Report - other.landerhq.com/902334837

Report Overview

Submitted URL
other.landerhq.com/902334837
IP
188.240.52.20
ASN
#20857 Signet B.V.
Submitted
2022-09-11 19:55:18
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.35
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	356 B	1.9 kB	104.18.20.226
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	52 kB	34.120.237.76
www.dropbox.com	1994	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	419 B	3.0 kB	162.125.71.18
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.115
cdn.jsdelivr.net	439	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	19 kB	151.101.85.229
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	52.35.74.102
accounts.google.com	81	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	8.9 kB	216.58.207.237
www.facebook.com	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	396 B	2.9 kB	157.240.200.35
accounts.spotify.com	9553	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	416 B	3.5 kB	35.186.224.25
static.hotjar.com	641	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	367 B	629 B	54.230.111.66
novidash.com	35171	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.5 kB	11 kB	188.240.52.20
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	4.2 kB	142.250.74.3
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	4.5 kB	93.184.220.29
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	338 B	1.0 kB	54.230.245.39
use.fontawesome.com	942	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	906 B	76 kB	104.21.63.54
botd.fpapi.io	297160	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	474 B	809 B	18.215.75.60
www.spotify.com	1130	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	390 B	1.3 kB	35.186.224.25
other.landerhq.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	212 kB	188.240.52.20
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	3.5 kB	95.101.11.115
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	371 B	47 kB	142.250.74.72
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	362 B	21 kB	142.250.74.174
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	596 B	709 B	142.251.1.157

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-11	medium	novidash.com/smartlink-css/631e3ced5ea16f7824008910?fingerprintid=9e4947f35751465411fd1a4f5c358c78	Phishing
2022-09-11	medium	novidash.com/smartlink-css/631e3ced5ea16f7824008910	Phishing
2022-09-11	medium	novidash.com/landing-interaction/902334837	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	other.landerhq.com/902334837	390 B	2023-03-07	2023-08-03
Pretty URL other.landerhq.com/902334837 IP 188.240.52.20 ASN #20857 Signet B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04:00 Last Seen2023-08-03 19:02:26 Times Seen2 Hash 37ec97eee90db9751691d233b0d7eedd 7963c49b18fe240baf11a12b8db4e5b7cc5df5df 33a1148e5675c3ef76b2c879aadd190a187a7f1937d4279e54cdd65e40b1c4e5 Loading...

	other.landerhq.com/902334837	126 B	2023-03-07	2023-08-21
Pretty URL other.landerhq.com/902334837 IP 188.240.52.20 ASN #20857 Signet B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04:00 Last Seen2023-08-21 19:58:13 Times Seen37 Hash dc2ab29926e4c4fba68e9d54511c2b0b 49ab59eeed8d75dfc7f9c24db8bb2d51764bddc5 d824bb9444c588471316cc11c51da26b5a1cb691b0ef4f3cae7aea05c450bcb8 Loading...

	other.landerhq.com/902334837	4.9 kB	2023-03-07	2023-03-07
Pretty URL other.landerhq.com/902334837 IP 188.240.52.20 ASN #20857 Signet B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:51:21 Last Seen2023-03-07 14:51:21 Times Seen1 Hash dab239a4faf0e0311834c75e219ac67d 952f966b7f79f92b12d70ba9fa17fb28ac3c7add 71d98d4037e160dd0434c8702b00db3a520378b72681aa4d21463ab1fb122dc4 Loading...

	other.landerhq.com/902334837	201 B	2023-03-07	2023-03-17
Pretty URL other.landerhq.com/902334837 IP 188.240.52.20 ASN #20857 Signet B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04:00 Last Seen2023-03-17 12:42:02 Times Seen1 Hash 6a325515b841215a28e5c2fecf2e848f 2d37dbe87f033a179a562d976bae23797d9e2590 7edeab74566fa8c0e6c857da731bf90cf39e37209d6730cf98d3cebefd6f04b5 Loading...

	other.landerhq.com/902334837	341 B	2023-03-07	2023-08-21
Pretty URL other.landerhq.com/902334837 IP 188.240.52.20 ASN #20857 Signet B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04:00 Last Seen2023-08-21 19:27:28 Times Seen5 Hash 0f9522c6818e7aa63cad4d069d21529a f8f5840df762222a04ee5908bfb75cc2c25886ce 573e0855fe1796a6393b64ac2b113a32232068b80459d190429aa1feb7b3f6c0 Loading...

	other.landerhq.com/902334837	838 B	2023-03-07	2023-03-17
Pretty URL other.landerhq.com/902334837 IP 188.240.52.20 ASN #20857 Signet B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04:00 Last Seen2023-03-17 12:42:01 Times Seen1 Hash 41eb3ae5af3910a4fb21fb9c9eb4d2fb 0e54ce90d8f84c9e6dc9594e0556841e6e44d4fa f3f3955531eb040be612e26727126e288f0eee8e1820c0a1acf25f4eabf8fa36 Loading...

	cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js	9.0 kB	2023-03-07	2023-12-12
Pretty URL cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js IP 151.101.85.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04:00 Last Seen2023-12-12 23:36:16 Times Seen268 Hash 47c385b50143101eb33518d4bdb62b8f 6683889617dc16e817a49c17ce38f358efdf1638 52e6c3e0c3c2d518f8bf787de1e40e557c21e3b072f29c854f6321053e2fbbf3 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-TRL5HN2	122 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-TRL5HN2 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:51:21 Last Seen2023-03-07 14:51:21 Times Seen1 Hash 10f739ff57c32449f50fcfefd70b5456 60949170cd7df9da71cb2d4165cf778e9e30df4e 01284b2f53c0f0b9969d85ce994311e55a706d9efdee46e7775452e7c6259299 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-07	2024-04-18
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-18 21:14:10 Times Seen840 Hash d40531c5e99a6f84e42535859476fe35 a901817d77b2fe5259c298c91bc65c54d7f8a1a9 a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Loading...

	static.hotjar.com/c/hotjar-2841648.js?sv=6	5.5 kB	2023-03-07	2023-03-17
Pretty URL static.hotjar.com/c/hotjar-2841648.js?sv=6 IP 54.230.111.66 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:51:21 Last Seen2023-03-17 11:40:57 Times Seen1 Hash 1e022999d6f4ca22629f1818d6fe9200 81da88ac638edf5d7918b25b4f9ac4ae7806b2f0 25ef28ac1d73f1f50e4b784fa656b8366f55fedc78416b035448e0ac6faf9a97 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 3a7bc1a1c190a965d92fee31ba45446a	523 B	2023-03-07	2023-03-17
Pretty Observations First Seen2023-03-07 01:04:00 Last Seen2023-03-17 12:42:02 Times Seen1 Hash 3a7bc1a1c190a965d92fee31ba45446a e11966b702084aea238809a48bf5a30d38d3cae8 823fa8df882c0cf80fa0671c6fdeeb257513904bb6e01b584a4cb81835a8cdd3 Loading...

	#2 Eval - 8309b9b53fb6a176a94530b882165aa7	5.8 kB	2023-03-07	2023-03-07
Pretty Observations First Seen2023-03-07 14:51:21 Last Seen2023-03-07 14:51:21 Times Seen1 Hash 8309b9b53fb6a176a94530b882165aa7 c053f568159a54e1bc8d4ee693d6fefdd04f4a61 860764c5703d3425d61c2916901220f8bb16c2f43d9c3e3b82e8c988440a7908 Loading...

		Size	First Seen	Last Seen
	#1 Write - 1b70ac0a972fddf1e1a33e6ed9df49c7	14 B	2023-03-07	2023-03-17
Pretty Observations First Seen2023-03-07 01:39:47 Last Seen2023-03-17 12:42:02 Times Seen1 Hash 1b70ac0a972fddf1e1a33e6ed9df49c7 6b3c3ed38c382e050cdb1ad72421d57649d42ed4 d3de569b7c2f7f122fba8046d966cd109673d0c87ac58412c3d64f2b2a4c0649 Loading...

