dratingmaject.com/731d3d18-8265-4580-88d6-216c9c89023d/2
302 0 B URL HTTP/1.1 dratingmaject.com/731d3d18-8265-4580-88d6-216c9c89023d/2
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /731d3d18-8265-4580-88d6-216c9c89023d/2 HTTP/1.1
Host: dratingmaject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Server: nginx
Date: Sun, 27 Nov 2022 14:22:33 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wn88scmha4duj6pkin3cunjo&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61
Pragma: no-cache
Set-Cookie: 731d3d18-8265-4580-88d6-216c9c89023d-v4=eedLxgG8EBi0rHNMeyPMJgwLo7T2Ti0VTegRdA3L6d8; Max-Age=86400; Expires=Mon, 28-Nov-2022 14:22:33 GMT; Domain=dratingmaject.com; Path=/; HttpOnly
cc-v4=MT0mJ4BQ4l2ZoGZ70vjGf7yXXnVRceinYyahMNpL2%2FqznN9bBV5rJdaDIUrJ1C7bgVuncIqTCcZgP1TCRAt0hvJa5GiUyAxe3dqLTgZKCs4vYjM8xcy7odjz67K0tg34tXx8NpigAqlBXTrh1Q7L%2FQ%3D%3D; Max-Age=31536000; Expires=Mon, 27-Nov-2023 14:22:33 GMT; Domain=dratingmaject.com; Path=/; HttpOnly
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cdbad2434b7d127a4fc769807a9dc3e7
fa98cd9fc2309ab4423f33f683d17bdb17d76713
560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8325
Expires: Sun, 27 Nov 2022 16:41:18 GMT
Date: Sun, 27 Nov 2022 14:22:33 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 64b2a23eab6e5ae8c010ec7242be930c
0673e4385ba01a5a245711bab96cafc34f765793
64751d193f7af72431e9689581faffcae1a30ff50ea425697b2b80ff61c87909
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5001
Cache-Control: max-age=163921
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 14:22:33 GMT
Etag: "63833c71-1d7"
Expires: Tue, 29 Nov 2022 11:54:34 GMT
Last-Modified: Sun, 27 Nov 2022 10:31:13 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 27 Nov 2022 14:17:40 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 293
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8199
Expires: Sun, 27 Nov 2022 16:39:12 GMT
Date: Sun, 27 Nov 2022 14:22:33 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: LKf4KrRXeu0cYFHLxgXVgnqbESDUkjvhe/zwNNVuLOm/XMWcDjMyuKGPUsYZCqlTJ+EqDsfhwyI=
x-amz-request-id: FHW7A2QG03TX9FYG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 27 Nov 2022 13:41:39 GMT
age: 2454
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 14:22:33 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 27 Nov 2022 14:11:12 GMT
cache-control: public,max-age=3600
age: 682
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
other.landerhq.com/landingpages/mcafee/logo.png
200 OK 30 kB URL HTTP/2 other.landerhq.com/landingpages/mcafee/logo.png
IP
File type PNG image data, 1280 x 257, 8-bit/color RGBA, non-interlaced\012- data
Hash 26740ccd6ca2d5d3542f4b0d540bd30c
13c7ccbb771765399a7aeb351a9c8d79e668c480
9db2bed7f1778805e72f7f079f0b8789eaf039e3d9124145d2e88dab53e22ae2
GET /landingpages/mcafee/logo.png HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/936884143
Cookie: XSRF-TOKEN=eyJpdiI6Imx4ZS9XdlhOZURnRTQ1WW9JWHNpUGc9PSIsInZhbHVlIjoiUUMxNGxPRHUzb0FvR2NtSytlUU5yZzZRTGl4ZzR6dGwrQWxZd09hZEt1SDE1RUJsT1BEMXhoUDIwcmNRc1RCZXB2WkEwQjl5Y2NTZTVJWU1xSGMzbFFUd1hBdkk1WkJTc3g2cmlianZlT2lEOCtZa05XNSsva29wQW9GdnlGQnAiLCJtYWMiOiIxOTA4ZjZlYjA1MGQ0MTk0YjI2NWU0NjFmNWU2MmQxZGE3YzE0ZWY1M2FhYjA5NmUxYjhmMGFmZTE1NGNjMzI4IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Im1OUG9aSVRnbzVTMElOUTJsWU9XdEE9PSIsInZhbHVlIjoienIzN0tvYnhQdE5VR2JrSjVNR0FsY3g2V2M3aW9EQktSRzB6eFExb3E5Y3U3WTNPTkVablZ3NWxWR2VRaG5iMklGbjlHSkRUWnJKS2ZpZWdIYUdqa0gweWM3U2s1QjFySzVqM0xOV3RyNExGWGJZVW9URkhDcnI4RUxwYzRCRUYiLCJtYWMiOiIwZTM3YjFkZTdiZGQ0YjhkOTBkMTBlNTQxZWIwYWFmMjZiMDE4MjMwYWYxMjlmNjQyNjgzNzRkYmRkZDRmNzA5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 14:22:34 GMT
content-type: image/png
content-length: 30211
last-modified: Sun, 27 Nov 2022 03:52:41 GMT
etag: "6382df09-7603"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
0ee06.trknovi.com/smartlink?mongo_id=638372a9d6c40a38080d3842&mongo_grouped_id=638372a9d6c40a38080d3843&redirect_url=https%3A%2F%2Fother.landerhq.com%2F936884143&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMjgwLCJvdXRlckhlaWdodCI6MTAyNCwidnciOjEyODAsInZoIjo5MzksImNvbG9yRGVwdGgiOjI0LCJkZXZpY2VNZW1vcnkiOjAsImhhcmR3YXJlQ29uY3VycmVuY3kiOjE2LCJzdGFuZGFsb25lIjowLCJ0aW1lem9uZSI6IlVUQyIsImxhbmd1YWdlIjoiZW4tVVMiLCJsYW5ndWFnZXMiOlsiZW4tVVMiLCJlbiJdLCJwbGF0Zm9ybSI6IkxpbnV4IHg4Nl82NCIsInRvdWNoIjowLCJpZnJhbWUiOjAsImV2YWwiOjM3LCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMCIsIm92ZXJyaWRlIjoxLCJkdXJhdGlvbiI6NDB9&js=1
302 Found 45 kB URL HTTP/2 0ee06.trknovi.com/smartlink?mongo_id=638372a9d6c40a38080d3842&mongo_grouped_id=638372a9d6c40a38080d3843&redirect_url=https%3A%2F%2Fother.landerhq.com%2F936884143&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMjgwLCJvdXRlckhlaWdodCI6MTAyNCwidnciOjEyODAsInZoIjo5MzksImNvbG9yRGVwdGgiOjI0LCJkZXZpY2VNZW1vcnkiOjAsImhhcmR3YXJlQ29uY3VycmVuY3kiOjE2LCJzdGFuZGFsb25lIjowLCJ0aW1lem9uZSI6IlVUQyIsImxhbmd1YWdlIjoiZW4tVVMiLCJsYW5ndWFnZXMiOlsiZW4tVVMiLCJlbiJdLCJwbGF0Zm9ybSI6IkxpbnV4IHg4Nl82NCIsInRvdWNoIjowLCJpZnJhbWUiOjAsImV2YWwiOjM3LCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMCIsIm92ZXJyaWRlIjoxLCJkdXJhdGlvbiI6NDB9&js=1
IP
Hash a0ad156e9291626eb22d6abceb8a0c38
cbaa5ae84c5372a4423c89b071d529213bc4eb81
a1dcd3ed72272f39f461f0d9c95f848bf5d195731d5aec7fc9ecf24683348ca8
