVWVXh5SWZ4RXI0cGZkRGVvNlFjTXpFMUNXaDI2NFZRNmxJcFpRcmpwSEhYU1NoSGNFNERMcGpibmRWdE9qTjBuOW1nWkhNUFRrQlYzcnhJYkwiLCJtYWMiOiI3OWMxZGM0ZTNiY2IxMDI0NTM0ZGYxOTA0ODliZGEwMmQ3MTkzMDk2OGNlY2NjNzllMWI0ODBkMzNhNDI2Y2E0IiwidGFnIjoiIn0%3D; expires=Wed, 26-Oct-2022 02:12:44 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IkFVM3FaOXZhVDRnY1ZSeVJPWTNsL0E9PSIsInZhbHVlIjoiRndnQ2pFSUlHcUl2RjNJWWdrTURxZFJQN1l1WjdFYXBmSm5MbkdWM0IyWGNIK2ZZbElFVDd2RkNyaUNWb1Jma05DNDRiMUZCdU1NdWxSWTV4RnNkT3VpdFpLczRMTmw2YWVqK2F0Skhkem84Q0dBanhlNVV2bmlLdlVwMEViSGMiLCJtYWMiOiI1M2ZmMGIwODFmODI5MjlmZmE4YWRhNTMwMDNjYWRiMjgyNTVmMDkwODg2ZjZlNGZhMTI4YjIyMzljMTc1YWRiIiwidGFnIjoiIn0%3D; expires=Wed, 26-Oct-2022 02:12:44 GMT; Max-Age=7200; path=/; httponly; samesite=lax
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b3537658770790ad6cf0d727f0c0acd2
8365cadda05ef27b2ebd627d545e31886b512bde
df992311f130f15459739841de925c7eec2604d5a68ca6b2a67b6dc8d229212c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF992311F130F15459739841DE925C7EEC2604D5A68CA6B2A67B6DC8D229212C"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3687
Expires: Wed, 26 Oct 2022 01:14:11 GMT
Date: Wed, 26 Oct 2022 00:12:44 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c2bba4cad162918b17858b60e909e4d9
d9a1d4f7fb7635ab233ebbf776e6de1a2857032b
3a1d27ec3d034d6326b32f6054b6be46079a86a33e75d5a2a3796a0c4c5eadab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2765
Cache-Control: max-age=122672
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 00:12:44 GMT
Etag: "6357acdf-1d7"
Expires: Thu, 27 Oct 2022 10:17:16 GMT
Last-Modified: Tue, 25 Oct 2022 09:31:11 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8db408c487f7d35bba323046736e8d3a
01b91e2dce7c6d3de9adfe6ff4d38f9b24ab7db0
9aeafc72c1a969243e1fc96f68ce18888034a749ee70582208bf814bd40b61a5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9AEAFC72C1A969243E1FC96F68CE18888034A749EE70582208BF814BD40B61A5"
Last-Modified: Tue, 25 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5728
Expires: Wed, 26 Oct 2022 01:48:12 GMT
Date: Wed, 26 Oct 2022 00:12:44 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: qfDdjTvBeg0BN6HQnXLtNGz/UjsYTkve8LVgWkJlI7PEr0POSusjmaFgIzTQssQVBTkeuLrLYik=
x-amz-request-id: KVPKQGXXY4NN3CYZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 25 Oct 2022 23:38:59 GMT
age: 2025
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js
151.101.85.229200 OK 3.1 kB URL HTTP/2 cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js
IP 151.101.85.229:0
File type ASCII text, with very long lines (8836)
Hash b066530dd980f68abf6d92414bc4c7ed
34ad41df121cf682a0471d60e19ca4590fb5314f
b494f22ff0e7d3f34e58eed4232718aec04e61857777fff1bee495f488a52084
GET /npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.1.20
x-jsd-version-type: version
etag: W/"2349-ZoOIlhfcFugXpJwXzjjzWO/fFjg"
content-encoding: gzip
accept-ranges: bytes
date: Wed, 26 Oct 2022 00:12:44 GMT
age: 32357
x-served-by: cache-fra19173-FRA, cache-bma1633-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3067
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js
151.101.85.229200 OK 14 kB URL HTTP/2 cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js
IP 151.101.85.229:0
File type Unicode text, UTF-8 text, with very long lines (33322)
Hash aae718b2a0cb61c252946cb2c90eee97
b80eb9c3bde5f4dd455940832989f52d39deafcc
7ac3def7374012c4a78adafd9f76513168890454ad16f053d58060836a582f7f
GET /npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.3.6
x-jsd-version-type: version
etag: W/"8378-YyDrsgfkSqD4ErmTv6bGJ5gw0yk"
content-encoding: gzip
accept-ranges: bytes
date: Wed, 26 Oct 2022 00:12:44 GMT
age: 40065
x-served-by: cache-fra19133-FRA, cache-bma1633-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 14187
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 5368369f9244d7ae8d111737bd5ef921
e8af3a4b5f873ad2b90157711c1409e2dacd11de
4467f7c8bd835ebcbb82545b4e33f101d6e4d9605b43066fa732aebd284307e0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5001
Cache-Control: max-age=130643
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 00:12:44 GMT
Etag: "6357c346-118"
Expires: Thu, 27 Oct 2022 12:30:07 GMT
Last-Modified: Tue, 25 Oct 2022 11:06:46 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 280
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 26 Oct 2022 00:12:44 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.21.226:0
Hash 555c760a6de833a0297812a39e52a4ca
3f1f470b2996ecd64763992b4ec8e286df07f14e
ba26e963f7d47ab2a46b3d613722c33c1443dc37142f622837abbeed8c6f2e4a
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 26 Oct 2022 00:12:44 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "0B53E93AF155BD8A3B4E3D02F045F9F56A8BF99C"
Expires: Wed, 26 Oct 2022 11:00:00 GMT
Last-Modified: Tue, 25 Oct 2022 23:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1744
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75fefb6ae8b4b51e-OSL
other.landerhq.com/landingpages/mcafee/os_versions.png
188.240.52.20200 OK 3.1 kB URL HTTP/2 other.landerhq.com/landingpages/mcafee/os_versions.png
IP 188.240.52.20:0
File type PNG image data, 135 x 26, 8-bit/color RGBA, interlaced\012- data
Hash e662ac219b9626c6488250a2b09640c5
45636878adece610ed4d2c44bb177ac53e68adfb
cb28be8a2c6c7ef36afd59c211b5a1f50ad26229c14ae714c39df687c96ab823