HTTP Transactions (61)

URL IP Response Size

other.landerhq.com/902334837

188.240.52.20

200 OK

6.9 kB

URL HTTP/1.1
other.landerhq.com/902334837
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4905)
Size
6.9 kB (6913 bytes)
Hash
1a71684568a3a08c71dab531252ccbb5
bf918168557f8e543ae9cbe92e29d330886d0429
04155a8da269d185d58f623dadbc0f3cb0e9882492aed8fdd978c9db377d52f1

HTTP Headers

GET /902334837 HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sun, 11 Sep 2022 19:55:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private, must-revalidate
pragma: no-cache
expires: -1
Set-Cookie: XSRF-TOKEN=eyJpdiI6Im9pTkNEaHNDYTQ4aXdHV2Z5Rkl4NVE9PSIsInZhbHVlIjoiVHJ6SkYrU3g5UzlUT0tsVlZMQ0FpWmxIUE9hQmxzSUxnR2tjTSt4cVNjZ3lQV3UwL1lqa1ZMKzNuaEVQT29rM2tCWjZ5OUZxelc5clhXQ3o3S1VBd2ZPZ212ODJzWU1JV3hBcmREVWxDLzlGRTVXazl2SXN5Ukt6OUErdGh4YWMiLCJtYWMiOiI0MDQzMDhjZjhjMDY5NjUwOTAwNTM2NTNkODg2YzZhMjQ3MzA4ZGM3MTdkYzliMTUxYTJkYjI0Y2FlNDEwODk4IiwidGFnIjoiIn0%3D; expires=Sun, 11-Sep-2022 21:55:07 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IkQ1ZENOVmRJaEpKWkVZWUYrV3Q2VkE9PSIsInZhbHVlIjoiTGpFS2VRMDc5bUVVNHhwQmNwRGE5QjJtUzcxZG9MaVM2MXdSMDFOdWJPR1BPNGRHQmM3NFkxWUtaU0J2RGdNYTBmZXIzaUU2eHZvVlBLZUtubGZ1b25aVTNOMVlHQytQOE9sTDN3amMzWUZqam1MSHpjYnBlYzlFZ2plV2Q2RE8iLCJtYWMiOiI1YWRmMjM0YTkyMzBmOWYzMGMzMDcwNTRmNTk0OTZmMWVmYjBlNTg4N2Y2MTgwNGRiMTYyNTBmOWFiMTNmZTNmIiwidGFnIjoiIn0%3D; expires=Sun, 11-Sep-2022 21:55:07 GMT; Max-Age=7200; path=/; httponly; samesite=lax
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
76d5eb597558e3dee0d99719d17e71e0
f3a0f3932fa8059f27dc9422d523b938fa9a7d09
d16de6cc9eb0e1297f53dc1137bb764bf5c21a7727be32ad05afebd1fe9501ed

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6820
Expires: Sun, 11 Sep 2022 21:48:47 GMT
Date: Sun, 11 Sep 2022 19:55:07 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.115

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 11 Sep 2022 19:07:48 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 3I6GWqRuffSEnFmy8j_MY8g7CmmzcoF9SeX5G6ztvTR4DIXTjO8beg==
Age: 2839

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.35

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 11 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: X2DZZMz9sO3WEuKLjVgMWJu1Gu9xGIDwpgOiRc_rPBF6MKsZHGS9Yw==
age: 45475
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 19:55:07 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js

151.101.85.229

200 OK

14 kB

URL HTTP/2
cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js
IP
151.101.85.229:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (33322)
Size
14 kB (14187 bytes)
Hash
aae718b2a0cb61c252946cb2c90eee97
b80eb9c3bde5f4dd455940832989f52d39deafcc
7ac3def7374012c4a78adafd9f76513168890454ad16f053d58060836a582f7f

HTTP Headers

GET /npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.3.6
x-jsd-version-type: version
etag: W/"8378-YyDrsgfkSqD4ErmTv6bGJ5gw0yk"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 11 Sep 2022 19:55:07 GMT
age: 24682
x-served-by: cache-fra19183-FRA, cache-bma1647-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 14187
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js

151.101.85.229

200 OK

3.1 kB

URL HTTP/2
cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js
IP
151.101.85.229:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (8836)
Size
3.1 kB (3067 bytes)
Hash
b066530dd980f68abf6d92414bc4c7ed
34ad41df121cf682a0471d60e19ca4590fb5314f
b494f22ff0e7d3f34e58eed4232718aec04e61857777fff1bee495f488a52084

HTTP Headers

GET /npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.1.20
x-jsd-version-type: version
etag: W/"2349-ZoOIlhfcFugXpJwXzjjzWO/fFjg"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 11 Sep 2022 19:55:07 GMT
age: 6744
x-served-by: cache-fra19121-FRA, cache-bma1647-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 3067
X-Firefox-Spdy: h2

ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1

104.18.20.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1462 bytes)
Hash
01d4c67542b51cc5bf7211a97a251e40
b5ba6bc26b14bf924db0f8576efec29c901a8862
7eb11586a168da43637a8928f6d90e923e9d4b9230bc791083bb67644176916c

HTTP Headers

POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 19:55:07 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "9382CFE43A212CA0910859278E1A566FDF84F9BF"
Expires: Mon, 12 Sep 2022 07:00:00 GMT
Last-Modified: Sun, 11 Sep 2022 19:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1838
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7492f58c5f9e0b51-OSL

other.landerhq.com/landingpages/mcafee/os_versions.png

188.240.52.20

200 OK

3.1 kB

URL HTTP/2
other.landerhq.com/landingpages/mcafee/os_versions.png
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type
PNG image data, 135 x 26, 8-bit/color RGBA, interlaced\012- data
Size
3.1 kB (3073 bytes)
Hash
e662ac219b9626c6488250a2b09640c5
45636878adece610ed4d2c44bb177ac53e68adfb
cb28be8a2c6c7ef36afd59c211b5a1f50ad26229c14ae714c39df687c96ab823

HTTP Headers

GET /landingpages/mcafee/os_versions.png HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 11 Sep 2022 19:55:07 GMT
content-type: image/png
content-length: 3073
last-modified: Fri, 09 Sep 2022 13:18:16 GMT
etag: "631b3d18-c01"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

other.landerhq.com/landingpages/mcafee/360.png

188.240.52.20

200 OK

38 kB

URL HTTP/2
other.landerhq.com/landingpages/mcafee/360.png
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type
PNG image data, 125 x 168, 8-bit/color RGBA, non-interlaced\012- data
Size
38 kB (38110 bytes)
Hash
15f432f9006e7256a9452bdd27835619
7042133d844e198542a7cc1fadcc513059130fe6
010ba660952072e4c859f26dd1f74bc21cc2d7bdbf7c37b90d9e3ed279ad500f

HTTP Headers

GET /landingpages/mcafee/360.png HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 11 Sep 2022 19:55:07 GMT
content-type: image/png
content-length: 38110
last-modified: Fri, 09 Sep 2022 13:18:16 GMT
etag: "631b3d18-94de"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

other.landerhq.com/landingpages/mcafee/logo.png

188.240.52.20

200 OK

30 kB

URL HTTP/2
other.landerhq.com/landingpages/mcafee/logo.png
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type
PNG image data, 1280 x 257, 8-bit/color RGBA, non-interlaced\012- data
Size
30 kB (30211 bytes)
Hash
26740ccd6ca2d5d3542f4b0d540bd30c
13c7ccbb771765399a7aeb351a9c8d79e668c480
9db2bed7f1778805e72f7f079f0b8789eaf039e3d9124145d2e88dab53e22ae2

HTTP Headers

GET /landingpages/mcafee/logo.png HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 11 Sep 2022 19:55:07 GMT
content-type: image/png
content-length: 30211
last-modified: Fri, 09 Sep 2022 13:18:16 GMT
etag: "631b3d18-7603"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.115

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sun, 11 Sep 2022 18:56:07 GMT
Cache-Control: max-age=3600
Expires: Sun, 11 Sep 2022 19:19:38 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 7SjLIrlKi3aGIIOm5Cg85b33oOEjFGb1_5N8Xk7hBhMcY-oCW1Z6xw==
Age: 3540