GET /smartlink?mongo_id=638372a9d6c40a38080d3842&mongo_grouped_id=638372a9d6c40a38080d3843&redirect_url=https%3A%2F%2Fother.landerhq.com%2F936884143&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMjgwLCJvdXRlckhlaWdodCI6MTAyNCwidnciOjEyODAsInZoIjo5MzksImNvbG9yRGVwdGgiOjI0LCJkZXZpY2VNZW1vcnkiOjAsImhhcmR3YXJlQ29uY3VycmVuY3kiOjE2LCJzdGFuZGFsb25lIjowLCJ0aW1lem9uZSI6IlVUQyIsImxhbmd1YWdlIjoiZW4tVVMiLCJsYW5ndWFnZXMiOlsiZW4tVVMiLCJlbiJdLCJwbGF0Zm9ybSI6IkxpbnV4IHg4Nl82NCIsInRvdWNoIjowLCJpZnJhbWUiOjAsImV2YWwiOjM3LCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMCIsIm92ZXJyaWRlIjoxLCJkdXJhdGlvbiI6NDB9&js=1 HTTP/1.1
Host: 0ee06.trknovi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wn88scmha4duj6pkin3cunjo&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61
Cookie: XSRF-TOKEN=eyJpdiI6IkRsdzRkanFDZGx0YXp3SUIxNXlpaEE9PSIsInZhbHVlIjoianp6Z0RxWTRVSmpDT3VIT1VKSnhqd0M1OEl3S1Z5M0hNRXNlVjJRT2w0a2cyS25DSUpEN0lKak5ITUhSUlFRT1FaME1nd1lGYkJvcGRaK3l3eEN5VkRiQzQvQ1o3S3pha0xGTmNKOXV0WlI2T1p0WG5NWkVmdWhhSG55YUoxaW4iLCJtYWMiOiJkMTMxYjA3ZmUyZWRhZjYwZGRhNWUzOTZjOTBmNTY5MjRmMTgwMDMxYjY2NWE2ODczY2E3NWQyOTM5MjRjYzg1IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6IlRUZk82TDhSdnJnMjQ5d21jb1RiY3c9PSIsInZhbHVlIjoicXg0dWNpbkxPcy91OGRDU21yQ3FWSVlnOGZhSU5MNEh1TDJ1ajlWdGlBM29leWRYc3Z5anlHT1pXc0lvM0lVWGM0Y3JKRUF3MTRnZmxQbEJ4c3lzMUtwNjFoSHNFdUFqVjZFdXp4MmpRNHVMdDRNa2Urd3hFZVNrc2d4TWdscUMiLCJtYWMiOiI4NjdjMzdjMjcxYWI3MzcwOTM2Y2IyMWE1MjczZTY0YmIzYTk2NzY4YzljMjFmNDNiODgwNmUxMmM1YjIzMzZkIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: nginx/1.19.10
date: Sun, 27 Nov 2022 14:22:33 GMT
content-type: text/html; charset=UTF-8
location: https://other.landerhq.com/936884143
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IkVBNEk2UENnSm1aYjQzbEZnWXNHeHc9PSIsInZhbHVlIjoiZmpHcjBsRUpkbkRnZ2dKeGRLcnZXazBrbUJSeWdBdURPUDE5ZkkxMnBVYW1Zb0ZFM3ErL1BnWnFsb2VTa1dKWlI3azEwYnJlSSsrMVg0ODVYS05lc281ZWNuZE5NZHpBcld0ZEt2Zmdrc2VlNEpiM2VCZUZvV2JpOXFTNmtzTzIiLCJtYWMiOiJlNDgyNDk3NWIyOTUyZTU5MjgzZDRhYThkZTlhOTI3ODc3YzU2NDI1MTRiZTcwMjkwOGJhMmE2ZmIzZWQwZjU1IiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 16:22:33 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6Ii9RTEcvbFVwbENuTi84U0NtUm1QRmc9PSIsInZhbHVlIjoiMERBMG1jTUo0dzRHVjlsTUZ5d1lVd0hpU0MxQUQwSzJKcER0dVBsVGx4RkgrbGpKRk1sVTNZaEFmK0lqVjYzYnF6a2s5NnoyZmxzUE9TVTZ5dzAyV0hZbHNQUWQ4WmJJMFBLWHJpb0l5eVVZL0k5Z2k2ZnVzSmNUTkdvN1lzY3YiLCJtYWMiOiJmYjgzOGU3Njc3ZDNiOWYwOTJhM2YzMjFiMzIxMGFhMzQ5ODkwMjFkNTA0MjFjMzM0NGE4MGZjYWMzNjIwMjMxIiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 16:22:33 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
other.landerhq.com/landingpages/mcafee/os_versions.png
200 OK 3.1 kB URL HTTP/2 other.landerhq.com/landingpages/mcafee/os_versions.png
IP
File type PNG image data, 135 x 26, 8-bit/color RGBA, interlaced\012- data
Hash e662ac219b9626c6488250a2b09640c5
45636878adece610ed4d2c44bb177ac53e68adfb
cb28be8a2c6c7ef36afd59c211b5a1f50ad26229c14ae714c39df687c96ab823
GET /landingpages/mcafee/os_versions.png HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/936884143
Cookie: XSRF-TOKEN=eyJpdiI6Imx4ZS9XdlhOZURnRTQ1WW9JWHNpUGc9PSIsInZhbHVlIjoiUUMxNGxPRHUzb0FvR2NtSytlUU5yZzZRTGl4ZzR6dGwrQWxZd09hZEt1SDE1RUJsT1BEMXhoUDIwcmNRc1RCZXB2WkEwQjl5Y2NTZTVJWU1xSGMzbFFUd1hBdkk1WkJTc3g2cmlianZlT2lEOCtZa05XNSsva29wQW9GdnlGQnAiLCJtYWMiOiIxOTA4ZjZlYjA1MGQ0MTk0YjI2NWU0NjFmNWU2MmQxZGE3YzE0ZWY1M2FhYjA5NmUxYjhmMGFmZTE1NGNjMzI4IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Im1OUG9aSVRnbzVTMElOUTJsWU9XdEE9PSIsInZhbHVlIjoienIzN0tvYnhQdE5VR2JrSjVNR0FsY3g2V2M3aW9EQktSRzB6eFExb3E5Y3U3WTNPTkVablZ3NWxWR2VRaG5iMklGbjlHSkRUWnJKS2ZpZWdIYUdqa0gweWM3U2s1QjFySzVqM0xOV3RyNExGWGJZVW9URkhDcnI4RUxwYzRCRUYiLCJtYWMiOiIwZTM3YjFkZTdiZGQ0YjhkOTBkMTBlNTQxZWIwYWFmMjZiMDE4MjMwYWYxMjlmNjQyNjgzNzRkYmRkZDRmNzA5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 14:22:34 GMT
content-type: image/png
content-length: 3073
last-modified: Sun, 27 Nov 2022 03:52:41 GMT
etag: "6382df09-c01"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash a6fee11dfe1b88cd768a0ca3e2bd0c89
59cec9a44a4a92467678afe65f347f68641a2174
50870c499aae4d5dfd6df25a36cd04b6d185b66ef0590e46933984bf52e2483f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4022
Cache-Control: max-age=157880
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 14:22:34 GMT
Etag: "638328ac-1d7"
Expires: Tue, 29 Nov 2022 10:13:54 GMT
Last-Modified: Sun, 27 Nov 2022 09:06:52 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 279 B IP
Hash 263fd6d40218c2b0a2945fa12db8b4e5
db616a4c91fea68c1badef3644d17c033a467dd1
9a5d043d20760ae47a125e8585da97dcaf49405321e810c12e93336f55c95a97
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5210
Cache-Control: max-age=169867
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 14:22:34 GMT
Etag: "638352db-117"
Expires: Tue, 29 Nov 2022 13:33:41 GMT
Last-Modified: Sun, 27 Nov 2022 12:06:51 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279
0ee06.trknovi.com/smartlink-css/638372a9d6c40a38080d3842
200 OK 18 kB URL HTTP/2 0ee06.trknovi.com/smartlink-css/638372a9d6c40a38080d3842
IP
Hash 5416e7c4c9eda47168daa46d77f0f984
1e7428e7cf078d5cd0004ca47c924fdb11bf2785
5bdb7567fbaf7e79e9320dfaf74e490060b0779ea9b37c3338afcc17f77df3ea
GET /smartlink-css/638372a9d6c40a38080d3842 HTTP/1.1
Host: 0ee06.trknovi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wn88scmha4duj6pkin3cunjo&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61