GET /landingpages/mcafee/os_versions.png HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Wed, 26 Oct 2022 00:12:44 GMT
content-type: image/png
content-length: 3073
last-modified: Tue, 25 Oct 2022 21:53:56 GMT
etag: "63585af4-c01"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
other.landerhq.com/landingpages/mcafee/logo.png
188.240.52.20200 OK 30 kB URL HTTP/2 other.landerhq.com/landingpages/mcafee/logo.png
IP 188.240.52.20:0
File type PNG image data, 1280 x 257, 8-bit/color RGBA, non-interlaced\012- data
Hash 26740ccd6ca2d5d3542f4b0d540bd30c
13c7ccbb771765399a7aeb351a9c8d79e668c480
9db2bed7f1778805e72f7f079f0b8789eaf039e3d9124145d2e88dab53e22ae2
GET /landingpages/mcafee/logo.png HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Wed, 26 Oct 2022 00:12:44 GMT
content-type: image/png
content-length: 30211
last-modified: Tue, 25 Oct 2022 21:53:56 GMT
etag: "63585af4-7603"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
other.landerhq.com/landingpages/mcafee/360.png
188.240.52.20200 OK 38 kB URL HTTP/2 other.landerhq.com/landingpages/mcafee/360.png
IP 188.240.52.20:0
File type PNG image data, 125 x 168, 8-bit/color RGBA, non-interlaced\012- data
Hash 15f432f9006e7256a9452bdd27835619
7042133d844e198542a7cc1fadcc513059130fe6
010ba660952072e4c859f26dd1f74bc21cc2d7bdbf7c37b90d9e3ed279ad500f
GET /landingpages/mcafee/360.png HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Wed, 26 Oct 2022 00:12:44 GMT
content-type: image/png
content-length: 38110
last-modified: Tue, 25 Oct 2022 21:53:56 GMT
etag: "63585af4-94de"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.2/css/all.css
172.64.132.15200 OK 12 kB URL HTTP/2 use.fontawesome.com/releases/v5.7.2/css/all.css
IP 172.64.132.15:0
File type ASCII text, with very long lines (54456), with no line terminators
Hash 382abbed99db26f704c7bc8e139c3a94
d28592e324194d16f6db151e61cc61c8a8b1a405
70790e3095606a22a343d9d6417d0c1489b00b3b727ca3c311b917719066cc96
GET /releases/v5.7.2/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhq.com
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 00:12:44 GMT
content-type: text/css
x-amz-id-2: od7P++EC6/6LqVzt4CPQKntpz1tMGxI2PCBcLych1PWC/Z4YvJPOMZkU+PJM2knsGokgSmF58NE=
x-amz-request-id: VK1NBWEQ9FTXF5Y6
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:57 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yI%2BJFAfsYgaDs9QEOTmL305lvKx%2FxyZBDPoJgkZ1tAHHCOGOT86CFTZ7LJD5BDepPjGWXVxKs4vGzRK8QyUQTMs6LuMXHWtVRkXLMtJQUeSEz%2FdpE8ezgVTuZFuJwD3jDat10Na5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75fefb6aedde72cc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f1ae675435a8f16bc0b04ec012c41979
182f87a81464c80b0b25fb524c59592cd40b0ef4
9191ced121d8740b4ed3af75db3033e72c0c44c0b45004abd714583deaa749a4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 00:12:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1a5ccf0a023fbcd54e2da3f3a8ff5d1c
902e7145fe5e6b544d42c74d32f269703ab9d2eb
b95dbd753ed6d0854687ba94f8d69706dbd1dde1e4d3f974b84f5f28a9bd5a2a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5729
Cache-Control: max-age=120597
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 00:12:45 GMT
Etag: "63579932-1d7"
Expires: Thu, 27 Oct 2022 09:42:42 GMT
Last-Modified: Tue, 25 Oct 2022 08:07:14 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
www.googletagmanager.com/gtm.js?id=GTM-TRL5HN2
142.250.74.168200 OK 48 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-TRL5HN2
IP 142.250.74.168:0
File type ASCII text, with very long lines (3238)
Hash 8d1cd9e634e9b48e04c9f54ad94fe34e
72b80a270922a60fce053fb8b955b54847f63113
aac3c1cbfcdf3cc9a2e1939019d27a95dec2886f2e31082a0470c2480a4f31c4
GET /gtm.js?id=GTM-TRL5HN2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 26 Oct 2022 00:12:45 GMT
expires: Wed, 26 Oct 2022 00:12:45 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 48205
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 518ff04fd536958e285cf07aaf4a2786
fa5dad2391c2a9957340bd629f0462db4f412a5c
608c78964412d5dc7025e9cbfaef345d448a29eae0f11257c49a41f274917b9a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4022
Cache-Control: max-age=118865
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 00:12:45 GMT
Etag: "63579918-1d7"
Expires: Thu, 27 Oct 2022 09:13:50 GMT
Last-Modified: Tue, 25 Oct 2022 08:06:48 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 351a5950d9cfb827cd3f80bf45b13743
9768a5663c9ba351f2fbd2f918365dd7e8344c92
0262beae63d8187ede1f00703830b21794741be21ca143d8d79a07396f524028
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4349
Cache-Control: max-age=141156
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 00:12:45 GMT
Etag: "6357eee4-1d7"
Expires: Thu, 27 Oct 2022 15:25:21 GMT
Last-Modified: Tue, 25 Oct 2022 14:12:52 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f1ae675435a8f16bc0b04ec012c41979
182f87a81464c80b0b25fb524c59592cd40b0ef4
9191ced121d8740b4ed3af75db3033e72c0c44c0b45004abd714583deaa749a4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 00:12:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
other.landerhq.com/landingpages/mcafee/bg.jpg
188.240.52.20200 OK 130 kB URL HTTP/2 other.landerhq.com/landingpages/mcafee/bg.jpg
IP 188.240.52.20:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x613, components 3\012- data
Size 130 kB (129948 bytes)
Hash 444f46588f202bb38dceb8191f606f3e