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c3d8032059a24d14d00c2ee5d8840c01
62efae1ea6aaea612a12d42b6e5b65d24be11437
2319fe90c8b4d3cc41ec9cce275c82d19fb764015196bd1c52dfb9c5d85b9b0b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 19:55:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-TRL5HN2

142.250.74.72

200 OK

46 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-TRL5HN2
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (3238)
Size
46 kB (46493 bytes)
Hash
60484c790521de3d848d3af171bbaf34
82b25c8932bf9cc24f4105de911ea119216c3a83
a3763a851a0505d789e2f186cb72ab7f056abce7ca8996d83e32be8e8f80a09c

HTTP Headers

GET /gtm.js?id=GTM-TRL5HN2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 11 Sep 2022 19:55:08 GMT
expires: Sun, 11 Sep 2022 19:55:08 GMT
cache-control: private, max-age=900
last-modified: Sun, 11 Sep 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46493
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

other.landerhq.com/landingpages/mcafee/bg.jpg

188.240.52.20

200 OK

130 kB

URL HTTP/2
other.landerhq.com/landingpages/mcafee/bg.jpg
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x613, components 3\012- data
Size
130 kB (129948 bytes)
Hash
444f46588f202bb38dceb8191f606f3e
f4eb55005df6be8068bb9c78d7fc0cd70651a1dc
86102483f8cb9a2d5bd4771914f960e1ea0bf6b1866aa1c2b86f75a1018b94ce

HTTP Headers

GET /landingpages/mcafee/bg.jpg HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 11 Sep 2022 19:55:08 GMT
content-type: image/jpeg
content-length: 129948
last-modified: Fri, 09 Sep 2022 13:18:16 GMT
etag: "631b3d18-1fb9c"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
393b7ade997a2070ea494abfec20730a
983b5876b2ee9c7a997ec864cd71c1ebc7bee309
7ce346bbd7d2edecbaa272bd9fdf60d87ad486ee079d8a321ae6be900eb05af2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3877
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 19:55:08 GMT
Last-Modified: Sun, 11 Sep 2022 18:50:32 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
26e829ba5f754918e20cbd316dc4348e
ba198501da0812dd11ca3b38a51325b5de6cfa60
4352c25d4af7637a8435b0df6d042fc606d37a348e966b99fecce8a853b8ebc0

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4707
Cache-Control: max-age=135003
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 19:55:08 GMT
Etag: "631d9714-1d7"
Expires: Tue, 13 Sep 2022 09:25:11 GMT
Last-Modified: Sun, 11 Sep 2022 08:06:44 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
126f23869ed5df04ec3a7c3cb97cad9c
4b2bad42e93bbd6ed58a84880137ab5e1f7fcea8
a4d9c73fc604530abfaa23ce1d4478152b92fe6ce5cec008c2538695009e95a7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3291
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 19:55:08 GMT
Last-Modified: Sun, 11 Sep 2022 19:00:17 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
57b75ea93de540716c45f1397781431a
431cc2c684385c4e46facd7210b5ac49b9dd09cc
4581d7dd422dc110fa7cfe667297cdb75d92a02ce7226db6db89448befa5b780

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 19:55:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
126f23869ed5df04ec3a7c3cb97cad9c
4b2bad42e93bbd6ed58a84880137ab5e1f7fcea8
a4d9c73fc604530abfaa23ce1d4478152b92fe6ce5cec008c2538695009e95a7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4133
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 19:55:08 GMT
Last-Modified: Sun, 11 Sep 2022 18:46:15 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

52.35.74.102

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.35.74.102:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jpd9xWK6H1nmRu9aBbBCew==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: vlW/mYovhCdzfZuykdvz8LQUh7k=

ocsp.sca1b.amazontrust.com/

54.230.245.39

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.39:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
644be09c5fa67d5a3d51b871e8b49329
56b52471ead9b172728b990c536c1099b2eaea05
3a04c72b92536630633c8964b23488a5ee1d15847fc42be36e69c2133bb0a683

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=108595
Date: Sun, 11 Sep 2022 19:55:08 GMT
Etag: "631d3e9b-1d7"
Expires: Tue, 13 Sep 2022 02:05:03 GMT
Last-Modified: Sun, 11 Sep 2022 01:49:15 GMT
Server: ECS (dcb/7F82)
X-Cache: Miss from cloudfront
Via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: dro8x8GlqAPWGKmvuM5hRVtY7LyedsAerrv7KOXVHF4a3BheqRRKfQ==
Age: 948

use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff2

104.21.63.54

200 OK

74 kB

URL HTTP/2
use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff2
IP
104.21.63.54:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 74348, version 329.31064\012- data
Size
74 kB (74348 bytes)
Hash
462806316fea535a6a57651bc2b000b0
80644191098f863f25be27841c0d92c452cf2327
4f9ee3d8f6e621642979e6a8f7e75c57cb9da34918cc08a38abfe178dbae1dd2

HTTP Headers

GET /releases/v5.7.2/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://other.landerhq.com
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 11 Sep 2022 19:55:08 GMT
content-type: font/woff2
content-length: 74348
x-amz-id-2: pd+fxZbvLfbeNZbQ14RGWHPHw2+YonCaRkCdNxQoCABW8tt/xwJ7ZnFdPxu82qgI8HUkGqka/j0=
x-amz-request-id: XZEGHMV5M61538T9
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:46:18 GMT
etag: "462806316fea535a6a57651bc2b000b0"
cache-control: max-age=31556926
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BJ4Tt6P%2FIHHwbapuxH%2Fd34UEvQzEHlR1pZoaKGWNhbMVkAr9xFbrkJgGePK7Nm59ByPT62VGOS2OBoz0g3UCeXAU4qz%2B%2BptcTZs0dMiWxEPMY3MhsjgqRDGUpKrMrjwHG9QwmhIP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7492f58fcaff0b59-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

other.landerhq.com/landingpages/mcafee/favicon.ico

188.240.52.20

200 OK

1.2 kB

URL HTTP/2
other.landerhq.com/landingpages/mcafee/favicon.ico
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
ff7441c3264d89023f376e5319dad793
1f0be835d947eb2de35d945ea5b9b92578a8cbd7
93130759a18703dcad5862bc2fd2973edf9ab7e48ba2c0b4cd4fcfaf832df223

HTTP Headers

GET /landingpages/mcafee/favicon.ico HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 11 Sep 2022 19:55:08 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Fri, 09 Sep 2022 13:18:16 GMT
etag: "631b3d18-47e"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

botd.fpapi.io/api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20

18.215.75.60

200 OK

313 B

URL HTTP/2
botd.fpapi.io/api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20
IP
18.215.75.60:0
ASN
#14618 AMAZON-AES

File type
data
Size
313 B (313 bytes)
Hash
efd0015ffb912f11da4d114ba8a5401e
288194f78c79a02c27f6b170e9f2785ff8ded2ff
6b7382d90c84e80200b1240d0ac7f3f2261357c5e77d0ac26a538fbda6c29eb2

HTTP Headers

POST /api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20 HTTP/1.1
Host: botd.fpapi.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://other.landerhq.com/
Content-Type: text/plain
Origin: http://other.landerhq.com
Content-Length: 20848
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 11 Sep 2022 19:55:08 GMT
content-type: application/octet-stream
content-length: 313
server: nginx
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Origin, Content-Length, Accept-Encoding, Authorization, Auth-Subscriptions, Botd-Password
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://other.landerhq.com
x-amzn-trace-id: Root=1-631e3d1c-56b1fd967ecf08a21157579e
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a14bd1157489f3be7fd9a79881839d91
523d75c28bc7ba2e2747c613a86ff3af774a91f6
e9072c6732436ab2d1c4168b0e2ae9b3df7ad8e2c0f430b955fe716f71eae225