Cookie: XSRF-TOKEN=eyJpdiI6Ik1ZNDQvOTMwMS8yTzFPWXhGMW82bEE9PSIsInZhbHVlIjoiYkc0TUgzUC9oVmhRb29rN1hENFhpUWdkS0NwTlNVWWlCamVFNFN5Y2xVOTUrZVJsTXJ5eHNtazd5Z0JwUEFuUTNmY0lOdVFUV3liUklLRmZrakVYeHdBaVpHamU2REVmMHJIemdCZDdQSjY0R0E1SGtyY2lURjBDYnJxbkwxVjciLCJtYWMiOiIwMmQ0Y2M1NDViNmYyN2NhNDQ1N2JiYWI4MGU3MjliMzk2OTIwMjdjMTY3N2NkZWY1Mzg0ZDBjZTRjYmYyNWZhIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6IndEa0UxamhTdEQ5MmdNaVBYQndoYWc9PSIsInZhbHVlIjoiUVhxMTBXYzFYV25hRGJONStJbjNpU0lrUFVKTDNOdWh2d29FNTA1MXVkUDNqMzZ6ODNIODl3S3duNGc1Q2hONXMyVHlxeUlFZFVVMHpzVWNrd28vd1o2ZmVPZ1A4T0IzWFRSd2NBSjh6eGw0TWp0eW9vOUYvdFBHdU9qU1RBbDAiLCJtYWMiOiI5MDliMWIyMWQ4ZDBmMzJiNGZjNDkxMzI0ZDc2ZjljMjExMjY4NTUwMjNmMmJmYjg3NjAwY2RmMmQwNWVmMTU0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 14:22:33 GMT
content-type: text/css; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IkRsdzRkanFDZGx0YXp3SUIxNXlpaEE9PSIsInZhbHVlIjoianp6Z0RxWTRVSmpDT3VIT1VKSnhqd0M1OEl3S1Z5M0hNRXNlVjJRT2w0a2cyS25DSUpEN0lKak5ITUhSUlFRT1FaME1nd1lGYkJvcGRaK3l3eEN5VkRiQzQvQ1o3S3pha0xGTmNKOXV0WlI2T1p0WG5NWkVmdWhhSG55YUoxaW4iLCJtYWMiOiJkMTMxYjA3ZmUyZWRhZjYwZGRhNWUzOTZjOTBmNTY5MjRmMTgwMDMxYjY2NWE2ODczY2E3NWQyOTM5MjRjYzg1IiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 16:22:33 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IlRUZk82TDhSdnJnMjQ5d21jb1RiY3c9PSIsInZhbHVlIjoicXg0dWNpbkxPcy91OGRDU21yQ3FWSVlnOGZhSU5MNEh1TDJ1ajlWdGlBM29leWRYc3Z5anlHT1pXc0lvM0lVWGM0Y3JKRUF3MTRnZmxQbEJ4c3lzMUtwNjFoSHNFdUFqVjZFdXp4MmpRNHVMdDRNa2Urd3hFZVNrc2d4TWdscUMiLCJtYWMiOiI4NjdjMzdjMjcxYWI3MzcwOTM2Y2IyMWE1MjczZTY0YmIzYTk2NzY4YzljMjFmNDNiODgwNmUxMmM1YjIzMzZkIiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 16:22:33 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js
200 OK 3.1 kB URL HTTP/2 cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js
IP
File type ASCII text, with very long lines (8836)
Hash b066530dd980f68abf6d92414bc4c7ed
34ad41df121cf682a0471d60e19ca4590fb5314f
b494f22ff0e7d3f34e58eed4232718aec04e61857777fff1bee495f488a52084
GET /npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.1.20
x-jsd-version-type: version
etag: W/"2349-ZoOIlhfcFugXpJwXzjjzWO/fFjg"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 27 Nov 2022 14:22:34 GMT
age: 42870
x-served-by: cache-fra-eddf8230022-FRA, cache-bma1661-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3067
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP
Hash 8132b8bc321e7bd9fa37d50575d8eb0a
58eba07acfe8704f5157c0786f9a2a7acadac8b8
c09cc5ec1ebcbbdf93b4e0550d4542fcc8daab9589a8b593b21f53f9a05d3b45
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 14:22:34 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "CBB530448C5FF1674A5CA4779F6B055F2F8DCFC9"
Expires: Mon, 28 Nov 2022 01:00:00 GMT
Last-Modified: Sun, 27 Nov 2022 13:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 943
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770b8448bf97b518-OSL
ocsp.digicert.com/
200 OK 279 B IP
Hash 263fd6d40218c2b0a2945fa12db8b4e5
db616a4c91fea68c1badef3644d17c033a467dd1
9a5d043d20760ae47a125e8585da97dcaf49405321e810c12e93336f55c95a97
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5210
Cache-Control: max-age=169867
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 14:22:34 GMT
Etag: "638352db-117"
Expires: Tue, 29 Nov 2022 13:33:41 GMT
Last-Modified: Sun, 27 Nov 2022 12:06:51 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 471 B IP
Hash 6139394a5a561c124389dcf6b9c10ca7
2f68a0d3b656837c5bfffd9ba092ae984b1d497a
87ebf4aca1fe9ad88a681c60c0d85d8ce9b031c0dca351afc4ca3be1abf14462
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1786
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 14:22:34 GMT
Last-Modified: Sun, 27 Nov 2022 13:52:48 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff2
200 OK 74 kB URL HTTP/2 use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 74348, version 329.31064\012- data
Hash 462806316fea535a6a57651bc2b000b0
80644191098f863f25be27841c0d92c452cf2327
4f9ee3d8f6e621642979e6a8f7e75c57cb9da34918cc08a38abfe178dbae1dd2
GET /releases/v5.7.2/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 14:22:34 GMT
content-type: font/woff2
content-length: 74348
x-amz-id-2: X4gV016SkzlGeFaE2lEvb0M2pOiYB4FowH8XX7PQnFbwirnHo1YdNwgUNQT37rpDLZEM7F4aXeE=
x-amz-request-id: BSXH49DCZ1NJS2F1
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:46:18 GMT
etag: "462806316fea535a6a57651bc2b000b0"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 3016
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2lJM1uTtUjfNiGMIvpj3NiLO5mcSLpE7ge2Ugq%2FiQtRYWjWAqfVL4vBcQaB5JjPcLxfGjlcc2WSZ%2BuDEWOCQ%2BZ4Gr8laAcdlLmLRIRIH6iU4KpJJS76m6a1vYrPEDeaSggD3JeSq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770b8449eba472cc-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 14:22:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
other.landerhq.com/landingpages/mcafee/bg.jpg
200 OK 130 kB URL HTTP/2 other.landerhq.com/landingpages/mcafee/bg.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x613, components 3\012- data
Size 130 kB (129948 bytes)
Hash 444f46588f202bb38dceb8191f606f3e
f4eb55005df6be8068bb9c78d7fc0cd70651a1dc
86102483f8cb9a2d5bd4771914f960e1ea0bf6b1866aa1c2b86f75a1018b94ce
GET /landingpages/mcafee/bg.jpg HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/936884143