f4eb55005df6be8068bb9c78d7fc0cd70651a1dc
86102483f8cb9a2d5bd4771914f960e1ea0bf6b1866aa1c2b86f75a1018b94ce
GET /landingpages/mcafee/bg.jpg HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Wed, 26 Oct 2022 00:12:45 GMT
content-type: image/jpeg
content-length: 129948
last-modified: Tue, 25 Oct 2022 21:53:56 GMT
etag: "63585af4-1fb9c"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 351a5950d9cfb827cd3f80bf45b13743
9768a5663c9ba351f2fbd2f918365dd7e8344c92
0262beae63d8187ede1f00703830b21794741be21ca143d8d79a07396f524028
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4349
Cache-Control: max-age=141156
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 00:12:45 GMT
Etag: "6357eee4-1d7"
Expires: Thu, 27 Oct 2022 15:25:21 GMT
Last-Modified: Tue, 25 Oct 2022 14:12:52 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
44.242.3.166101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.242.3.166:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: CoYT9Hu/Q/2/R4jq32EBUQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: +o1Ck/9UpotbFpn+okzFtX/ma2k=
use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff2
172.64.132.15200 OK 74 kB URL HTTP/2 use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff2
IP 172.64.132.15:0
File type Web Open Font Format (Version 2), TrueType, length 74348, version 329.31064\012- data
Hash 462806316fea535a6a57651bc2b000b0
80644191098f863f25be27841c0d92c452cf2327
4f9ee3d8f6e621642979e6a8f7e75c57cb9da34918cc08a38abfe178dbae1dd2
GET /releases/v5.7.2/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://other.landerhq.com
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 26 Oct 2022 00:12:45 GMT
content-type: font/woff2
content-length: 74348
x-amz-id-2: 2gUk4XsuVjhqZPicLkENvJrw3e28QPZZYx/Z2vMm+rQCxZU9x/hvewd7pqv9U7eGfRHVLUJ7s3U=
x-amz-request-id: 6P0VEX306DRZ2S7Y
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:46:18 GMT
etag: "462806316fea535a6a57651bc2b000b0"
cache-control: max-age=31556926
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mI35M%2ByvHl%2Fb5n0hQkSUMIXSCJW3q9EQ%2F7aJUF2ecY8IvK3oHS8%2FjB%2FiKhHOTT1vCH4rTJX%2B%2F2dkQAY5kWMMX2rsFIQXGQqvFCxMjh5cWmkuKYWh2kw%2FhGTmLbo60OWDXImxZdIG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75fefb6e78e972cc-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 11ef3353db5ddf25824bce60c1f324e6
2cc8a8c56705732742d13afab96501b320ca0173
891d7d60c482f529b2cddc72e0d0ae6f7e5b5586da7f0267f293873f288fbb51
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=98559
Date: Wed, 26 Oct 2022 00:12:45 GMT
Etag: "63574099-1d7"
Expires: Thu, 27 Oct 2022 03:35:24 GMT
Last-Modified: Tue, 25 Oct 2022 01:49:13 GMT
Server: ECS (bsa/EB14)
X-Cache: Miss from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 5u5VH7iQ_fDLZp_vH1yv6dBYx1380q5jh7pAve7nhh1doSgtVT24gQ==
Age: 6371
botd.fpapi.io/api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20
18.210.178.63200 OK 313 B URL HTTP/2 botd.fpapi.io/api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20
IP 18.210.178.63:0
Hash fdb74bb29abe6e318c5e3091d00de4dc
31080e73f801fc039cfa3560d00944b609662048
ff974a26ee8f1d431f885de74febd31e096c09c9c7c56f0a34ef80de6d1e92d0
POST /api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20 HTTP/1.1
Host: botd.fpapi.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://other.landerhq.com/
Content-Type: text/plain
Origin: http://other.landerhq.com
Content-Length: 20848
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 26 Oct 2022 00:12:45 GMT
content-type: application/octet-stream
content-length: 313
server: nginx
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Origin, Content-Length, Accept-Encoding, Authorization, Auth-Subscriptions, Botd-Password
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://other.landerhq.com
x-amzn-trace-id: Root=1-63587b7d-0a8493e476b1442f4cc392d9
X-Firefox-Spdy: h2
other.landerhq.com/landingpages/mcafee/favicon.ico
188.240.52.20200 OK 1.2 kB URL HTTP/2 other.landerhq.com/landingpages/mcafee/favicon.ico
IP 188.240.52.20:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash ff7441c3264d89023f376e5319dad793
1f0be835d947eb2de35d945ea5b9b92578a8cbd7
93130759a18703dcad5862bc2fd2973edf9ab7e48ba2c0b4cd4fcfaf832df223
GET /landingpages/mcafee/favicon.ico HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Wed, 26 Oct 2022 00:12:45 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Tue, 25 Oct 2022 21:53:56 GMT
etag: "63585af4-47e"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c3e11e18c35ff030b8e8c70d88765879
e9642dd6cb4dd1fb409e12860057d38283555c1c
616d00bca0eb2970503260698a759812646ccd77bcf4a3bbd698cbcbbe61829b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 00:12:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Tue, 25 Oct 2022 22:41:09 GMT
expires: Wed, 26 Oct 2022 00:41:09 GMT
cache-control: public, max-age=7200
age: 5496
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c3e11e18c35ff030b8e8c70d88765879
e9642dd6cb4dd1fb409e12860057d38283555c1c
616d00bca0eb2970503260698a759812646ccd77bcf4a3bbd698cbcbbe61829b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 00:12:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e51b6855c0480724d286847fa91528fe
ee6a114e7bc79b1aa1f07b31cb90674c2ba77bbc
174e93f5d04840d025c9807d0c752ad4b96a4350ab968025b0856c5e59599d47