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 19:55:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0c52f00dc203483501330b93da8673ea
bb58935fa272c810572d3290a9835e1390a8ef35
4cbe66c98fdaa1bdce29769a8dda769b7b46e14a8bdab5c61bba9e171ec925f3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3481
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 19:55:08 GMT
Last-Modified: Sun, 11 Sep 2022 18:57:07 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

www.google-analytics.com/analytics.js

142.250.74.174

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20006 bytes)
Hash
56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Sun, 11 Sep 2022 18:41:12 GMT
expires: Sun, 11 Sep 2022 20:41:12 GMT
cache-control: public, max-age=7200
age: 4436
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8a3f147ac37bcccd79750e4229a8d99b
f76459233b24f681045ed0476a63d95a0f12623e
6ecda86d440d58447955acca8d5181db4951cd6f92cd7ad595511d3c9c54d82a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 19:55:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

216.58.207.237

302 Found

399 B

URL HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
216.58.207.237:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Size
399 B (399 bytes)
Hash
c1d72fe7c5947c17bcb592ba9c040bfd
3cfb08d90fcccad32c98920ff085708f38cb8715
75341dffcf9488eec0dd6ce3c72a4fb8ec976a7d6d27e7ab18640bfe544c80d9

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 11 Sep 2022 19:55:08 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1108311958%3A1662926108755004&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWq2qPpbWpnId3-XyMj_mmRsOacKZF7GdnrGPZxKnnVSIPcpKHeGbyDEQ_7FHeKNBtmDzB8KAg
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-KeNZn-GogsjT9Eom8ZS0xg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 399
server: GSE
set-cookie: __Host-GAPS=1:FnXNrrhAJJAo5eo9dvgSsojr4KSQvA:l_e0YAF82Hchgixw;Path=/;Expires=Tue, 10-Sep-2024 19:55:08 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail

216.58.207.237

302 Found

396 B

URL HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
216.58.207.237:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381)
Size
396 B (396 bytes)
Hash
2c2d7785417294a9d4f9b6438c217969
b9f46c180d881d7c5956b967c2041f83f785fd0f
6a3adebf1b88e37619f9f87d4989152102f44291b8e58f1512e45459ba3e132d

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 11 Sep 2022 19:55:08 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1056419887%3A1662926108801922&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWpsVztVBVwJEBE1xFzj_wplQ-vXAvnxdrxMPArdZwd17Bj9jwCRMhSPJBthhjzVGwtEgXwB0g
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-ptcKIOPUuzaPZm9vaS0k6g' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 396
server: GSE
set-cookie: __Host-GAPS=1:i2nkE9KMZXOXccMoaSZ_h_jQcKwbvw:I22W0ac4Lh0Y9kKl;Path=/;Expires=Tue, 10-Sep-2024 19:55:08 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6c2fea93ba89de81c2b01aaca1a87835
0a7f50001f709285bc10f6ef044ef39a60535bff
6cae8a5f9949975a3adedc41088196b8c9dd984e4023e54bbe655800a9478349

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 19:55:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

accounts.google.com/v3/signin/identifier?dsh=S1108311958%3A1662926108755004&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWq2qPpbWpnId3-XyMj_mmRsOacKZF7GdnrGPZxKnnVSIPcpKHeGbyDEQ_7FHeKNBtmDzB8KAg

216.58.207.237

403 Forbidden

1.3 kB

URL HTTP/2
accounts.google.com/v3/signin/identifier?dsh=S1108311958%3A1662926108755004&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWq2qPpbWpnId3-XyMj_mmRsOacKZF7GdnrGPZxKnnVSIPcpKHeGbyDEQ_7FHeKNBtmDzB8KAg
IP
216.58.207.237:0
ASN
#15169 GOOGLE

File type
data
Size
1.3 kB (1280 bytes)
Hash
929b22738f6aebec0ad281299da33f73
5de10d08b550c52f5d3c8bd371c21c47b9d4288f
02e869c542473bcada25e7f0487e1b4ce53a29393c7ec29b39f3f9e52f2d57d8

HTTP Headers

GET /v3/signin/identifier?dsh=S1108311958%3A1662926108755004&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWq2qPpbWpnId3-XyMj_mmRsOacKZF7GdnrGPZxKnnVSIPcpKHeGbyDEQ_7FHeKNBtmDzB8KAg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 11 Sep 2022 19:55:08 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-YW3yATpfxE6WHFkzH19Sfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=hZCZQ_DTeVK4JwvrUq65YroKYOVxe2P37-jwwoWMLUawN4LjjrhNucG1znj4WAnV1CDO6tebQvja1VcoaRemY-1avTbcM8FapZIIVwyNsR9NZR7Gt1VWAZ2LqoNacq40ckeC7aXRAvLYiKuMFzS_kHWQWI8l9Mku0DbmUJST9Ik; expires=Mon, 13-Mar-2023 19:55:08 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0c52f00dc203483501330b93da8673ea
bb58935fa272c810572d3290a9835e1390a8ef35
4cbe66c98fdaa1bdce29769a8dda769b7b46e14a8bdab5c61bba9e171ec925f3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3081
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 19:55:08 GMT
Last-Modified: Sun, 11 Sep 2022 19:03:47 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-165133312-2&cid=1260965047.1662926098&jid=1849661030&gjid=1893056612&_gid=366557786.1662926098&_u=YEBAAEAAAAAAAC~&z=1299724689

142.251.1.157

200 OK

1 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-165133312-2&cid=1260965047.1662926098&jid=1849661030&gjid=1893056612&_gid=366557786.1662926098&_u=YEBAAEAAAAAAAC~&z=1299724689
IP
142.251.1.157:0
ASN
#15169 GOOGLE

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-165133312-2&cid=1260965047.1662926098&jid=1849661030&gjid=1893056612&_gid=366557786.1662926098&_u=YEBAAEAAAAAAAC~&z=1299724689 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://other.landerhq.com
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: http://other.landerhq.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 11 Sep 2022 19:55:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
324364e9311c1f7cb5e4068f3d947d5d
ddb00dc97404cee267838983ce8bb4ae48d6647a
d6cc296b22c48f9e7bb3a905dd9e899441ae7c29faec4a62e71628e1f23d61a2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 19:55:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4125
Expires: Sun, 11 Sep 2022 21:03:54 GMT
Date: Sun, 11 Sep 2022 19:55:09 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4125
Expires: Sun, 11 Sep 2022 21:03:54 GMT
Date: Sun, 11 Sep 2022 19:55:09 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4125
Expires: Sun, 11 Sep 2022 21:03:54 GMT
Date: Sun, 11 Sep 2022 19:55:09 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7635 bytes)
Hash
4ec2646c56c4c522f0744768ad20342b
ad1d9eee90556a359547dc7cbb6758aee2c804cd
0bf9eaa4420bf6290535fd23895c6c723c7de6b849995ba83774532862cfe8b4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7635
x-amzn-requestid: dbd07cc7-d0f6-4500-83c6-b19fa9fa2e3d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xt5xDEfUIAMFYXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630f09a0-3771b23118f3711e5caca699;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 07:11:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ILut4hEDJbs6jNr3wpPST1HgAYMabIT7cdZebRFETn8lL_QfS92KBA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 00:50:01 GMT
age: 68708
etag: "ad1d9eee90556a359547dc7cbb6758aee2c804cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d72ce1b-951e-4f1f-97b1-db99c399d5f9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.2 kB (8171 bytes)
Hash
eee5b4d617dab6f10d7053f5c4f4e98e
6c728c56797ba921e8001919df4d36e56dd37e54
76a53e2c81ec8da2bc469760b2c57098d587c6a36fa70e5b7c743a224a47d362

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d72ce1b-951e-4f1f-97b1-db99c399d5f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8171
x-amzn-requestid: 39c8c044-5287-47bb-8731-5706c27a73e3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X0feFFtkIAMF9NA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6311ac59-246e1b7e019965f74db95df0;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 07:10:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FVraudPaXgrkcCLGkaxntfC3h4XtbSfnRgzyp72Wgwb-WgWkDwjYPw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 08:44:26 GMT
age: 40243
etag: "6c728c56797ba921e8001919df4d36e56dd37e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6889 bytes)
Hash
57d797a1c3f6589746a1135bdb19f54f
7aa14fcd982a5cee38d58fc3c89edc4a8daf4c97
ff8855ca951f53ed5f3886cc81a7f28384d41288edeca4fdc621250e4d01c6fe