Cookie: XSRF-TOKEN=eyJpdiI6Imx4ZS9XdlhOZURnRTQ1WW9JWHNpUGc9PSIsInZhbHVlIjoiUUMxNGxPRHUzb0FvR2NtSytlUU5yZzZRTGl4ZzR6dGwrQWxZd09hZEt1SDE1RUJsT1BEMXhoUDIwcmNRc1RCZXB2WkEwQjl5Y2NTZTVJWU1xSGMzbFFUd1hBdkk1WkJTc3g2cmlianZlT2lEOCtZa05XNSsva29wQW9GdnlGQnAiLCJtYWMiOiIxOTA4ZjZlYjA1MGQ0MTk0YjI2NWU0NjFmNWU2MmQxZGE3YzE0ZWY1M2FhYjA5NmUxYjhmMGFmZTE1NGNjMzI4IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Im1OUG9aSVRnbzVTMElOUTJsWU9XdEE9PSIsInZhbHVlIjoienIzN0tvYnhQdE5VR2JrSjVNR0FsY3g2V2M3aW9EQktSRzB6eFExb3E5Y3U3WTNPTkVablZ3NWxWR2VRaG5iMklGbjlHSkRUWnJKS2ZpZWdIYUdqa0gweWM3U2s1QjFySzVqM0xOV3RyNExGWGJZVW9URkhDcnI4RUxwYzRCRUYiLCJtYWMiOiIwZTM3YjFkZTdiZGQ0YjhkOTBkMTBlNTQxZWIwYWFmMjZiMDE4MjMwYWYxMjlmNjQyNjgzNzRkYmRkZDRmNzA5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 14:22:34 GMT
content-type: image/jpeg
content-length: 129948
last-modified: Sun, 27 Nov 2022 03:52:41 GMT
etag: "6382df09-1fb9c"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: /CNhBWPhtJjzvqBv9uZXRQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: EnHaXmTcfsc3Ngnnr9+9hX5XtwI=
ocsp.digicert.com/
200 OK 471 B IP
Hash 1120b48a56e019ac893e77e21e1c604f
fe0182c0bbb9a404b1a354e6790436211ce80bcd
6d0e056c8dc180f44a3a1a66b9fda95d0d19b098bf63630d1ecf819243e95383
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1083
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 14:22:34 GMT
Etag: "63822cf1-1d7"
Last-Modified: Sun, 27 Nov 2022 14:04:31 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
www.googletagmanager.com/gtm.js?id=GTM-TRL5HN2
200 OK 48 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-TRL5HN2
IP
File type ASCII text, with very long lines (3238)
Hash 20bd3d7649827c7b1f4cdc97c0a4d37f
60706e80a9f3f27618dd820d51f2568510016ed7
a7179d000817ab307c01aed37a3c3203157804df6bb87bf7605db98b28d57674
GET /gtm.js?id=GTM-TRL5HN2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 27 Nov 2022 14:22:34 GMT
expires: Sun, 27 Nov 2022 14:22:34 GMT
cache-control: private, max-age=900
last-modified: Sun, 27 Nov 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 48230
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 14:22:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash 1120b48a56e019ac893e77e21e1c604f
fe0182c0bbb9a404b1a354e6790436211ce80bcd
6d0e056c8dc180f44a3a1a66b9fda95d0d19b098bf63630d1ecf819243e95383
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1083
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 14:22:34 GMT
Etag: "63822cf1-1d7"
Last-Modified: Sun, 27 Nov 2022 14:04:31 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash ec490fb1655bc4688d88b1ed8e68b70d
9f75ada2488ea84d2f9267cbf5dc790f090ba088
ab990f382d28bd37e53e4bee48f490232c9ed7c9f1dbf5dc3ab1ccc6d8a7e142
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=136275
Date: Sun, 27 Nov 2022 14:22:34 GMT
Etag: "6382d036-1d7"
Expires: Tue, 29 Nov 2022 04:13:49 GMT
Last-Modified: Sun, 27 Nov 2022 02:49:26 GMT
Server: ECS (bsa/EB24)
X-Cache: Miss from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Z10wkx8rJ_gu08pI7OGCHbmZyElp43deOGpyrFDMIJQX6twrBAVcSg==
Age: 5063
botd.fpapi.io/api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20
200 OK 325 B URL HTTP/2 botd.fpapi.io/api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20
IP
Hash b0374410b4436777c0b5a9cd028d41b7
a55f9e250a5b8936e63cdac60c7a0a54dd1116a1
6f6998ebf90069240b6fb06c052278499dedbb4157cf01840942dd58b9b4bb32
POST /api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20 HTTP/1.1
Host: botd.fpapi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://other.landerhq.com/
Content-Type: text/plain
Origin: https://other.landerhq.com
Content-Length: 21682
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 14:22:35 GMT
content-type: application/octet-stream
content-length: 325
server: nginx
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Origin, Content-Length, Accept-Encoding, Authorization, Auth-Subscriptions, Botd-Password
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://other.landerhq.com
x-amzn-trace-id: Root=1-638372aa-42647ca1555a8af951cde676
X-Firefox-Spdy: h2
other.landerhq.com/landingpages/mcafee/favicon.ico
200 OK 1.2 kB URL HTTP/2 other.landerhq.com/landingpages/mcafee/favicon.ico
IP
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash ff7441c3264d89023f376e5319dad793
1f0be835d947eb2de35d945ea5b9b92578a8cbd7
93130759a18703dcad5862bc2fd2973edf9ab7e48ba2c0b4cd4fcfaf832df223
GET /landingpages/mcafee/favicon.ico HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/936884143
Cookie: XSRF-TOKEN=eyJpdiI6Imx4ZS9XdlhOZURnRTQ1WW9JWHNpUGc9PSIsInZhbHVlIjoiUUMxNGxPRHUzb0FvR2NtSytlUU5yZzZRTGl4ZzR6dGwrQWxZd09hZEt1SDE1RUJsT1BEMXhoUDIwcmNRc1RCZXB2WkEwQjl5Y2NTZTVJWU1xSGMzbFFUd1hBdkk1WkJTc3g2cmlianZlT2lEOCtZa05XNSsva29wQW9GdnlGQnAiLCJtYWMiOiIxOTA4ZjZlYjA1MGQ0MTk0YjI2NWU0NjFmNWU2MmQxZGE3YzE0ZWY1M2FhYjA5NmUxYjhmMGFmZTE1NGNjMzI4IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Im1OUG9aSVRnbzVTMElOUTJsWU9XdEE9PSIsInZhbHVlIjoienIzN0tvYnhQdE5VR2JrSjVNR0FsY3g2V2M3aW9EQktSRzB6eFExb3E5Y3U3WTNPTkVablZ3NWxWR2VRaG5iMklGbjlHSkRUWnJKS2ZpZWdIYUdqa0gweWM3U2s1QjFySzVqM0xOV3RyNExGWGJZVW9URkhDcnI4RUxwYzRCRUYiLCJtYWMiOiIwZTM3YjFkZTdiZGQ0YjhkOTBkMTBlNTQxZWIwYWFmMjZiMDE4MjMwYWYxMjlmNjQyNjgzNzRkYmRkZDRmNzA5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 14:22:35 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Sun, 27 Nov 2022 03:52:41 GMT
etag: "6382df09-47e"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 2034c4f478581061d113c3cb87e2f362
e9950a76f355c510f0449153fc23f67a9757bbe6
07e5f139ebbc8e61741506be27710036806f9e369c267e80eb9ec12587feab95