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6366
Cache-Control: max-age=156472
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 00:12:45 GMT
Etag: "635822d7-1d7"
Expires: Thu, 27 Oct 2022 19:40:37 GMT
Last-Modified: Tue, 25 Oct 2022 17:54:31 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 401 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash 07ab8f67c8405c5055f8cd307135e6f6
7e1d3d93cc317137a77c84781ed490e578c8bcdc
cb854d4785856452d9bec52baf023cefb5f29e456f3d05c2775051c4407fda33
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 26 Oct 2022 00:12:45 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1275678292%3A1666743165903131&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrmjeJUn0T-6hX7M_QglLqZjGFTvbxBgJdUz-IjnhVpES5kfgV7MSUuZ6WDA_rRQN7eQ0ohbA
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-8lsXMPkWV74WFJ_5sj5Evw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 401
server: GSE
set-cookie: __Host-GAPS=1:doiU87ufKepUQafF7HKYtr7UbrsVGg:s4Es5lFwqMEeQR1m;Path=/;Expires=Fri, 25-Oct-2024 00:12:45 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 130509513bc271340f20f1c556b2592a
6fd8b0623344d4c06ecf4e0708eb51a37d79ed9d
6a69bfbb5b21f5cfae366b21ab59426e78d51467926430c7bbf44d7f8ac704de
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 00:12:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.dropbox.com/login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif
162.125.71.18200 OK 18 kB URL HTTP/2 www.dropbox.com/login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif
IP 162.125.71.18:0
Hash a6cf018baa72f302617a3f77c535069c
dff03da8d2565f8252f90e59994737df5be2fe6c
7d562e332beb86119e7cb4089848c53c4c7e61e77ea07616282d44d399294985
GET /login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif HTTP/1.1
Host: www.dropbox.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache,no-cache, no-store
content-security-policy: base-uri 'self' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; connect-src https://* ws://127.0.0.1:*/ws ; default-src 'none' ; font-src https://* data: ; form-action 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; img-src https://* data: blob: ; media-src https://* blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' https://www.dropbox.com/static/api/ https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client 'nonce-AKYJ9WqF7dNm5+yo429z' ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; worker-src https://www.dropbox.com/static/serviceworker/ blob:, report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-AKYJ9WqF7dNm5+yo429z' 'nonce-PGYdrs3/YyiLyjVtUOLU'
referrer-policy: strict-origin-when-cross-origin
set-cookie: gvc=MTAxNjEzNTUzNzM4OTUyODQzNzkzODAzMTU1MzI3OTg1NTU3OTE%3D; expires=Mon, 25 Oct 2027 00:12:45 GMT; HttpOnly; Path=/; SameSite=None; Secure
t=dw1jFCsiYS03oQ7TmBNVFz4U; Domain=dropbox.com; expires=Sat, 25 Oct 2025 00:12:45 GMT; HttpOnly; Path=/; SameSite=None; Secure
__Host-js_csrf=dw1jFCsiYS03oQ7TmBNVFz4U; expires=Sat, 25 Oct 2025 00:12:45 GMT; Path=/; SameSite=None; Secure
__Host-ss=U7cKzX9f0A; expires=Sat, 25 Oct 2025 00:12:45 GMT; HttpOnly; Path=/; SameSite=Strict; Secure
locale=en; Domain=dropbox.com; expires=Mon, 25 Oct 2027 00:12:45 GMT; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-server-response-time: 309
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8
date: Wed, 26 Oct 2022 00:12:45 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: ebb0049407e14789a9ae3b40dfbd64fe
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d68830f33c12f2aa839ecd5c96146bb2
c4eca00dde1d737943bc2980b58a7288c06f808c
0b8dd5b33360dae55b75de1bb81fc9404103824c8d987372d1c44f425052f0d7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 00:12:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-165133312-2&cid=695994670.1666743163&jid=1299968879&gjid=718037164&_gid=1930072623.1666743163&_u=YEBAAEAAAAAAACAAI~&z=361354830
173.194.222.156200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-165133312-2&cid=695994670.1666743163&jid=1299968879&gjid=718037164&_gid=1930072623.1666743163&_u=YEBAAEAAAAAAACAAI~&z=361354830
IP 173.194.222.156:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-165133312-2&cid=695994670.1666743163&jid=1299968879&gjid=718037164&_gid=1930072623.1666743163&_u=YEBAAEAAAAAAACAAI~&z=361354830 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://other.landerhq.com
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://other.landerhq.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 26 Oct 2022 00:12:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e51b6855c0480724d286847fa91528fe
ee6a114e7bc79b1aa1f07b31cb90674c2ba77bbc
174e93f5d04840d025c9807d0c752ad4b96a4350ab968025b0856c5e59599d47
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6367
Cache-Control: max-age=156472
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 00:12:46 GMT
Etag: "635822d7-1d7"
Expires: Thu, 27 Oct 2022 19:40:38 GMT
Last-Modified: Tue, 25 Oct 2022 17:54:31 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d68830f33c12f2aa839ecd5c96146bb2
c4eca00dde1d737943bc2980b58a7288c06f808c
0b8dd5b33360dae55b75de1bb81fc9404103824c8d987372d1c44f425052f0d7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 26 Oct 2022 00:12:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 358ecd0ec047d700042e2a62f9847199
7bf4c552f47536fe451dc6ccfb0930c592084ef9
e14317aace5d64e9901867578379dd4dd4252b059070d37722f82ebb2e649d27
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E14317AACE5D64E9901867578379DD4DD4252B059070D37722F82EBB2E649D27"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2550
Expires: Wed, 26 Oct 2022 00:55:17 GMT
Date: Wed, 26 Oct 2022 00:12:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 358ecd0ec047d700042e2a62f9847199
7bf4c552f47536fe451dc6ccfb0930c592084ef9
e14317aace5d64e9901867578379dd4dd4252b059070d37722f82ebb2e649d27
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E14317AACE5D64E9901867578379DD4DD4252B059070D37722F82EBB2E649D27"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2550
Expires: Wed, 26 Oct 2022 00:55:17 GMT
Date: Wed, 26 Oct 2022 00:12:47 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4bb798f-68f7-40da-b8a2-df020464cf6a.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4bb798f-68f7-40da-b8a2-df020464cf6a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bde3afce205445ff4d37fd7304d6703f
940ab4fcf102e23bd3c66ea4ed884758884a3562
4effa7986e9e0f55c88caeefaa3d0523ad7496352c8caeaa1b6d7ef2e40138c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4bb798f-68f7-40da-b8a2-df020464cf6a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12421
x-amzn-requestid: d1acf900-eae0-4c4a-9310-5cabb6cc53c9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alJ2hGsnoAMFXNA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6358568f-315abf3d30887d94198a14af;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:35:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 6vw_9qHLCuynGyCBz_xUgy903P5zAdVijTMIZaozryR6fU4Yd0PC9w==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:49:36 GMT
age: 8591
etag: "940ab4fcf102e23bd3c66ea4ed884758884a3562"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F146a58d8-e764-43d0-9812-6e8fd4a4ddf5.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F146a58d8-e764-43d0-9812-6e8fd4a4ddf5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7b2c3f2a710323cabe8b60f067758182
5d1dfb235e19f623699f0ad023df09d22ceb0645
4c4a5d1e0c9e0e2030f897dfd33200bf109060143e09a826d750c7b3f87cec17
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F146a58d8-e764-43d0-9812-6e8fd4a4ddf5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4678
x-amzn-requestid: 65ffc943-1dbc-457c-9572-c24f75d4c01c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alK9NGhboAMF93w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63585854-3ff1da9f5aeba49e27d3d8d4;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:42:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: QnNW3Q-yaRrtYQ1qcmYmv9tHETKFb0IbMmxQQqBLJuHLjtLT89jidQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 22:05:09 GMT
etag: "5d1dfb235e19f623699f0ad023df09d22ceb0645"
content-type: image/jpeg
age: 7658
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5da11cdb-c8be-46f4-95b0-792c49d930a7.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5da11cdb-c8be-46f4-95b0-792c49d930a7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5987bcd44ab0db5313aa4f409a8a212f
691a36cde98a9fe1660745dd811e0be2ae67036c
e47ce3587c647b52669f675dc7e84e21555f82138091fb04febc951b4c06ba30
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5da11cdb-c8be-46f4-95b0-792c49d930a7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8553
x-amzn-requestid: 69931a9c-027e-428e-a88d-61c5fac64daa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alJ2iEnzoAMFZAA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63585690-12c78c5157fb3fa41a13548c;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:35:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: zfjAcNokC0aMpSY3juYAi_Wo1MMRskGGJ0y9jb7x3Ps9R6wfiUg-IQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:57:47 GMT
age: 8100
etag: "691a36cde98a9fe1660745dd811e0be2ae67036c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7feebb27-e9c6-46cc-a15e-dfe7e14961be.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7feebb27-e9c6-46cc-a15e-dfe7e14961be.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6908328a8d186075fa9e59a172c12913
73771b4bb2eb936ee8efd4039ee4913a51f94f3e
6d1e1ec3b1a3eec27056c711f5f2b957247c7d1e3be6d99c65bb96df74715446
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7feebb27-e9c6-46cc-a15e-dfe7e14961be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8187
x-amzn-requestid: 9f706dbe-6f9a-4839-9576-fcd45af05ccc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alLLKGUAoAMFiEQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635858ad-1fdc6b1b07249d8501117cf1;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:44:13 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: cxM0T_HLsSl-rXU-lmzlflC66GyChydnPjlAhnKJ4fFzysuyEI0rMQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 22:34:42 GMT
etag: "73771b4bb2eb936ee8efd4039ee4913a51f94f3e"
content-type: image/jpeg
age: 5885
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc635673e-499c-4d9c-8bc5-a713fb19e221.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc635673e-499c-4d9c-8bc5-a713fb19e221.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b946c4f2f177828cf7b76c5764e97157
c3856686b98e1883133aa1824c496d34512769a0
be818a015fc9c745ea561a0b9c2aca6ba25ade24acd696fa651163d47b195371
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc635673e-499c-4d9c-8bc5-a713fb19e221.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13796
x-amzn-requestid: 90b1e032-78c6-499d-b564-f25c15e20304
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: alJ2OG0SoAMFx-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6358568e-599d0f526fc6a01f77b67dcf;Sampled=0
x-amzn-remapped-date: Tue, 25 Oct 2022 21:35:10 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: sVS9nFgRyVconkkFTOrCO2zA0cICFNQFB2E1q7SQcVQm5_Dm6khvrA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 21:48:40 GMT
age: 8647
etag: "c3856686b98e1883133aa1824c496d34512769a0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
novidash.com/smartlink-css/63587b4ad0f2cd1d8835d554
188.240.52.20200 OK 5.3 kB URL HTTP/2 novidash.com/smartlink-css/63587b4ad0f2cd1d8835d554
IP 188.240.52.20:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 250f9d4a37cec1e47b62fc5fdb1ee0e1
5fb06917bfb86966f06a981e960ff51df4cc344e
f2972481fbbb03204634e8b817d93f8dfd379033d0a7e20452d7bd4cc3920f99
Analyzer Verdict Alert fortinet Phishing
POST /smartlink-css/63587b4ad0f2cd1d8835d554 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 352
Origin: http://other.landerhq.com
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Wed, 26 Oct 2022 00:12:45 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IjdTeERqRmhUQTd0MW92N05KQTFUTUE9PSIsInZhbHVlIjoiVzdibUFqYzlINzJrZk1PcE9MN3pUSURmZUtsSWhBTm9KVGVET08yaUk3Qm9ZbWR6dm1lZXRXMlZpR1Y1M3B6eVM0VVhvbW04UXBuK1NqUThNWWFodVkrVlhHY0plVGNyU1pQTnJSb1d6bXlGMS9SOXR6cEZVWGNFakw3dkQrVm4iLCJtYWMiOiJkNmViMjQ3ZjhkMjdhMzQ2MWYwMTNjYWFjMmEyYjE3ZDMxNjg3ODYyNDQ1ZWNhZGQ1ZTMyYmNmMjRmZjIwNzAwIiwidGFnIjoiIn0%3D; expires=Wed, 26-Oct-2022 02:12:45 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6ImpWbVl4bG8xR2FDVFAxREJzV1NVU3c9PSIsInZhbHVlIjoiVVNXT2NlcmVsYTdOSlJDNFlFZUFjOWNoNkNZT3AvRy9VeUhtaFlITERqSGp6My8vMlMzZVYxdEZ0enNxOGRIMGlEdG9ZclcvYkZkbnNZckhwNm9oUXR0WjloR0JYRVgrYlZ2Wk1YKy9pWWdlMmhEcGlPSjBmWnljTklnZVRBd00iLCJtYWMiOiI2ODc3YjY1NjYwZGE4NDdkN2VlNDE5ZWU5NGVkNzZlZjU1NjI4MDcwZjFmYTEyOGYzZTc2NjYxZWJhZDM2ZTBmIiwidGFnIjoiIn0%3D; expires=Wed, 26-Oct-2022 02:12:45 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
novidash.com/smartlink-css/63587b4ad0f2cd1d8835d554?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/63587b4ad0f2cd1d8835d554?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
GET /smartlink-css/63587b4ad0f2cd1d8835d554?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhq.com
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Wed, 26 Oct 2022 00:12:47 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6ImR0N0wrUCtGK3YvYWRXL3ZNWHlCQnc9PSIsInZhbHVlIjoiaXdnd0s3dDdLa1JtaktzUlBvM2pzWDBUdDZoUEt6YlJEWjcrT1ZiL0JQQUd5QXBmc2lEYU9aTmk5cGgycmMzVy9yYi9pRHlxV1RHdG1QYTN3V1JZaGNFM1ZUUlE2TFZtZ0lxTHV0cTJiWGNZa25BYzE2VTBPQmpwVDlNcHhueXAiLCJtYWMiOiI2ZmM2ODExN2Y0ZDliYWU3ZGQyNzFmMzUzMjEyODUzMDNmZjI2ZmVkYmFmYmNiYmEyMTYwN2E3YjMyYmM1NGQzIiwidGFnIjoiIn0%3D; expires=Wed, 26-Oct-2022 02:12:47 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IkozWDcxamxiK2lDQWhReTlQeTY3YlE9PSIsInZhbHVlIjoiQ1Nka2tiRlFnVTdsbTdCMCtORGlpejhtd0VMaWVHd0cycWJhRjNBWkNpVjJjMFcvQlRxN2ZYYlVQOS9tQ1UzU2lpZEFkNjFtN0ZtUzFCd3c3R0RjcklIbUhxcmM1ckhwNkFqUlhvMDRmb1BWVkFvU0RQazJTc3hEZTRIY2JaWWEiLCJtYWMiOiI1NDk2YmM4ODc3Y2I1ZWRkMDBkODgyMjAwNWRlNWU0Mzg3MGEzNDRjNWViODI3N2Y0M2EyNWQyOWMxZmU1NGY0IiwidGFnIjoiIn0%3D; expires=Wed, 26-Oct-2022 02:12:47 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
novidash.com/smartlink-css/63587b4ad0f2cd1d8835d554?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/63587b4ad0f2cd1d8835d554?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
GET /smartlink-css/63587b4ad0f2cd1d8835d554?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhq.com
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Wed, 26 Oct 2022 00:12:46 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6ImxJdWxQK2dFRjFMcklWWGUyNDZ2YUE9PSIsInZhbHVlIjoiMk56eCt1TUx2T1VvamdSMENpZ1VSYkpVUjdvcGY3MTJiNkxZVCtCMzF1SVhoc3hxVEpnWCtubll0V1BhaUx0dUlIWTdwbTc3RU11bjgwQzAzSkFySncwa1IyblhDRUVUSFZpWWRFaWV3cEoxZFJIbnU0NEtYKzJuWUt0OGpYL2ciLCJtYWMiOiIwMTVkNDgxOWFkNjcyNzRjODI5NWVjYWZhNTZiNGU3OWU5ZDU1ODFhYjhiOGFmMDUxMDJhMjIxMDlmNjAwNjBjIiwidGFnIjoiIn0%3D; expires=Wed, 26-Oct-2022 02:12:46 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IkFQUWYxLzd5cVhQbWwxRWxucDNnVFE9PSIsInZhbHVlIjoibVdxTk5mWFAyenJkU1V1eFpaOXc2K0NMMDZvaEhITmYxcE5lbWVobHpWSHVRSzlHemI1eWZKRW10UXdXR0JjSVQrYU85Z2QydnVNczZuRUVsVXhTRkJOL1BPVkZlN3ROK3VucmJXbThHdjRzTjZUR3Q3OE5pNS9ncmxGRGEyUzYiLCJtYWMiOiIzZjBjYzFjNzFhNTZhOWU3MGI2YmQ3Y2QzMTVlNWQ5YTU0NDA4MjQxYmFmNWI5YzQxZjI2MzI0MmI2OWU0NzQ3IiwidGFnIjoiIn0%3D; expires=Wed, 26-Oct-2022 02:12:46 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
novidash.com/smartlink-css/63587b4ad0f2cd1d8835d554?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/63587b4ad0f2cd1d8835d554?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
GET /smartlink-css/63587b4ad0f2cd1d8835d554?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhq.com
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Wed, 26 Oct 2022 00:12:48 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IjBWSXdmYjlhY0ZBek1VSUY5ODJ2QVE9PSIsInZhbHVlIjoic3NYVTgvK2tFTDZDUFZibEh2ZVRRRFdZbjdjK2JoWkFnNlNlZDQ3L0J4amZXZldNNnFvQ2s4TVRVUzI3R21hbGRGSEF3QmorOTJTQ05ocXdueGtVUGFQdktHcVBWTGJLVXJHZXI0SzFkNmFYTmptZ0F4U2NEREt6TFlZb2E4MjUiLCJtYWMiOiIxMjU3ZDA5OTc4M2NhYTYxODI0NzJlMmFiMGU4MjlkZTk1NDllMTU4ODFjMmIyMmM1MWY3M2FmNDU1MDE3MTgwIiwidGFnIjoiIn0%3D; expires=Wed, 26-Oct-2022 02:12:48 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IldwTE1Sd3Y2YlRVbks4ZGVKaEpFWVE9PSIsInZhbHVlIjoidWI2dmM3Nm5oVUhmdUw3alNoVTRyRXQ0MlFMUGh2QW93L0xtcjZnRlpNZWd1N0I2VHlUcEN6TWZvTzBFeDVyQnFwODRyLzBKMmpMdzEzaWYvbWU3dnVzTWtsU0NEaHJ4T1puNmx0Y3FWdG5Gdmp6YkVadTI3bW9tQnpSN1BPTU0iLCJtYWMiOiJlNzk4MzUyODJjZDE5YmMyNjE4NWI2MWMxY2UzZTk1YjMwMTAxOTM3NWU0NDczM2FhMTEzMjBkNjNkNmFiMWM3IiwidGFnIjoiIn0%3D; expires=Wed, 26-Oct-2022 02:12:48 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
novidash.com/smartlink-css/63587b4ad0f2cd1d8835d554?fingerprintid=9e4947f35751465411fd1a4f5c358c78
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/63587b4ad0f2cd1d8835d554?fingerprintid=9e4947f35751465411fd1a4f5c358c78
IP 188.240.52.20:0
Analyzer Verdict Alert fortinet Phishing
POST /smartlink-css/63587b4ad0f2cd1d8835d554?fingerprintid=9e4947f35751465411fd1a4f5c358c78 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 22286
Origin: http://other.landerhq.com
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.19.10
date: Wed, 26 Oct 2022 00:12:45 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IkdCa1NQK2pSMXBzY3RVTXhBS3JzMlE9PSIsInZhbHVlIjoiU2VtSnBWTU40ayswbDBZZnpEclA5c0VBbndESzYrSmcxRkxiOVBwNVozb0dQUGcxVEVxZndFVkNmQ3lzSlhkaW9jVmhPbFl4OU9xTUJFckpCdysrQ05WTGorVE0rZzBycHdoWVk2QXcxSjcxY0tUUEVaYWhGZk9tYWFjYzdZc0UiLCJtYWMiOiIxNTcxZmQzNTg4MTAxMjE0NGQwNTUwZjNmZGFjNGUxNTljYjIyMjBhYzQ0MGY2ODYxM2MzOTRiNWU1YjI0YWI4IiwidGFnIjoiIn0%3D; expires=Wed, 26-Oct-2022 02:12:45 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IkZCalZqWnZhWVpvbEZ3Mm8wWU9pb2c9PSIsInZhbHVlIjoiNTR3QlJKOTBEMkZsZ0VBYW1MOE5oN05wVVFyVERRVE5yYVBpemlRT0s5YW1vZG1TU3BhRkVmYUpZekxsVHVKT3ZwYnptSWRmN2VjS1ZlMDhUdExUKzZHaGRmektMMDVOQ3lHeVIyc1M5K0RVRU1nbDJDYWJ4ZW1mZDJtMXRqeG0iLCJtYWMiOiJkNDcxYzg1NzI5YTQxOGNmMTY4Njg4Y2YxNGIwMWY0ZGQ3ZDhmNGIzODQ3Y2MzYzFlZWVjYjNiNWZkMzRhY2FjIiwidGFnIjoiIn0%3D; expires=Wed, 26-Oct-2022 02:12:45 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
www.spotify.com/de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico
35.186.224.25302 Found 0 B URL HTTP/2 www.spotify.com/de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico
IP 35.186.224.25:0
GET /de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico HTTP/1.1
Host: www.spotify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 26 Oct 2022 00:12:45 GMT
x-powered-by: Express
set-cookie: sp_usid=760c784c-8867-44d6-b348-8c0f0e30dcde; Max-Age=1800; Domain=spotify.com; Path=/; Secure
sp_m=de; Path=/; Domain=.spotify.com; Max-Age=115516800; Expires=Wed, 24 Jun 2026 00:12:45 GMT; Secure; HttpOnly; SameSite=Lax
sp_t=be70b108-a379-4f87-87a9-b7e8bec11666; Path=/; Domain=.spotify.com; Max-Age=31536000; Expires=Thu, 26 Oct 2023 00:12:45 GMT; Secure
sp_new=1; Path=/; Domain=.spotify.com; Max-Age=86400; Expires=Thu, 27 Oct 2022 00:12:45 GMT; Secure
sp_landing=https%3A%2F%2Fwww.spotify.com%2Fde%2Flogin%2F; Path=/; Domain=.spotify.com; Max-Age=86400; Expires=Thu, 27 Oct 2022 00:12:45 GMT; Secure; HttpOnly
location: https://accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE
x-join-the-band: https://www.spotify.com/jobs/
content-security-policy: base-uri 'none'; connect-src https: wss:; form-action https:; frame-ancestors 'self' https://*.spotify.com https://*.spotify.net; object-src 'none'
sp-trace-id: 8a30476f572606e4
x-envoy-upstream-service-time: 14
server: envoy
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
vary: Accept-Encoding
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.221.35200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.221.35:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":3600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}],"group":"network-errors"}
nel: {"report_to":"network-errors","max_age":3600,"failure_fraction":0.01}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: /MyS6CYLsuulw3cB/4LvpdeY310z3AJX54NDAD5uQTdbMCKknm+9l7cZz+MAT/ZsRVBpHIPPcL48cCBa5+qEuw==
date: Wed, 26 Oct 2022 00:12:46 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
novidash.com/smartlink-css/63587b4ad0f2cd1d8835d554?sop=6&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/63587b4ad0f2cd1d8835d554?sop=6&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
GET /smartlink-css/63587b4ad0f2cd1d8835d554?sop=6&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhq.com
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Wed, 26 Oct 2022 00:12:51 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IkRSNXRmTkdlMXRVVXZpYWVHcWxDK0E9PSIsInZhbHVlIjoiZlpVd1puczQzQ3hOcWlTaklEcUhGYXM0aGhDaXBsNXJrelhpZXZZdGhESFRQbTZiK21zWVd3UUYwNE9nUXZEclkzc09RN0pPOFFsVUJHV2tLMW5PYTYwTHcrdXk0bFJ2UHNQRjI3aXBGZXl2V3dDZHZNZFZ0Y1l5R1U3bjZSRTIiLCJtYWMiOiI4ZWM0ZjdiNDliOGVhYWE2OTI2NWE5YjZmNzQxMGY3NWNlYWMyZmEwZGRjODI4NGYyOWY2MTlhODBkOTU0OGI5IiwidGFnIjoiIn0%3D; expires=Wed, 26-Oct-2022 02:12:51 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IjhUaTFqL011UXFySGQ1WEJDMnRvUGc9PSIsInZhbHVlIjoiMDJzNHBBazlCc0hiSzkrbHJCVU0wQ1V3a1JyUjhTdW9RZVpEYTczc2lYeDRIMmJPSG5ySE9zUUJTR1hGY1RVN2JKUmdWM2ZNQmxDNUlSeWtqR0tsV2MwbVQyZlg3NXFhVmt4VWxFNXUxeU1qcEpDOFRFdmpFRHpLL2VoeS82SnMiLCJtYWMiOiIwMzYxMTM0M2Y0YTY4MWMwZjBiMzMyMmM0OGU2ZGNlM2RiYWU3MTcxNzZiNTMzZDM2MTMyYzc3YTE5MmQwZWFmIiwidGFnIjoiIn0%3D; expires=Wed, 26-Oct-2022 02:12:51 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
novidash.com/smartlink-css/63587b4ad0f2cd1d8835d554?sop=7&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/63587b4ad0f2cd1d8835d554?sop=7&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
GET /smartlink-css/63587b4ad0f2cd1d8835d554?sop=7&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhq.com
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Wed, 26 Oct 2022 00:12:52 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IjRmNHBNZlJmSVBIZjR4d00vSHFCZ3c9PSIsInZhbHVlIjoiV2dVYUQ4SkxOc0czQmx0OGQ4alF1c2JBaE1MTkg4Y3R2VGtqUzJ5dWlMODUxc2lsQ3NtWkYrYzFuaEV5NjdEZVZGeTJma2hsK2p2SHJYeUFmUXZzcFNXOFBGMTBDYXpsT3V1SHV3Z1kzOTMrQy9WTUc4aVRIUmh1cEZLakp5YlUiLCJtYWMiOiI3NDM5ODYxNTI1NjdmMmJlOWY2ZDFjOWM3MDkzNDNlZDYwZWYxOGRhNzk5Yjk2ODE5NzgzZTExYzZmZDUxNjg5IiwidGFnIjoiIn0%3D; expires=Wed, 26-Oct-2022 02:12:52 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IjlHNkhweVkranRXeGgrcmR2ZVlvTEE9PSIsInZhbHVlIjoiVHBFbytoMTE2aE51dW1ybUdIMmQ1L2pnbkdwR1Zpb1Q3OHdTR0w5UXllODJEdEJoclNXU29TUTkreFB0aWdNT1hsU1NiWWhHdW5GQmJHbnJKTTNOaGtDQ2g0MnhmRzRVWFF2UXl3Y2xoMjRURlFES0JqVkZsRDdVc1lzc25sYi8iLCJtYWMiOiJhNzYyZWM4ODlkNDQ4M2UxMTdhMmMxMjA0OTE1YWIzNTBkYzk4NTg3MGM0NGY4YzFlZTJiNDQxNTViMWU4ODJiIiwidGFnIjoiIn0%3D; expires=Wed, 26-Oct-2022 02:12:52 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
novidash.com/smartlink-css/63587b4ad0f2cd1d8835d554?sop=8&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/63587b4ad0f2cd1d8835d554?sop=8&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
GET /smartlink-css/63587b4ad0f2cd1d8835d554?sop=8&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhq.com
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Wed, 26 Oct 2022 00:12:53 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IlEvcWNQN3lMbnRFSVZNcmRQbklKOXc9PSIsInZhbHVlIjoiOEk2b1dwcVh4aVoyM0Z6QVZzdGtxVGtEZ3o1Mmd0cmVyZ1FTcU1ESFhKek5SSndRM3Q0SVVLOTBCdTBheEtud0swcStsQnVvQklKS0EzZ1F5ZGduY3BuU1l2ZnlJT25LQ2R4QmlxS1Y4cTFGMjAwaVVqK0xoNE5xcDNHSGI2TFkiLCJtYWMiOiIzZTc4NTAyMGNhMjAyOWE1NzE4YjNiZjJjNzllMzhiMmE5ZTg4ODM3YjI4Y2JjNTc1ZmNiYTcyNmE3MTNhNDAwIiwidGFnIjoiIn0%3D; expires=Wed, 26-Oct-2022 02:12:53 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IndmMjFmZU5yd055TWtmOUZBaXRqL2c9PSIsInZhbHVlIjoid2JYcndlWDNXUy9yOEQyQnlvNEdnQlVBZVZkVWd1d09HVVlBM1FYL3NVMU16REZYR1ZqVDJTR2VZL3h0M25KbDFQdFJHRU1TRGg0RG1COGtMVE9yWDN6Ky9xQzJzamt4UllSR3NrWWU1NVNDL045RHJiWjdVMDFDejFzWUFNRWgiLCJtYWMiOiJkMzA1MDVjYTUxYjI3MmJjZjVlOWFjOWUzOGY1NmE5MTgwYjMzMmY2YzMzYWRmN2JjMTNiN2FmYzFjNWYxNGI3IiwidGFnIjoiIn0%3D; expires=Wed, 26-Oct-2022 02:12:53 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
static.hotjar.com/c/hotjar-2841648.js?sv=6
143.204.55.37200 OK 0 B URL HTTP/2 static.hotjar.com/c/hotjar-2841648.js?sv=6
IP 143.204.55.37:0
GET /c/hotjar-2841648.js?sv=6 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
date: Wed, 26 Oct 2022 00:12:45 GMT
access-control-allow-origin: *
cache-control: max-age=60
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: W/7e7353a6783a630a706761f213ce63b8
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: xbD6uZRs6gVgA-_9igYWaubFTxG-dvAUw5DM9rSb3L0Th8oebMx8QQ==
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S1275678292%3A1666743165903131&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrmjeJUn0T-6hX7M_QglLqZjGFTvbxBgJdUz-IjnhVpES5kfgV7MSUuZ6WDA_rRQN7eQ0ohbA
216.58.207.237403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1275678292%3A1666743165903131&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrmjeJUn0T-6hX7M_QglLqZjGFTvbxBgJdUz-IjnhVpES5kfgV7MSUuZ6WDA_rRQN7eQ0ohbA
IP 216.58.207.237:0
GET /v3/signin/identifier?dsh=S1275678292%3A1666743165903131&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWrmjeJUn0T-6hX7M_QglLqZjGFTvbxBgJdUz-IjnhVpES5kfgV7MSUuZ6WDA_rRQN7eQ0ohbA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 26 Oct 2022 00:12:45 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-MhD5XPTD1MpnbHTka7TG6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
novidash.com/smartlink-css/63587b4ad0f2cd1d8835d554?sop=5&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/63587b4ad0f2cd1d8835d554?sop=5&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
GET /smartlink-css/63587b4ad0f2cd1d8835d554?sop=5&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhq.com
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Wed, 26 Oct 2022 00:12:50 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6Ilh0dElNbGx0dEdQUDcvd2pzSmswSFE9PSIsInZhbHVlIjoicVBOZ0pkVlhPOHg2QkI1MENTcHgxdDh6ZWdNV0NsS3UwT2ViN0NoSUJ6RUgrdCsxOHpucXBmd0NUN2hIMzFTd2dyNEZDNWNCV0svKy9KcHArZE5jRUduOTJsY1UrUFRUazB6V3k2K3VtL3lBUkJMT3lSSnBjempGbVRubDhlU0IiLCJtYWMiOiIzMmUxMDRhMjlhNWVhNjBhMzg3OWYyMjRjNDA2ZDI0Nzg0N2Q3MmIyZjdkMzgzNThmMjFiYjI1MGVhY2ExYmIzIiwidGFnIjoiIn0%3D; expires=Wed, 26-Oct-2022 02:12:50 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6InY5WXdRL0ZMQm1wdWo3bkdYRmpOclE9PSIsInZhbHVlIjoiUFpTUWZjMS9wN2F6ZE1MdWRpRlJIN3U2bkNDRWpET2F3MVB3bDkvY0Q3MjRxV3hGK2tadWhxUmcwa01xUjFwV0svRmNyMlBxeUVKMm9Qd3gvdC90WU1ieWFQcStTQ1ZFZFY0NFF6TFArcFpldXNqVm15OWUxNTdsZURsaXFGMGYiLCJtYWMiOiJhMzgyMTA0YzY4ODAyZGFiOTExYzRjMmM1N2E5YmQxZDM4NDc2ZjQyZDRjYTEwMjRiZWE4OTNjNzAzNjIwMzk0IiwidGFnIjoiIn0%3D; expires=Wed, 26-Oct-2022 02:12:50 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2