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6889
x-amzn-requestid: c82ac543-90cd-4aeb-a65b-7e1bbbacc407
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ2UEE-3IAMFYBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d0419-427a29067c9c92ec0db6567f;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:39:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: BPWrjstB3xKeYzHK9eQoJL8ORgRFsqjmNxu0j10epBANBtZCRU-m2g==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:43:06 GMT
age: 79923
etag: "7aa14fcd982a5cee38d58fc3c89edc4a8daf4c97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8485 bytes)
Hash
e407da4d97d497925b1ab523fd416787
166741631fb93d109b18dde6d316b3fa3276aa8f
707460c02438da6114e35e0b6569d42c0f3fb747f8cb51002f4d52bedbcffa61

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8485
x-amzn-requestid: a56c9282-2786-4ae7-9fc2-0468bcc820a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_FM1oAMFZ2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-753cc4f121c9b77d22bb82b5;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mfmj40aUc8l5RPk56M-pbqTwhde_HzYcmN5MDrfv-WFPhbpoShWYNw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:57:28 GMT
age: 79061
etag: "166741631fb93d109b18dde6d316b3fa3276aa8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e82f3ab-3fe6-43bc-932c-936ec582e5cf.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (7017 bytes)
Hash
fea5dfc4a6a5093fd81899ee4a79d446
c893d7475856809a59486e0bcebd6d662d1fc56f
915fb97690be97d97cb298fc60ceb4cf7c3ed8fb437836beb2d590a8e238363c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e82f3ab-3fe6-43bc-932c-936ec582e5cf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7017
x-amzn-requestid: df5e57d7-e54c-4b5a-aa1b-a9aee889842e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_Et0oAMFSjQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-50d15bba03579a935342e22f;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: YRgmbTGaMvU9Kf47U90cPYhgpXaYgoNVA8ut6LOUStK4UfWahpSqVA==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:41:08 GMT
age: 80041
etag: "c893d7475856809a59486e0bcebd6d662d1fc56f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc91b46a1-040b-46aa-a7a1-af67f0058b83.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7519 bytes)
Hash
bb1a86dcf94db0a29a6ebe21866766d4
b3491a6f12c97c8e1848a206a185fae29213c1e5
d05619e519fed6c0b6c0616cf540908006a68f127b25e38fb9d041dfe2546df4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc91b46a1-040b-46aa-a7a1-af67f0058b83.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7519
x-amzn-requestid: bef8445b-1f8b-4c00-a9ad-b32fdefe3d13
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X3zXoHOhIAMFfNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312ff63-1a6c3ef64362a4d052a761ae;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 07:16:51 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Pzv2DSpqnXB0UP3C5EF-YUzRmveFwmal_8YyRfEuHuhZ1FcUWgHocg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 10:22:00 GMT
age: 34389
etag: "b3491a6f12c97c8e1848a206a185fae29213c1e5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.spotify.com/de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico

35.186.224.25

302 Found

0 B

URL HTTP/2
www.spotify.com/de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico
IP
35.186.224.25:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico HTTP/1.1
Host: www.spotify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Sun, 11 Sep 2022 19:55:08 GMT
x-powered-by: Express
set-cookie: sp_usid=847f361f-867b-4dac-9b00-94e5726270ae; Max-Age=1800; Domain=spotify.com; Path=/; Secure
sp_m=de; Path=/; Domain=.spotify.com; Max-Age=115516800; Expires=Sun, 10 May 2026 19:55:08 GMT; Secure; HttpOnly; SameSite=Lax
sp_t=094f32ab-64b8-4c2b-9506-2bfd04d7ee92; Path=/; Domain=.spotify.com; Max-Age=31536000; Expires=Mon, 11 Sep 2023 19:55:08 GMT; Secure
sp_new=1; Path=/; Domain=.spotify.com; Max-Age=86400; Expires=Mon, 12 Sep 2022 19:55:08 GMT; Secure
sp_landing=https%3A%2F%2Fwww.spotify.com%2Fde%2Flogin%2F; Path=/; Domain=.spotify.com; Max-Age=86400; Expires=Mon, 12 Sep 2022 19:55:08 GMT; Secure; HttpOnly
location: https://accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE
x-join-the-band: https://www.spotify.com/jobs/
content-security-policy: base-uri 'none'; connect-src https: wss:; form-action https:; frame-ancestors 'self' https://*.spotify.com https://*.spotify.net; object-src 'none'
sp-trace-id: 17bc1843d308f042
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
vary: Accept-Encoding
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

static.hotjar.com/c/hotjar-2841648.js?sv=6

54.230.111.66

200 OK

0 B

URL HTTP/2
static.hotjar.com/c/hotjar-2841648.js?sv=6
IP
54.230.111.66:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /c/hotjar-2841648.js?sv=6 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=604800; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
date: Sun, 11 Sep 2022 19:55:08 GMT
cache-control: max-age=60
etag: W/1e022999d6f4ca22629f1818d6fe9200
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: eyAGlNMkX4yziBnak7I7GkJCUV7msnTUOU1w3wl3V2b3HDCXABMkZA==
X-Firefox-Spdy: h2

www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp

157.240.200.35

200 OK

0 B

URL HTTP/2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP
157.240.200.35:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: wdYACulStAw0mPmLhLgXXBZXZJjqys/IjZlwQkCGHh4RkNatO6h5Ur58pRxioLh5MPCd3ozXLGBoe0m6NUR95g==
date: Sun, 11 Sep 2022 19:55:08 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

novidash.com/smartlink-css/631e3ced5ea16f7824008910?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0

188.240.52.20

200 OK

0 B

URL HTTP/2
novidash.com/smartlink-css/631e3ced5ea16f7824008910?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /smartlink-css/631e3ced5ea16f7824008910?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhq.com
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 11 Sep 2022 19:55:09 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6Imp6OGNWUXJkWVFjcXJPcHJZa1ZjMVE9PSIsInZhbHVlIjoiVUZpRDhESjBxckxhd1JBbGQ0bDkvMTFlN0lQMGhjbHBoNEdHZnlNSGh4Q0JiZWtFaXNWYU5HUzVaV1BOejlKVm9nckNieENLTlMxL28wckxpZXRKRnE2aVJrdXQ0c3M2SUNSL0xOekk4WWpGV3FiQ2dkdFdIaUNCd1k2M1NHZzEiLCJtYWMiOiI4YTU2ZTFkMWJjNjUwMTQyZTM2YmRkYzYzZTk5YTgwMzhmMDUyMjliZDEzYzc2MTlkOTE2YWVhYmQ4MDY5NzdjIiwidGFnIjoiIn0%3D; expires=Sun, 11-Sep-2022 21:55:09 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IlZPOU9yRHcwK1NXaFV4MWdjS0Nra0E9PSIsInZhbHVlIjoiNHIxRHJ2aFJQY3prQmFHSGFKZlUwN2IxU0Zhd1ZwcmFFaFpUR0Z0ejBlOW80ZFY0cmNJdlBKK29FRmhnVVo3K1E4SENKMmh1UmVBd0U2VUFJK1d3aHpYWXdOam1QY1V4eUl6NzVTWFJRUWEzaHJXRlJMNDkyMVJHaUJPSkoyYnQiLCJtYWMiOiJmYjk4M2JmYWU1NTU1NDdkNjZmNDVhMzIxM2FiNDNhYWEyNDg4N2U0YzQ0NzQ2MmQ2NGExZTBkMTM5MTY0Yjc5IiwidGFnIjoiIn0%3D; expires=Sun, 11-Sep-2022 21:55:09 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.7.2/css/all.css