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 14:22:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash f79de44e08c43da30a3c6c5291fdc427
1a07b622d844d4793fe4767199f5f33f0f3229e2
d536b31b46e283bf64ff0c3e3bf29c706f1d5c2b63d82bc41c76e15bf4a06fe2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6430
Cache-Control: max-age=137234
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 14:22:35 GMT
Etag: "6382ce9f-1d7"
Expires: Tue, 29 Nov 2022 04:29:49 GMT
Last-Modified: Sun, 27 Nov 2022 02:42:39 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
use.fontawesome.com/releases/v5.7.2/css/all.css
200 OK 32 kB URL HTTP/2 use.fontawesome.com/releases/v5.7.2/css/all.css
IP
File type ASCII text, with very long lines (54456), with no line terminators
Hash 782f40a850ecd7e750be7f398d4a00d8
244a410e030f18ab22ff8f384ea9f4cbb6dad38b
2dcf51262ec4ba064ac19090083c0ebd9c92b95cd4039a8b103b4682799f44aa
GET /releases/v5.7.2/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 14:22:34 GMT
content-type: text/css
x-amz-id-2: 5s6+nP5DxwbA3aVgUja67SuwxzlJbWhtY6fWm55uKHRAQgNAlNN2O74b51ugIvZN8xHD0om3SdE=
x-amz-request-id: 0FNFS0NRNB098Y49
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:57 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 3017
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nqb8xQVxG%2F6rekTaEtk%2BRDOON4D%2FvIaa8NfCiGNC%2B2cpDHh1Elz98aTxBXTJivykfKOz1DNkCmeeHL9W15ztA0eVxcsK6Yejk7ekG4R20fc%2FomQvl33PFhBqQtZ5CVoFZ1xTxd%2BJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770b8448aa2172cc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 2034c4f478581061d113c3cb87e2f362
e9950a76f355c510f0449153fc23f67a9757bbe6
07e5f139ebbc8e61741506be27710036806f9e369c267e80eb9ec12587feab95
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 14:22:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.dropbox.com/login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif
200 OK 18 kB URL HTTP/2 www.dropbox.com/login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif
IP
Hash 0a4953682df4258fc79fb4c6ad3facf8
17c2057900e42ad515276d9ca300ee401e20d3fa
6e0dd833eb2e09e09e8bf6aaaac62a8d4fa6066aec8073bd83a34afcb804e6e0
GET /login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif HTTP/1.1
Host: www.dropbox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache,no-cache, no-store
content-security-policy: base-uri 'self' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; connect-src https://* ws://127.0.0.1:*/ws ; default-src 'none' ; font-src https://* data: ; form-action 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; img-src https://* data: blob: ; media-src https://* blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' https://www.dropbox.com/static/api/ https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js 'nonce-AFg3/GxgtCBsP9+W5ViO' ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; worker-src https://www.dropbox.com/static/serviceworker/ blob:, report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-AFg3/GxgtCBsP9+W5ViO' 'nonce-clBHo+h8qD6czoZchKbL'
referrer-policy: strict-origin-when-cross-origin
set-cookie: gvc=MjM3MjgzMjg5NDY1Mzk2NjYyMTAyODgzMjM0NjI1MDkzNzczODc4; expires=Fri, 26 Nov 2027 14:22:34 GMT; HttpOnly; Path=/; SameSite=None; Secure
t=bqq4vu3nJ_Ok-Yya2BsXx4hs; Domain=dropbox.com; expires=Wed, 26 Nov 2025 14:22:34 GMT; HttpOnly; Path=/; SameSite=None; Secure
__Host-js_csrf=bqq4vu3nJ_Ok-Yya2BsXx4hs; expires=Wed, 26 Nov 2025 14:22:34 GMT; Path=/; SameSite=None; Secure
__Host-ss=AZd-iy5Vl0; expires=Wed, 26 Nov 2025 14:22:34 GMT; HttpOnly; Path=/; SameSite=Strict; Secure
locale=en; Domain=dropbox.com; expires=Fri, 26 Nov 2027 14:22:34 GMT; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-server-response-time: 242
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8
date: Sun, 27 Nov 2022 14:22:34 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: b04e00a02d484cf2bd3bf828539009b0
X-Firefox-Spdy: h2
script.hotjar.com/modules.e1bdbadbcc63daea6270.js
200 OK 69 kB URL HTTP/2 script.hotjar.com/modules.e1bdbadbcc63daea6270.js
IP
File type Unicode text, UTF-8 text, with very long lines (48714)
Hash 53db6c810ee48127f87a9c79e206fc67
aa53e521ba10b23524afc519c6e6ba8d1eb5147c
f89c4d3c17828a5c54ecc60f5107e2bfe92cb8b4622fb766fda6d1fca1c95fdd
GET /modules.e1bdbadbcc63daea6270.js HTTP/1.1
Host: script.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 68720
date: Thu, 24 Nov 2022 08:09:06 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31536000
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: "53db6c810ee48127f87a9c79e206fc67"
last-modified: Thu, 24 Nov 2022 08:08:08 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: K0xxy-iYbaDVS1R-kpxKsACQmtDsVJQXEshhkleBAb1H5WRyKBL_Sw==
age: 281609
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
302 Found 396 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381)
Hash b9ed675d76e55b971c807baba6a0a942
81cb35eb29cb0de7fbda9cad0d2817493833ef29
cbe6eaa3485c23d2efa3429d2afe9979b48c47a6f44f5026cfeb6313cd604c0c
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 27 Nov 2022 14:22:35 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-2029590399%3A1669558955265831&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAuDcGCrEkyZPGdKshEbVnRnX-O_NAptv0egIg3HPlL1KEgcVjhV5Ko9Ty4acTEJ-7uyoe8pzw
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-Bgq5_DmVtndiCcqwq9zU-Q' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 396
server: GSE
set-cookie: __Host-GAPS=1:8y6G3BhfTHQOoy2iE5KjhEoENhovfg:fgIuroY5aBem8Ofj;Path=/;Expires=Tue, 26-Nov-2024 14:22:35 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 88e42375d2172305f819b892225cf877
674324641f82700172e72fe259ee2241361e2ea1
6dce3754a67df878b536c368657a492a1f908d408fe7fe5ba43c5d24c44434b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 14:22:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
vars.hotjar.com/box-5e66f98b4ee957db209dc6f63e3d59dd.html
200 OK 1.0 kB URL HTTP/2 vars.hotjar.com/box-5e66f98b4ee957db209dc6f63e3d59dd.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2368), with no line terminators
Hash e0652b84b7b3b650769c759fc520c3f8
0b55d6e28613350c7f41b88f19e726e6751ad03b
94b4c240f83065223dcacdd3f8b69cb229d0616edc3e2041eef3e270d859fc3d
GET /box-5e66f98b4ee957db209dc6f63e3d59dd.html HTTP/1.1
Host: vars.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1035
date: Wed, 23 Nov 2022 13:10:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "e0652b84b7b3b650769c759fc520c3f8"
last-modified: Wed, 23 Nov 2022 13:09:18 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: pgzAEowhGm7WSJO53KADAPD0ISpMykr6s2xwi4iVj6AOKyB3GfzVmw==
age: 349949
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash f79de44e08c43da30a3c6c5291fdc427
1a07b622d844d4793fe4767199f5f33f0f3229e2
d536b31b46e283bf64ff0c3e3bf29c706f1d5c2b63d82bc41c76e15bf4a06fe2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6430
Cache-Control: max-age=137234
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 14:22:35 GMT
Etag: "6382ce9f-1d7"
Expires: Tue, 29 Nov 2022 04:29:49 GMT
Last-Modified: Sun, 27 Nov 2022 02:42:39 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 770555aa8a0a52c611bafb289ca8a650
62504cadc49747f328e3c31ad3aa7a740043072c
6317c8530220392b1339be640b8c1181c468ff8e3f3d1d5692b39cb32404216f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 14:22:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.hotjar.com/c/hotjar-2841648.js?sv=6
200 OK 3.0 kB URL HTTP/2 static.hotjar.com/c/hotjar-2841648.js?sv=6
IP
File type ASCII text, with very long lines (5909)
Hash d2ee8a95ccbce24da0b1238a26cababe
f2d0d41feebca571bdd3e01edb91a2f30af46ba0
3db7479ca2a33485020fe828947bc9af18affc4106211c50adac6ade40676e07
GET /c/hotjar-2841648.js?sv=6 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
date: Sun, 27 Nov 2022 14:22:35 GMT
cache-control: max-age=60
etag: W/4b44b6b2c4208cfe2aeca12470c253c6
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: cmQFNtSq9E8ZAEME8dlkAtkAHYv2cAtcWwhsJir140yR5tAKX7e9OQ==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 770555aa8a0a52c611bafb289ca8a650
62504cadc49747f328e3c31ad3aa7a740043072c
6317c8530220392b1339be640b8c1181c468ff8e3f3d1d5692b39cb32404216f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 14:22:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 0179baf5ec5e7b83a87754b610733eea
2a8cde6961b030ae16954fcb196a86b4b36fd70b
aed0c506abbc2b33decadb4b2d5ef82e3cff474b48bce5ebe8cce1294435cae1
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=90773
Date: Sun, 27 Nov 2022 14:22:35 GMT
Etag: "63822fdf-1d7"
Expires: Mon, 28 Nov 2022 15:35:28 GMT
Last-Modified: Sat, 26 Nov 2022 15:25:19 GMT
Server: ECS (dcb/7FA8)
X-Cache: Miss from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: eW6pHn8T_CEaWZ2tJmGg09clzJZSb1L_JtL5sBwozWRfWmmYnYesdg==
Age: 609
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4156
Expires: Sun, 27 Nov 2022 15:31:51 GMT
Date: Sun, 27 Nov 2022 14:22:35 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4156
Expires: Sun, 27 Nov 2022 15:31:51 GMT
Date: Sun, 27 Nov 2022 14:22:35 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4156
Expires: Sun, 27 Nov 2022 15:31:51 GMT
Date: Sun, 27 Nov 2022 14:22:35 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4156
Expires: Sun, 27 Nov 2022 15:31:51 GMT
Date: Sun, 27 Nov 2022 14:22:35 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4156
Expires: Sun, 27 Nov 2022 15:31:51 GMT
Date: Sun, 27 Nov 2022 14:22:35 GMT
Connection: keep-alive
novidash.com/smartlink-css/638372a9d6c40a38080d3842?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/638372a9d6c40a38080d3842?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartlink-css/638372a9d6c40a38080d3842?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 14:22:35 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6InJsSkRqaUM5cnJ1elZibktYK1hsZGc9PSIsInZhbHVlIjoiMit1NEVESC95UUN4TXpIR0QxUzVPQWNUL00vMlp0L1cxMHlBV0t0RmtaMmdYWG1YNG1YcU5RNEMxR3JGS0t6cVNoVDFkNnE1OTloZXdjenNoUkxjRDQzaU53NE04d29aRFRzSTlQUkxQOURDeVRZWjNhQnF3d1JTdHpkOHAxcFMiLCJtYWMiOiI5ZjNiY2NmOTUzYTdhMTY5ZGEyMGM3NGIwMmJhNTU0MDRlMjE4Nzg5ZjMxM2UwMDgxMGExYjMzMGExZWM0NzFmIiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 16:22:35 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6InBDN1NGQlRybnRKOVgxL0M1R1ZLemc9PSIsInZhbHVlIjoielNDVkpjUEQ4L3VaS2lmczVtQ09JYkhLRTRrZUFaY0laUTQ4a0RIYnBFYmlwUklQZnhPUnlmd0tFaFpwVTI4c0JTQXhMQlpHLzlmWmN2c2xtZ2p5M2Z6WlVsNWRmY3plUldVeEFZSnpudHRTV3l0SXhpYmpMMjJxUHJ2MUQ3a3ciLCJtYWMiOiIyNzM5MjBiYzAyNGZmMTJhMGE1N2E5MmFjMmY4NmYyZjM4MDdkMTBjODlhMTYyMDQ5N2M4ZTJkMDI5YjIwOGM0IiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 16:22:35 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa78e81d9-dbc4-4911-9711-219f64026531.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa78e81d9-dbc4-4911-9711-219f64026531.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5e586c141835f4ac8819c55dcb811b4d
a23fd98701ac35cd8740d1f7a832118c770e20c8
4296f391f755a649897a2211f9072c69a0510e43a313674908bb0a771b12650e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa78e81d9-dbc4-4911-9711-219f64026531.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10944
x-amzn-requestid: ed714e4a-0f80-4b2d-ae82-b28d617fe927
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b42xTGpSoAMF9Vw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6379d1a1-1235a4ad16a6bfee50615fbb;Sampled=0
x-amzn-remapped-date: Sun, 20 Nov 2022 07:05:05 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: UzVSiMniBPN9LTEIutLmWn7BZX7d5RWIxtH0H-RpLfIGqdIBTovGMg==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 28fdf6e146f70e7372911f118404fb20.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 22:36:11 GMT
age: 56784
etag: "a23fd98701ac35cd8740d1f7a832118c770e20c8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfaef414-0c01-4bb9-800d-29da0ef5607d.jpeg
200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfaef414-0c01-4bb9-800d-29da0ef5607d.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e97baa4851785eac92c719abf481c64
c32a57038d3cdbc514c9081c9938eca6a04fb481
adb59e982648082e5421f58899a5331b2747e9d45be33c495fbe3ab8cc872b22
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfaef414-0c01-4bb9-800d-29da0ef5607d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8387
x-amzn-requestid: e4ce369f-7654-4c1a-94c2-70c913eb1a01
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFL0tEcqIAMFXHw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637ec01d-37bd969f4cdfe220096b8c1f;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 00:51:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: __2hrJIdzCKzhuJ_YfbSSfz-WwyIqnPugk7P6SuYSjn6b2wwm0otCw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 20:58:18 GMT
age: 62657
etag: "c32a57038d3cdbc514c9081c9938eca6a04fb481"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg
200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 76c00eceed956377d7469ef58b0815cb
97a135335f5b1b042adeb385718f8808cb78528b
81fb72ab752b2eb39ab6ee015055304490b3b6c3259968703fd07c2a2eed1e61
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7380
x-amzn-requestid: 18589644-299c-4a39-9376-db1bd1472009
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iEegIAMFeuQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-23990acc0fdc599a75a534e3;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RqsZxAtbOkWBGbXJ3sZHxcS-ZvWOw7Yg2Qd4zj0QLhrp3wAXC8w6jA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:50:08 GMT
age: 59547
etag: "97a135335f5b1b042adeb385718f8808cb78528b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
novidash.com/smartlink-css/638372a9d6c40a38080d3842
200 OK 6.9 kB URL HTTP/2 novidash.com/smartlink-css/638372a9d6c40a38080d3842
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f7f16c0f8a8e710210ce77c0e4c1c2a2
590c34be54c9889eec4ff7993e070fda836f711f
4224287ba765da59c877ac4f1dec65accc5bec934b7598d9cbbee669ba4ab12e
Analyzer Verdict Alert fortinet Phishing
POST /smartlink-css/638372a9d6c40a38080d3842 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 364
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 14:22:35 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IjN2ZUkrRms4UU0zcUVRZVlLYnlEM2c9PSIsInZhbHVlIjoiSTQ4TDA2OFBBSWdwZVpKblZieDdUY2tFeTVkYTVaVGRkTzBqQlNMcURVazlWWW9POWlaUTV5WDhzbUZXRlN4WWdRZktXVi9DYkFwNDIrektlaExSZlFWUnl6MWxwM0ttMzRmYUhrSUZhblRiZnNVNUFLL3g2SFBBVDg5Z2NoT1ciLCJtYWMiOiJmNmZlZjY2MzVjNGNjNWQzY2NkNDhiOTI5MTQzM2JmYTFjZDYzNjBiZGJiZWY5YTliYzRmNWI5YzE0YTc2ODUwIiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 16:22:35 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IlVnQW5FSURDQlhVc1lGcGxGc0swY3c9PSIsInZhbHVlIjoiUW5ydHhwMlhUV2gvU0tvMUQvd0ROQUtZaUJHSlFkZDcwaXFjalpKYittd3VvUnpBajRZaTNEa1MxZzBrdkdNa1lsQlpOSTVjYmlxWk5Va3NTWG5VaWI3RGhqb3ZVUG9RQkRnRWVFQllNRTdqWmJEU0Q3MUpQaHpVWmpzR3lwR0giLCJtYWMiOiI2NDBlYWEzODIyMDYzZmQ0MTY2OGVlYmJlMTM2YTYwYWM2NWMyMTY0YTBlNjZlNmJiNWMyOTM2ZTczODhhNjgyIiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 16:22:35 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg
200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 741ddfb19764ac9a77509e7e87cfbfb2
308c08784ce4a0757cbd112807555b83e17a1d56
e9271a76da94d8b655860c3b00d111396c5d3a227fd2f19e0ef400fd5e84d87e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8817
x-amzn-requestid: 31bd21c7-1d75-4159-af51-52035da16da4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-krGE6AIAMF2Kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637c1b13-32a7b9c6642592c70783a0cf;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 00:42:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6v42KU65wdKKPvjE7TRA3Li3o2dvrdPH7oGVDZGPPsAepqFFjQJkkA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 16:15:20 GMT
age: 79635
etag: "308c08784ce4a0757cbd112807555b83e17a1d56"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iFHoIAMF2-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AVwDLlKoy5pc9NNuR_OakMB0ONGAoO-k2AKwV--b2sjiaqYSKAWlZg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:37 GMT
age: 59458
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wn88scmha4duj6pkin3cunjo&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61
200 OK 0 B URL HTTP/2 0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wn88scmha4duj6pkin3cunjo&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61