104.21.63.54

200 OK

0 B

URL HTTP/2
use.fontawesome.com/releases/v5.7.2/css/all.css
IP
104.21.63.54:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /releases/v5.7.2/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhq.com
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 11 Sep 2022 19:55:07 GMT
content-type: text/css
x-amz-id-2: 8nfO0vrplxFBCch1qZ61ULI9hlVjL0LFBysNzaoCbMgwWNg3PJ0i7OQmQ9djpUsxMR0x7jkee0E=
x-amz-request-id: E68ZD91A845WCK3C
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:57 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1nGdu7fKa680bz0h0fEnXrK1LL3On8m8XlX4J95kck2CjveG4syck2nnk2i%2F8KgmPzRD8GpJ70%2FWXKn7N1rsZRMf8XA1GNm%2BrkbyO9DHccACEiMRJAz2LZ5s3kJXWQtB99xVtLrl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7492f58bee070b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

novidash.com/smartlink-css/631e3ced5ea16f7824008910?fingerprintid=9e4947f35751465411fd1a4f5c358c78

188.240.52.20

200 OK

0 B

URL HTTP/2
novidash.com/smartlink-css/631e3ced5ea16f7824008910?fingerprintid=9e4947f35751465411fd1a4f5c358c78
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /smartlink-css/631e3ced5ea16f7824008910?fingerprintid=9e4947f35751465411fd1a4f5c358c78 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 22285
Origin: http://other.landerhq.com
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 11 Sep 2022 19:55:08 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IlBTRVU2Z0NRNldUdldBMm5jOHR4OVE9PSIsInZhbHVlIjoibUNoK0tOeEt2V1pwVElOTk83QmdDSmRNdDUrT29LTkJXZjhzWUkvWDFKUG5XZ1VJT2RPUUhzYjJOSFZ2ZW5xZUJEYXRBdkdlNE84SDFveDUrMkVvRWxRV1d3dGxjdjBrQ25Sa1BPc1d4bm9iaWlMSnhHRDh0S2VhdHkwMmRyYmwiLCJtYWMiOiIyOGI5MzgxMmU2OWQ4YmMxZDM4ODg5YmY1ZjllMjhjZWFjZjRiZTE2ZjI1ZDEyNmI2NmUwNTZlNDUwYjRmYjc1IiwidGFnIjoiIn0%3D; expires=Sun, 11-Sep-2022 21:55:08 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6InlnekpPb0tGekVtVnVpakRabFlxanc9PSIsInZhbHVlIjoiRlptQUVTbTF2R240ZGRTaEJ2SVl0NVpqbk41TS9qRnRIREdmZFY0OXVWYkhUbE9qczFFZEorSkF1amREQjlleFhJQ1lRYm02TjF4OVZWNThRZTIvMlRIYzZQcWJsc1A1MGVhSUtpWkFycjBad01pMUhWWVNsUS9IUjJ4a2U0ODEiLCJtYWMiOiIxMDJkM2EzMjFhNDIyODE2ZjE0MjJmOWI1NTBhYTc2OGY1ZTk5Y2U2N2I3NGZjZGUyNmRjNGZhZjA3YzhjZjA0IiwidGFnIjoiIn0%3D; expires=Sun, 11-Sep-2022 21:55:08 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

novidash.com/smartlink-css/631e3ced5ea16f7824008910?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0

188.240.52.20

200 OK

0 B

URL HTTP/2
novidash.com/smartlink-css/631e3ced5ea16f7824008910?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /smartlink-css/631e3ced5ea16f7824008910?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhq.com
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 11 Sep 2022 19:55:10 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IjI4TTh5aFZESVI3K1M2Sm50bm1zR3c9PSIsInZhbHVlIjoiU2h2Um1VMkdyRDIrMHBKUG5BN1BjeUo5UkdMaWd4dldpeERlTlRKTDlqbnV1dUc4NTJMQzJkWEFtMmhUcHBkWjJBdXVWWEx5VVo0NUNnM3BJZFVqYmtnd21xcGFDclQ2VjlJU2NrUEluc3lqV3gyNjlva3RxV0R1QXp0Qjg2elIiLCJtYWMiOiIyMWJlOTliNWI4MWQ4ZDFhYWNhZWViM2ZlNzdhZjk2ODA3ZDBhZDYwMmZjMzdlYzJmMzVlM2I2M2NmYzQxZGFjIiwidGFnIjoiIn0%3D; expires=Sun, 11-Sep-2022 21:55:10 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IjluNXovUkJBMW10S1NCclhrQzZWZXc9PSIsInZhbHVlIjoiRkNEOVBxQy9yYVJDekhadUlHQklGODlZSk5SMGw0YldDc2VJazlydmRDZGdGN21WVHpSelF4MXNJNWVHYUp6Wk1ERUpDR0xtQnY4ZXR3TGpMcitNeWRPNExtNFZEK3ZRalhKaENOVDFjdnR2S3grUXpqZlpGMk9KSXRvNzZiREEiLCJtYWMiOiI2MWMxMTFmYTA3NWFmY2E1MzUyNDAwMjM3OWNlMmNkZjgzYTY1OTY5ZjM0ZmU1ZjgyZDU5MGRhMzMzOTQ5ZTQ5IiwidGFnIjoiIn0%3D; expires=Sun, 11-Sep-2022 21:55:10 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

novidash.com/smartlink-css/631e3ced5ea16f7824008910?sop=8&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0

188.240.52.20

200 OK

0 B

URL HTTP/2
novidash.com/smartlink-css/631e3ced5ea16f7824008910?sop=8&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /smartlink-css/631e3ced5ea16f7824008910?sop=8&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhq.com
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 11 Sep 2022 19:55:16 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IjVYTExkbUtzb3d4WmVoRkRKcDJ3ZVE9PSIsInZhbHVlIjoidGUyTWR0Z3p5NnpKWDFlMjdBYndBUjJRWkphQ1pHQjYrNWdvd3lrRFdJbTJMTTFiTFpGWnhGZTNPMHkybUJXZUwxTEkweTc5TVgwNkV3TDRtdDFlNEFGN0FJeFcwTDg0SDhONHovbGhyUUlIYjg4WnUzMFZ3YUVoTktXdm5zS1kiLCJtYWMiOiJmMTk1MWEwMzA2NGJlMzRhMTRhOTlkMjY2N2VlMzRmMTlkNmFhOTY3Zjk4ODA4ZjVkNmU4YzY3MGUyNjAxYjYzIiwidGFnIjoiIn0%3D; expires=Sun, 11-Sep-2022 21:55:16 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IlBmWkJMZlZpdWFBZzNjZS9QRG4rMUE9PSIsInZhbHVlIjoiODIyWFlsNTZZZnJUTW5qVndJLzgzU3M3OExmN1dWa1E2VVV4RkdpdHp2VFN0clFBeWJMdXZSRWQzVjBKcTQvVDhROWZzVy9UTlh5TU1ycjVBUDkzeEhSRTdJOEYwUHphSXdZM1hCTEVmenZqZWJxT2huQ2l5aXNPU29MaGNoZ3QiLCJtYWMiOiIzZmZkNTgxMWEzNzIyMmM2NDRiOWQ4Nzg2OGJhZjBiOTkxOWM4MjAzYzc3YjE4NjQ1NmUxZDc1YWFmNTFmOWYyIiwidGFnIjoiIn0%3D; expires=Sun, 11-Sep-2022 21:55:16 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE

35.186.224.25

200 OK

0 B

URL HTTP/2
accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE
IP
35.186.224.25:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE HTTP/1.1
Host: accounts.spotify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 11 Sep 2022 19:55:08 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding
x-frame-options: deny
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
set-cookie: __Host-device_id=AQCfxeOXhjFl5snNcwBtd8kGu0-Y9p-6j3CKa__1uOJMU9Li9caRp9NVLja40XWszIkcoOdRl0kkRR-ab72wFrIvwhUHIXWz96U;Version=1;Path=/;Max-Age=2147483647;Secure;HttpOnly;SameSite=Lax
__Secure-TPASESSION=AQCwauWfOudjTmOMlbX7EehFzoNbUQd/Ijxx4QzYpRjedRzOE5jM479Fpppd8FsVyvNKVPE+1kWPFxbFdy6hdl9fArDhBcaXcWY=;Version=1;Domain=accounts.spotify.com;Path=/;Secure;HttpOnly;SameSite=None
sp_sso_csrf_token=013acda719d85dac16fd966080b22f2baf04aa7edc31363632393236313038333337;Version=1;Domain=accounts.spotify.com;Path=/;Secure;SameSite=Lax
sp_tr=false;Version=1;Domain=accounts.spotify.com;Path=/;Secure;SameSite=Lax
__Host-sp_csrf_sid=ed39316e7d73ecf98cac1278169ad7a0b3460145a14db9eea46c11ea8b7386a6; Path=/; HttpOnly; Secure; Expires=2022-09-11 20:55:08.338; Max-Age=3600; SameSite=Lax
content-security-policy: default-src 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.cookielaw.org/scripttemplates/ https://*.onetrust.com https://accounts.scdn.co; img-src 'self' https://i.imgur.com https://d2mv8tnci56s9d.cloudfront.net https://profile-images.scdn.co https://*.scdn.co https://graph.facebook.com https://fbcdn-profile-a.akamaihd.net https://*.fbcdn.net https://platform-lookaside.fbsbx.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net data: https://accounts.scdn.co; font-src 'self' data: https://sp-bootstrap.global.ssl.fastly.net https://fonts.gstatic.com https://*.scdn.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css2; frame-src 'self' https://www.spotify.com https://www.google.com https://app.adjust.com https://itunes.apple.com itms-apps: https://www.google.com/recaptcha/; connect-src 'self' https://*.spotify.com https://www.google-analytics.com https://*.ingest.sentry.io/;
x-content-security-policy: default-src 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.cookielaw.org/scripttemplates/ https://*.onetrust.com https://accounts.scdn.co; img-src 'self' https://i.imgur.com https://d2mv8tnci56s9d.cloudfront.net https://profile-images.scdn.co https://*.scdn.co https://graph.facebook.com https://fbcdn-profile-a.akamaihd.net https://*.fbcdn.net https://platform-lookaside.fbsbx.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net data: https://accounts.scdn.co; font-src 'self' data: https://sp-bootstrap.global.ssl.fastly.net https://fonts.gstatic.com https://*.scdn.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css2; frame-src 'self' https://www.spotify.com https://www.google.com https://app.adjust.com https://itunes.apple.com itms-apps: https://www.google.com/recaptcha/; connect-src 'self' https://*.spotify.com https://www.google-analytics.com https://*.ingest.sentry.io/;
sp-trace-id: 87a1d5d2d1a9c83a
content-encoding: gzip
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

novidash.com/smartlink-css/631e3ced5ea16f7824008910?sop=6&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0

188.240.52.20

200 OK

0 B

URL HTTP/2
novidash.com/smartlink-css/631e3ced5ea16f7824008910?sop=6&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /smartlink-css/631e3ced5ea16f7824008910?sop=6&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhq.com
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 11 Sep 2022 19:55:14 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6Ii84b25TcitYSGlGMHdDYmh4aUFYclE9PSIsInZhbHVlIjoiOHNnWCsrTzFlYnJabEl3SmxlMCt6b25uWWlFVU5BZm50cVJkbmozcVJueWs5K0dTeHh4d2h3UGdWR2dhYlJQNndVd3VYK216QWwzdU1qMXBiWHhCRlJIdFVXeTh2ZjJsb1ArY1BuNDZtNnJ2MFdoTnRTVWZwZWF3R0pXRlJoTEMiLCJtYWMiOiJmMmI1MGM2ZmFhYjYzZTUxOGRmZmQzOTNmZGM1OWRiOGQ3Yzc3OTAzYmNlZjA3N2ExM2FjYWYzOTQ1NWVmYTQ0IiwidGFnIjoiIn0%3D; expires=Sun, 11-Sep-2022 21:55:14 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IitPS0NjRUtTVU9LTzBHVDVsT2RIWEE9PSIsInZhbHVlIjoiMFF5Q0Jid1M3TnJPdGFjMldpME1iejBDWmVCNkp6MVkxTUF3aVRPK2RvR0FEVkJVcVNQb1lxazZpQzFEM3YwRDhZbGtrRTYwNjZZWC9xa0tHT0ZpdG96bDQwYjFjaUV5OXRISVN4RE02Qkw4RVpQeUxUY1hpWmUxVEtqSkdadWEiLCJtYWMiOiI2YTEyMThjMjM1NDA2ZjM2OTU0NDdhZGExMDY0MWNkMTlkMWNlZmUxN2IzNDNiOWExOWJmYzQzOTY3ZmYyNzFlIiwidGFnIjoiIn0%3D; expires=Sun, 11-Sep-2022 21:55:14 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

novidash.com/smartlink-css/631e3ced5ea16f7824008910

188.240.52.20

200 OK

0 B

URL HTTP/2
novidash.com/smartlink-css/631e3ced5ea16f7824008910
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /smartlink-css/631e3ced5ea16f7824008910 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 352
Origin: http://other.landerhq.com
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 11 Sep 2022 19:55:08 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6Ims3R2N1Zkp4OUhFK1MrRVJRY1pPemc9PSIsInZhbHVlIjoiNytRdGV5UTV5aTdlWkdBaEVhandOdnlTeTlqVmlUQUx2V0dub0dTa3V4b2JaREV4SVBvL2huZUJPZkQzemtwbmFhNUp0NnhhWTk4MjFJK0FuS1BjTW54UVgxcThuaDBXRkswUCtRdVdkR3AxQ0JvWjdWWksyNktFNHVvYi9jOXUiLCJtYWMiOiI5Y2M4MWQ1ZmE1OGZkYWQ2OTI0MTJlMzZmNzI3MzI2ZGIyNzk3MzJjN2NjNTU0NTkwYjUxYjEyNzdjY2Q1M2UxIiwidGFnIjoiIn0%3D; expires=Sun, 11-Sep-2022 21:55:08 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6InhicFRDbHlQd2I1am5vV1cvQkF6Unc9PSIsInZhbHVlIjoiV29ocXl2SmY1eGlOVTdXVEJlMXJVSWFJUVNydmtXdGZHMUUrYSt3Y0laT21kUkpiZTdRdGIydTdQV0l1QkNxNkxUdEhXTVpaL3RFcEUyZit1dEsxcGlXVlVDbkRHK3hLMWlldUVpWkxObmw1ZmZ0bHdaUm92dGZ0WXBFMEZsbHYiLCJtYWMiOiJiZTcxODIxNmI0OWQ1ZTkzMDg1OWE2NmJkMDMzODlhYzQ4NjZlYTk5YjMyODM1MzllODUwODI0MzA4OTY2YjEwIiwidGFnIjoiIn0%3D; expires=Sun, 11-Sep-2022 21:55:08 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?dsh=S-1056419887%3A1662926108801922&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWpsVztVBVwJEBE1xFzj_wplQ-vXAvnxdrxMPArdZwd17Bj9jwCRMhSPJBthhjzVGwtEgXwB0g

216.58.207.237

403 Forbidden

0 B

URL HTTP/2
accounts.google.com/v3/signin/identifier?dsh=S-1056419887%3A1662926108801922&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWpsVztVBVwJEBE1xFzj_wplQ-vXAvnxdrxMPArdZwd17Bj9jwCRMhSPJBthhjzVGwtEgXwB0g
IP
216.58.207.237:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /v3/signin/identifier?dsh=S-1056419887%3A1662926108801922&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQDHYWpsVztVBVwJEBE1xFzj_wplQ-vXAvnxdrxMPArdZwd17Bj9jwCRMhSPJBthhjzVGwtEgXwB0g HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 11 Sep 2022 19:55:08 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-GCWUThQBDh3JCdOyMu4RRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=MRpcAAVti3QCsJ7PgHJSQhHYMehz6-H42k-S1plDR2-AYapJncPYm0ETeaqkbHL6j5-fAxetjelRoR5mREoHFixMt3y8w1SpMlftf_L_19WL6LfYY8MmL5H-Jq3-rjXpj58Ri1rqPPiLyAnHITl20QFhxjbLRZI30ASYSX4Enk4; expires=Mon, 13-Mar-2023 19:55:08 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

novidash.com/smartlink-css/631e3ced5ea16f7824008910?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0