IP
GET /smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wn88scmha4duj6pkin3cunjo&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61 HTTP/1.1
Host: 0ee06.trknovi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 14:22:33 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6Ik1ZNDQvOTMwMS8yTzFPWXhGMW82bEE9PSIsInZhbHVlIjoiYkc0TUgzUC9oVmhRb29rN1hENFhpUWdkS0NwTlNVWWlCamVFNFN5Y2xVOTUrZVJsTXJ5eHNtazd5Z0JwUEFuUTNmY0lOdVFUV3liUklLRmZrakVYeHdBaVpHamU2REVmMHJIemdCZDdQSjY0R0E1SGtyY2lURjBDYnJxbkwxVjciLCJtYWMiOiIwMmQ0Y2M1NDViNmYyN2NhNDQ1N2JiYWI4MGU3MjliMzk2OTIwMjdjMTY3N2NkZWY1Mzg0ZDBjZTRjYmYyNWZhIiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 16:22:33 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IndEa0UxamhTdEQ5MmdNaVBYQndoYWc9PSIsInZhbHVlIjoiUVhxMTBXYzFYV25hRGJONStJbjNpU0lrUFVKTDNOdWh2d29FNTA1MXVkUDNqMzZ6ODNIODl3S3duNGc1Q2hONXMyVHlxeUlFZFVVMHpzVWNrd28vd1o2ZmVPZ1A4T0IzWFRSd2NBSjh6eGw0TWp0eW9vOUYvdFBHdU9qU1RBbDAiLCJtYWMiOiI5MDliMWIyMWQ4ZDBmMzJiNGZjNDkxMzI0ZDc2ZjljMjExMjY4NTUwMjNmMmJmYjg3NjAwY2RmMmQwNWVmMTU0IiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 16:22:33 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
novidash.com/smartlink-css/638372a9d6c40a38080d3842?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/638372a9d6c40a38080d3842?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP
GET /smartlink-css/638372a9d6c40a38080d3842?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 14:22:36 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IlBETkZjVnkxbXA1dHlnWDRXWTg5dmc9PSIsInZhbHVlIjoieE9lNjF2aDRQaitCaU4yNldxdmFuVi9zUTVtUlV6VlRLcjZ3c01kaURlNHVnSzZtMi9JRnF4TzMwdEE1MFlBeFQ0TnB2aHRwdk91MmhSM05XRER4TXB6YU9iWUJ2Z2Fkakk5R2kvNVJUOTgxa0JPZDZ1eDdsbEhtRi9hVEFGM2UiLCJtYWMiOiJmODcwMjZlNDJmNmRlZjc3NzE1MGQ3ZTUwMjAyZjUxMDVlMDhmZTFiN2UzMmU3OTI1OWM4OWRjNDRiMDY1MmZmIiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 16:22:36 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6ImJlSGhkWGJVM0dkTGt0MGhLQWZtblE9PSIsInZhbHVlIjoiYWEwRFAwTVZ3OENnYXRrcGFRTnROVko2UjFNaHFPQk0yTnpBdVFrdVU2YUx2aTVTM2c2QlJoSWpiMWM5bzNkcnhLS2pXam5Id1RvR2tPckZ5Q3E5d3VWNEwyVG01VlRsNG5Ham9HWHV2SE51NkN0TlBqT3p6SHFyMFp6ZHJBRTkiLCJtYWMiOiIzY2I3ZWZhNTk0NzY2YzJmN2U1OTMzYTk1NzM3YzA4YmJlNGFkMjRiYjIxNmJkOGUxYmNiZWZmNDMzMmY0YzEzIiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 16:22:36 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
www.spotify.com/de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico
302 Found 0 B URL HTTP/2 www.spotify.com/de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico
IP
GET /de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico HTTP/1.1
Host: www.spotify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 27 Nov 2022 14:22:34 GMT
x-powered-by: Express
set-cookie: sp_usid=25d3aca2-2861-45aa-b5f4-e28454282e22; Max-Age=1800; Domain=spotify.com; Path=/; Secure
sp_m=de; Path=/; Domain=.spotify.com; Max-Age=115516800; Expires=Sun, 26 Jul 2026 14:22:34 GMT; Secure; HttpOnly; SameSite=Lax
sp_t=0d4e376b-21ee-4d40-bb65-20100ebe5d3a; Path=/; Domain=.spotify.com; Max-Age=31536000; Expires=Mon, 27 Nov 2023 14:22:34 GMT; Secure
sp_new=1; Path=/; Domain=.spotify.com; Max-Age=86400; Expires=Mon, 28 Nov 2022 14:22:34 GMT; Secure
sp_landing=https%3A%2F%2Fwww.spotify.com%2Fde%2Flogin%2F; Path=/; Domain=.spotify.com; Max-Age=86400; Expires=Mon, 28 Nov 2022 14:22:34 GMT; Secure; HttpOnly
location: https://accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE
content-security-policy: base-uri 'none'; connect-src https: wss:; form-action https:; frame-ancestors 'self' https://*.spotify.com https://*.spotify.net; object-src 'none'
x-join-the-band: https://www.spotify.com/jobs/
sp-trace-id: bb0f0f32af9cac3e
x-envoy-upstream-service-time: 16
server: envoy
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
vary: Accept-Encoding
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
novidash.com/smartlink-css/638372a9d6c40a38080d3842?fingerprintid=9e4947f35751465411fd1a4f5c358c78
200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/638372a9d6c40a38080d3842?fingerprintid=9e4947f35751465411fd1a4f5c358c78
IP
Analyzer Verdict Alert fortinet Phishing
POST /smartlink-css/638372a9d6c40a38080d3842?fingerprintid=9e4947f35751465411fd1a4f5c358c78 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 22287
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 14:22:35 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6ImtKRjlDbHhjNDZIQnc2eHRvY09IVXc9PSIsInZhbHVlIjoiUHRVUmV2YklydmVTcktham93WlM1U3BHTGZjYklOUjlUL3R1L1o3RUFIbGlNM294cXUreXcrSnFlSFFEcWg3RnM3NFM0MWdCSkJkVHNlVTdqZWFwOVUyNG9NbDZKWXh6RytCNnlKTG9tOGplMUYwNnk0Smc5RVI4b1lvYmI1TWIiLCJtYWMiOiJkNDkyYmY1NWM3ODVmM2ZkYTYzNWM5M2M0Y2Y2Y2YxMzBjYmUxYjM5YjYxOGRiMWY5ODBkZWZjZDVjODUxMjhlIiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 16:22:35 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6Ikt4WUNyTW80SE5CZnZwVEpHUmtRc2c9PSIsInZhbHVlIjoiN3B4WTBSNTNxSGZ5RytzQ2tzcGZnam0wbHFpZVdBVEpsbzR3R1hRUmNUaDQ4T0FPQTJhci95L3g1bWxLTG11QzRUSis0dWlzN0p3Ly94OWFleitYNi84OWhFZ3gwUjVycnRVV2pJcUE3dy9NWUVPOE8wU1BWaGJ3b0wzMXhMSzYiLCJtYWMiOiIzYjA5NjVmMTgzNzY4MDZlNWMzMDU3OWRhMDYxYjcwYWY4MjVhODEyOWZjYWU4N2M4ZjhkNjhmZjdjMjIyZTdkIiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 16:22:35 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
18.195.149.11
188.240.52.20
143.204.55.68
93.184.220.29
104.18.20.226
151.101.85.229
23.36.77.32