188.240.52.20

200 OK

0 B

URL HTTP/2
novidash.com/smartlink-css/631e3ced5ea16f7824008910?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /smartlink-css/631e3ced5ea16f7824008910?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhq.com
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 11 Sep 2022 19:55:11 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6ImxWRW4vNjVWaG9VVlIvMnJCM0RPMlE9PSIsInZhbHVlIjoiK1o4RFdVSC9MV016elk3L2syQkFzSHNGUXBQMjdwTTNXcGQ4djFheVNuSTI3Mzhzc2FhOVpDc3Iyc2x2eUpUY0RMb0JaN0dldm1RYTZUMlNMMGE4WGxYMTI1WERFNHVZYm03azBKdExNd003OTMxRWhXY0d5SWJiZ2ZwS0dkTmMiLCJtYWMiOiI2YTk2NmY4YTVhODM5NDYxM2NlMDQ5ODI3ZmVkZmU0MDU3ZTdlNjhlZTQ0NDRlOTA5YzJlMzczYjJlN2NhNDVhIiwidGFnIjoiIn0%3D; expires=Sun, 11-Sep-2022 21:55:11 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6ImNPYWdtbENkYnVSM1E2eXNEOVF6TUE9PSIsInZhbHVlIjoiR0E4T3l6ZHVFYVhkUFVxdzlBOTdMYU54TGlKUmt5bWVRdUFHMm9VR013cFpIZWFxNXNMemVETm1ERXlmdXJseTBOeHJ4SnFsZXJIalFyMGpSR0ZrNUZ3eVQ1Ly81U1FQbkE2QnoySmxSM2VhcENVNGxtOGM0dFU0VjE1U2NJdUoiLCJtYWMiOiI2MGEwODYxYWM2NDQwNDFlMWNmYTE5MmZiZmU1MDViOGZlMzVjZDBmZDI3YzZlZGFlZDc2ZWM2ZDJhNDZlM2Q3IiwidGFnIjoiIn0%3D; expires=Sun, 11-Sep-2022 21:55:11 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

novidash.com/smartlink-css/631e3ced5ea16f7824008910?sop=4&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0

188.240.52.20

200 OK

0 B

URL HTTP/2
novidash.com/smartlink-css/631e3ced5ea16f7824008910?sop=4&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /smartlink-css/631e3ced5ea16f7824008910?sop=4&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhq.com
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 11 Sep 2022 19:55:12 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IldRRUp3cTVidUl6bzZSU1MzcFBlOEE9PSIsInZhbHVlIjoib1pzN0U5d054ZjRidTZRQ3Y5NWJleE80K0J0Ly83aDd6ZHppNzBOWXJXMUZBdDRaaWtjK0ZkUmc0T0RYcktSOVR6c2Y5ZHVHeUhJRmNKS08ySWtsS202ZytXRFVuM2hTNXV6bjd2RC9udkkzZTRYVXJaQmFTUmUyMGxrMEFmTW4iLCJtYWMiOiI0NGUzMDNmZjdmYWQzZGFjMGVkOGYyNmE2MmZhOTliYjYwNGQ0ZTAzOGRmMzkxODkxNDc4YjU3MjljMzczYmZlIiwidGFnIjoiIn0%3D; expires=Sun, 11-Sep-2022 21:55:12 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IlNKYmRHNkovMzRVN3l2SlFqaWxFMXc9PSIsInZhbHVlIjoiYmdlTWxyL3QzaHB5NGNsczA5RnV0MWFiOFBSU1dLMWpJUVU2ZTRaVk9meGRwWmNVNUVpeXIxSC9IeVRCWkRPejJxS3g5M1ZUNnMxbXJ6WVlSUzh0NEhTTStFWGNJUTJYcUFUK3Z6a3BoTExsTDYvcmd4MUFnMGlQUnJhbjJCYkYiLCJtYWMiOiIxNjBlNjQxZDkwZGFjNTZhNzU1YTU4YzU1NmU1MDliNTVkYmU2MmRhM2UxOTdhNjVlNThkNjVjNzVjOWI3NGMzIiwidGFnIjoiIn0%3D; expires=Sun, 11-Sep-2022 21:55:12 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

novidash.com/landing-interaction/902334837

188.240.52.20

200 OK

0 B

URL HTTP/2
novidash.com/landing-interaction/902334837
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /landing-interaction/902334837 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhq.com
Connection: keep-alive
Referer: http://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 11 Sep 2022 19:55:16 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6InBLOFNpaTdTaFQ4Tm1VRnBxRGhRUWc9PSIsInZhbHVlIjoidDYvNlowc0tlU01xR1pVaUd5eXNiMWptNy9ZZ2ZJNkxqV01XWnd4cjE0UzV3Mk9QM2h0UWxSczkyRWRKRkRlR3pLRmQyRTUzcUY5Zk5RTmJ1dEtqUVQ5azRJWXVTdTYxejNBc2o4TUJtbmE5K1lUZ0NYVVBqMXBvd3k2VVNaOE0iLCJtYWMiOiI3NDZmYTdhOGI3YzYyMWI1MGRmNmEzODY1Njg4Y2YxZGE4YWQ1Y2ZmMDFmZTJlNjI1ODg0Y2FmYzY2MWI5YjA5IiwidGFnIjoiIn0%3D; expires=Sun, 11-Sep-2022 21:55:16 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IkpRUTlld3NKc2FJczE4cFBCSVFSR0E9PSIsInZhbHVlIjoiSHIxWDEyRWM1NUVQcWRoSTR2LzVDWkJXbWFEeTlIQVRuM2RWR2JiWlZZUjByZGpSTExKZjF0bkI1cHlmT2ROUnBrZXM2MjRtRFZVWXhSTnNJbGxRSTh3enZydDNpZmhZUEJvSDFHOHF2RVpyNkdCVDRjMVV2L3doSzV0bDhpUG8iLCJtYWMiOiI4ZDE5Mzk3NzUwZGY2NmMzZWFkOTNlZWRhN2RhYzNlODlhY2YwNmY5NDQ0MTA0MzQ2ZTdjYmVjMzc2NjU2MjMxIiwidGFnIjoiIn0%3D; expires=Sun, 11-Sep-2022 21:55:16 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

www.dropbox.com/login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif

162.125.71.18

200 OK

0 B

URL HTTP/2
www.dropbox.com/login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif
IP
162.125.71.18:0
ASN
#19679 DROPBOX

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif HTTP/1.1
Host: www.dropbox.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: no-cache,no-cache, no-store
content-security-policy: base-uri 'self' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; connect-src https://* ws://127.0.0.1:*/ws ; default-src 'none' ; font-src https://* data: ; form-action 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; img-src https://* data: blob: ; media-src https://* blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' https://www.dropbox.com/static/api/ https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client 'nonce-vGDW5GMcIrmksNwa/DcS' ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; worker-src https://www.dropbox.com/static/serviceworker/ blob:, report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-vGDW5GMcIrmksNwa/DcS' 'nonce-UyrEMPOHoFewfXG8zuoE'
referrer-policy: strict-origin-when-cross-origin
set-cookie: gvc=MjY5MDI5MTc3NzE5NjE4OTU1NTg1NTE2MzQwODY0NTYzMTE2MQ%3D%3D; expires=Fri, 10 Sep 2027 19:55:08 GMT; HttpOnly; Path=/; SameSite=None; Secure
t=2aDPjfQaTILUqhJ6HPMMV2_p; Domain=dropbox.com; expires=Wed, 10 Sep 2025 19:55:08 GMT; HttpOnly; Path=/; SameSite=None; Secure
__Host-js_csrf=2aDPjfQaTILUqhJ6HPMMV2_p; expires=Wed, 10 Sep 2025 19:55:08 GMT; Path=/; SameSite=None; Secure
__Host-ss=VS4um-Zfx8; expires=Wed, 10 Sep 2025 19:55:08 GMT; HttpOnly; Path=/; SameSite=Strict; Secure
locale=en; Domain=dropbox.com; expires=Fri, 10 Sep 2027 19:55:08 GMT; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-server-response-time: 118
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8
date: Sun, 11 Sep 2022 19:55:08 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: a8593292427f48d79a07863a33df2695
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations