Report - dratingmaject.com/9f961cb1-cf52-4303-9131-56622bd15a1c

Report Overview

Submitted URL
dratingmaject.com/9f961cb1-cf52-4303-9131-56622bd15a1c
IP
18.195.149.11
ASN
#16509 AMAZON-02
Submitted
2022-09-03 02:55:25
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
www.dropbox.com	1994	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	419 B	37 kB	162.125.71.18
use.fontawesome.com	942	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	909 B	76 kB	172.67.169.247
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	372 B	47 kB	142.250.74.72
accounts.google.com	81	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	72 kB	216.58.207.237
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	598 B	710 B	173.194.221.155
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.115
www.spotify.com	1130	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	390 B	1.3 kB	35.186.224.25
dratingmaject.com	821761	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	373 B	906 B	18.195.149.11
cdn.jsdelivr.net	439	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	784 B	19 kB	151.101.85.229
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	4.4 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.110
novidash.com	35171	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.5 kB	26 kB	188.240.52.20
accounts.spotify.com	9553	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	416 B	3.5 kB	35.186.224.25
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	676 B	1.9 kB	143.204.42.165
botd.fpapi.io	297160	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	476 B	810 B	18.215.75.60
in.hotjar.com	1746	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	478 B	379 B	34.251.112.219
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	52 kB	34.120.237.76
static.hotjar.com	641	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	368 B	3.4 kB	54.230.111.113
www.facebook.com	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	396 B	2.9 kB	31.13.72.36
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	356 B	1.9 kB	104.18.21.226
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	4.2 kB	142.250.74.3
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	34.214.110.180
other.landerhd.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	6.1 kB	205 kB	188.240.52.20
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	4.4 kB	93.184.220.29
vars.hotjar.com	1014	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	496 B	1.7 kB	143.204.55.118
0ee06.trknovi.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.9 kB	3.7 kB	188.240.52.20

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-03	medium	dratingmaject.com/9f961cb1-cf52-4303-9131-56622bd15a1c	Phishing
2022-09-03	medium	novidash.com/smartlink-css/6312c212994913464d155879?fingerprintid=9e4947f35751465411fd1a4f5c358c78	Phishing
2022-09-03	medium	novidash.com/smartlink-css/6312c212994913464d155879	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

Files detected

URL
novidash.com/smartlink-css/6312c212994913464d155879?fingerprintid=9e4947f35751465411fd1a4f5c358c78
IP
188.240.52.20
ASN
#20857 Signet B.V.

File type
gzip compressed data, max compression\012- data
Size
20 kB (20006 bytes)
Hash
56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29

Detections

Analyzer	Verdict	Alert
VirusTotal	0/56

JavaScript (15)

	URL	Size	First Seen	Last Seen
	other.landerhd.com/899637196	126 B	2023-03-07	2023-08-21
Pretty URL other.landerhd.com/899637196 IP 188.240.52.20 ASN #20857 Signet B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04:00 Last Seen2023-08-21 19:58:13 Times Seen37 Hash dc2ab29926e4c4fba68e9d54511c2b0b 49ab59eeed8d75dfc7f9c24db8bb2d51764bddc5 d824bb9444c588471316cc11c51da26b5a1cb691b0ef4f3cae7aea05c450bcb8 Loading...

	other.landerhd.com/899637196	4.9 kB	2023-03-07	2023-03-07
Pretty URL other.landerhd.com/899637196 IP 188.240.52.20 ASN #20857 Signet B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:21:46 Last Seen2023-03-07 12:21:46 Times Seen1 Hash f4e1c7fd917399662e88be85cc3149a6 f9e091fd413fcf4af93ba59b09a205db4dd97851 74f68a30610ef0c81dbde5370fb251dd9f6a5d72bb4690194b73a9f0ae3c1493 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-07	2024-05-01
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-01 17:51:21 Times Seen850 Hash d40531c5e99a6f84e42535859476fe35 a901817d77b2fe5259c298c91bc65c54d7f8a1a9 a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Loading...

	vars.hotjar.com/box-1ada912494ba7fc7aca15fcef1c2a7ae.html	2.3 kB	2023-03-07	2023-03-17
Pretty URL vars.hotjar.com/box-1ada912494ba7fc7aca15fcef1c2a7ae.html IP 143.204.55.118 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:30 Last Seen2023-03-17 10:41:48 Times Seen1 Hash 5865f399c24cc57cb46de74ac4a640ff 8381437171dd8dcc5fb411fa75059fb059eb6e0b 82ab863e1e4c6fe101da9839cd7977627f2fd9da5123a21d1cda32a15c9348aa Loading...

	static.hotjar.com/c/hotjar-2841648.js?sv=6	5.5 kB	2023-03-07	2023-03-07
Pretty URL static.hotjar.com/c/hotjar-2841648.js?sv=6 IP 54.230.111.113 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:21:43 Last Seen2023-03-07 12:21:46 Times Seen1 Hash 4d9b30f9a9ee54b99baf24a8090bace2 b0ee896091ae11dd833dd906905b5631ebd375c2 c848b6323a27fd03aab6fd0d25b187aa2f394ed0a598cdb9bd2828ac0e496eee Loading...

	other.landerhd.com/899637196	390 B	2023-03-07	2023-08-03
Pretty URL other.landerhd.com/899637196 IP 188.240.52.20 ASN #20857 Signet B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04:00 Last Seen2023-08-03 19:02:26 Times Seen2 Hash 37ec97eee90db9751691d233b0d7eedd 7963c49b18fe240baf11a12b8db4e5b7cc5df5df 33a1148e5675c3ef76b2c879aadd190a187a7f1937d4279e54cdd65e40b1c4e5 Loading...

	other.landerhd.com/899637196	341 B	2023-03-07	2023-08-21
Pretty URL other.landerhd.com/899637196 IP 188.240.52.20 ASN #20857 Signet B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04:00 Last Seen2023-08-21 19:27:28 Times Seen5 Hash 0f9522c6818e7aa63cad4d069d21529a f8f5840df762222a04ee5908bfb75cc2c25886ce 573e0855fe1796a6393b64ac2b113a32232068b80459d190429aa1feb7b3f6c0 Loading...

	other.landerhd.com/899637196	838 B	2023-03-07	2023-03-17
Pretty URL other.landerhd.com/899637196 IP 188.240.52.20 ASN #20857 Signet B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:34:54 Last Seen2023-03-17 11:40:57 Times Seen1 Hash 6a2e78eb79ab3d224ecb6f8374a152f1 01430c4b41c3e4ee2fe2022872a1c855baf5dbfb d3b0d867b60b832bb227f6b7d019af71917b25eaecc85bdb3a2138bbe0a7550e Loading...

	cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js	9.0 kB	2023-03-07	2023-12-12
Pretty URL cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js IP 151.101.85.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04:00 Last Seen2023-12-12 23:36:16 Times Seen268 Hash 47c385b50143101eb33518d4bdb62b8f 6683889617dc16e817a49c17ce38f358efdf1638 52e6c3e0c3c2d518f8bf787de1e40e557c21e3b072f29c854f6321053e2fbbf3 Loading...

	0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wumnpcku2gu4m2pii7rf3oas&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61	6.1 kB	2023-03-07	2023-03-07
Pretty URL 0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wumnpcku2gu4m2pii7rf3oas&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61 IP 188.240.52.20 ASN #20857 Signet B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:21:46 Last Seen2023-03-07 12:21:46 Times Seen1 Hash 3fae9bdd1038f06683753462baac73fa 3668e7207a6945e173f717b963ef4059e757e2a4 7d6f8cfb47e5237fa3afc8850c8d0530db09e672d015f68e9d61a547cccb5722 Loading...

	other.landerhd.com/899637196	201 B	2023-03-07	2023-03-17
Pretty URL other.landerhd.com/899637196 IP 188.240.52.20 ASN #20857 Signet B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04:00 Last Seen2023-03-17 12:42:02 Times Seen1 Hash 6a325515b841215a28e5c2fecf2e848f 2d37dbe87f033a179a562d976bae23797d9e2590 7edeab74566fa8c0e6c857da731bf90cf39e37209d6730cf98d3cebefd6f04b5 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-TRL5HN2	122 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-TRL5HN2 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:21:46 Last Seen2023-03-07 12:21:46 Times Seen1 Hash afcc8e73370f8167989a3d86b0e6dd69 e594d6b70cbd823c47e61f90b38d2356775193a8 cc079ed71f455f470c5c29d7f8b29e072286b259bf44621d9b6fff5787a8302f Loading...

		Size	First Seen	Last Seen
	#1 Eval - 9ad4e1216ab756550243f73914b8cf40	523 B	2023-03-07	2023-03-17
Pretty Observations First Seen2023-03-07 01:34:54 Last Seen2023-03-17 11:40:57 Times Seen1 Hash 9ad4e1216ab756550243f73914b8cf40 86f9009222dca265c17a1b147991fb91a7360281 3d42eee9415522f4e95fcea0cc832841777e9c595370e8a64ddd028a43a6a903 Loading...

	#2 Eval - 2b875569090d7daf4c6bd31558a67d04	5.8 kB	2023-03-07	2023-03-07
Pretty Observations First Seen2023-03-07 12:21:46 Last Seen2023-03-07 12:21:46 Times Seen1 Hash 2b875569090d7daf4c6bd31558a67d04 d454fb4ab4705211f180cb44ae6158aa034e1261 b76f8c8891ef6ba18c376c010c83db67db39ab9eb1f85aa450c7cd0d01d94172 Loading...

		Size	First Seen	Last Seen
	#1 Write - 1b70ac0a972fddf1e1a33e6ed9df49c7	14 B	2023-03-07	2023-03-17
Pretty Observations First Seen2023-03-07 01:39:47 Last Seen2023-03-17 12:42:02 Times Seen1 Hash 1b70ac0a972fddf1e1a33e6ed9df49c7 6b3c3ed38c382e050cdb1ad72421d57649d42ed4 d3de569b7c2f7f122fba8046d966cd109673d0c87ac58412c3d64f2b2a4c0649 Loading...

HTTP Transactions (62)

URL IP Response Size

dratingmaject.com/9f961cb1-cf52-4303-9131-56622bd15a1c

18.195.149.11

302

0 B

URL HTTP/1.1
dratingmaject.com/9f961cb1-cf52-4303-9131-56622bd15a1c
IP
18.195.149.11:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /9f961cb1-cf52-4303-9131-56622bd15a1c HTTP/1.1
Host: dratingmaject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 
Server: nginx
Date: Sat, 03 Sep 2022 02:55:13 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wumnpcku2gu4m2pii7rf3oas&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61
Pragma: no-cache
Set-Cookie: 9f961cb1-cf52-4303-9131-56622bd15a1c-v4=opaOZmZ8k1l3t50SkyRFVd9CxaOw9BwHFKDjAiT7T6Y; Max-Age=86400; Expires=Sun, 04-Sep-2022 02:55:13 GMT; Domain=dratingmaject.com; Path=/; HttpOnly
cc-v4=6ts2yeMIv%2FK4uTaoYtlvfA48Wx%2BmM6ZtdwvdlGr%2FyH4pCrZAYMTtsVYItwZISADEEz6ixcHhjubzz4Ou9ItkDimgpCWMyddAyr%2F0f69XDGVzNhvoBbQ%2F8NQQuTAH9r2YOfin5U1WRuaBgBSmLNhcWg%3D%3D; Max-Age=31536000; Expires=Sun, 03-Sep-2023 02:55:13 GMT; Domain=dratingmaject.com; Path=/; HttpOnly

firefox.settings.services.mozilla.com/v1/

143.204.55.115

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 03 Sep 2022 02:42:45 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 1GQKwGEct93PclHmLyThED4ZDJMTLACeGVqmpn6oyNq3pKNnDbgz_A==
Age: 749

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bcdebf7a2bad5db595e8a0c1abb2ddcb
249dda2fa5e37b8a8f3a8c797193bf0874b6eedc
9b43ec48b16f96449208a0094c4d660806a2a2d344b5862dbff4c393bf3f9f9f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B43EC48B16F96449208A0094C4D660806A2A2D344B5862DBFF4C393BF3F9F9F"
Last-Modified: Thu, 01 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14493
Expires: Sat, 03 Sep 2022 06:56:47 GMT
Date: Sat, 03 Sep 2022 02:55:14 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.110

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 03 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: dx5NzQdL8yfsY61L3oC6hTuEsp5nSgVBYz3Pr4D6q_9jecs1liw27g==
age: 5997
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 02:55:14 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.115

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 03 Sep 2022 02:38:17 GMT
Cache-Control: max-age=3600
Expires: Sat, 03 Sep 2022 03:29:34 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: RcPznDIQp88azK2DmhrlFYpZhI9TqHzO6W5G1Mjw3i_KBKFE-FPCtQ==
Age: 1018

cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js

151.101.85.229

200 OK

14 kB

URL HTTP/2
cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js
IP
151.101.85.229:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (33348)
Size
14 kB (14137 bytes)
Hash
e7b94e944315bb48c9b9820ad324718d
f77317565b6243287bd3ee74fe96a9632fef559a
4c8e188a605e3090b34c87622bf7038d6699cb06af2f242eb77843ff3966f97a

HTTP Headers

GET /npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.3.5
x-jsd-version-type: version
etag: W/"8392-Rfi4DUKsZmgOw+7TcNmFhcx8ixc"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Sep 2022 02:55:15 GMT
age: 6712
x-served-by: cache-fra19145-FRA, cache-bma1648-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 14137
X-Firefox-Spdy: h2

other.landerhd.com/landingpages/mcafee/os_versions.png

188.240.52.20

200 OK

3.1 kB

URL HTTP/2
other.landerhd.com/landingpages/mcafee/os_versions.png
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type
PNG image data, 135 x 26, 8-bit/color RGBA, interlaced\012- data
Size
3.1 kB (3073 bytes)
Hash
e662ac219b9626c6488250a2b09640c5
45636878adece610ed4d2c44bb177ac53e68adfb
cb28be8a2c6c7ef36afd59c211b5a1f50ad26229c14ae714c39df687c96ab823

HTTP Headers

GET /landingpages/mcafee/os_versions.png HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/899637196
Cookie: XSRF-TOKEN=eyJpdiI6Ijg2NU96Qk9SSjE0NUlKR0piZWxpdnc9PSIsInZhbHVlIjoiMi9UUGkxTUZwQzRLQUI0WkRXQzFnd2hlN2tIaTVEMFVwOTFML09WaXJCVzRlRDljUVlYdXBJemt5eFJ4RUN5WG1RQWw0VmlmeElHbTdidkF2WVNzSnZxaFhSMGlTUU1PdTZpbDJXR1JqSTZqcjRQbG9ETEI0WXNwQUxtZVE3cDUiLCJtYWMiOiI3ODE3MTViZTgyMWRjYTc1M2IxZDQ0MjYyNzI4MzRiMDczZmI0MjYxZjA5OWRkZGFlMTFjYTkxMDIzNWFlNjQ0IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Ikpvb0VFZVNRSHNvNlJEUW1tcTREU0E9PSIsInZhbHVlIjoiVjl4MVIzMDFnQTQ0bUhuV2xkSVR0S25YZWdIbW9NVHZiWFpoM0REVFp6QnNlaFEyZEZyNHNtelZlbUpjOW05MmRmY3NwTFFGVldJblJmcnNLK01uK0lrcG9aVGRwUW54K2VtRUxIWldaVmNhTklPSlNZMi9FUHZaWmlqWitGMEwiLCJtYWMiOiJiYzM4NjhkOTUwY2RkYmM3NDgwM2Q5ZjBlOWY4YzEwN2MzOWViOWU2MWQwODAwOTUwZmM5ZWIzY2MwMGEwMzVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:15 GMT
content-type: image/png
content-length: 3073
last-modified: Wed, 31 Aug 2022 12:57:34 GMT
etag: "630f5abe-c01"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js

151.101.85.229

200 OK

3.1 kB

URL HTTP/2
cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js
IP
151.101.85.229:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (8836)
Size
3.1 kB (3067 bytes)
Hash
b066530dd980f68abf6d92414bc4c7ed
34ad41df121cf682a0471d60e19ca4590fb5314f
b494f22ff0e7d3f34e58eed4232718aec04e61857777fff1bee495f488a52084

HTTP Headers

GET /npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.1.20
x-jsd-version-type: version
etag: W/"2349-ZoOIlhfcFugXpJwXzjjzWO/fFjg"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Sep 2022 02:55:15 GMT
age: 20303
x-served-by: cache-fra19148-FRA, cache-bma1648-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 3067
X-Firefox-Spdy: h2

other.landerhd.com/landingpages/mcafee/360.png

188.240.52.20

200 OK

38 kB

URL HTTP/2
other.landerhd.com/landingpages/mcafee/360.png
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type
PNG image data, 125 x 168, 8-bit/color RGBA, non-interlaced\012- data
Size
38 kB (38110 bytes)
Hash
15f432f9006e7256a9452bdd27835619
7042133d844e198542a7cc1fadcc513059130fe6
010ba660952072e4c859f26dd1f74bc21cc2d7bdbf7c37b90d9e3ed279ad500f

HTTP Headers

GET /landingpages/mcafee/360.png HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/899637196
Cookie: XSRF-TOKEN=eyJpdiI6Ijg2NU96Qk9SSjE0NUlKR0piZWxpdnc9PSIsInZhbHVlIjoiMi9UUGkxTUZwQzRLQUI0WkRXQzFnd2hlN2tIaTVEMFVwOTFML09WaXJCVzRlRDljUVlYdXBJemt5eFJ4RUN5WG1RQWw0VmlmeElHbTdidkF2WVNzSnZxaFhSMGlTUU1PdTZpbDJXR1JqSTZqcjRQbG9ETEI0WXNwQUxtZVE3cDUiLCJtYWMiOiI3ODE3MTViZTgyMWRjYTc1M2IxZDQ0MjYyNzI4MzRiMDczZmI0MjYxZjA5OWRkZGFlMTFjYTkxMDIzNWFlNjQ0IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Ikpvb0VFZVNRSHNvNlJEUW1tcTREU0E9PSIsInZhbHVlIjoiVjl4MVIzMDFnQTQ0bUhuV2xkSVR0S25YZWdIbW9NVHZiWFpoM0REVFp6QnNlaFEyZEZyNHNtelZlbUpjOW05MmRmY3NwTFFGVldJblJmcnNLK01uK0lrcG9aVGRwUW54K2VtRUxIWldaVmNhTklPSlNZMi9FUHZaWmlqWitGMEwiLCJtYWMiOiJiYzM4NjhkOTUwY2RkYmM3NDgwM2Q5ZjBlOWY4YzEwN2MzOWViOWU2MWQwODAwOTUwZmM5ZWIzY2MwMGEwMzVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:15 GMT
content-type: image/png
content-length: 38110
last-modified: Wed, 31 Aug 2022 12:57:28 GMT
etag: "630f5ab8-94de"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

other.landerhd.com/landingpages/mcafee/logo.png

188.240.52.20

200 OK

30 kB

URL HTTP/2
other.landerhd.com/landingpages/mcafee/logo.png
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type
PNG image data, 1280 x 257, 8-bit/color RGBA, non-interlaced\012- data
Size
30 kB (30211 bytes)
Hash
26740ccd6ca2d5d3542f4b0d540bd30c
13c7ccbb771765399a7aeb351a9c8d79e668c480
9db2bed7f1778805e72f7f079f0b8789eaf039e3d9124145d2e88dab53e22ae2

HTTP Headers

GET /landingpages/mcafee/logo.png HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/899637196
Cookie: XSRF-TOKEN=eyJpdiI6Ijg2NU96Qk9SSjE0NUlKR0piZWxpdnc9PSIsInZhbHVlIjoiMi9UUGkxTUZwQzRLQUI0WkRXQzFnd2hlN2tIaTVEMFVwOTFML09WaXJCVzRlRDljUVlYdXBJemt5eFJ4RUN5WG1RQWw0VmlmeElHbTdidkF2WVNzSnZxaFhSMGlTUU1PdTZpbDJXR1JqSTZqcjRQbG9ETEI0WXNwQUxtZVE3cDUiLCJtYWMiOiI3ODE3MTViZTgyMWRjYTc1M2IxZDQ0MjYyNzI4MzRiMDczZmI0MjYxZjA5OWRkZGFlMTFjYTkxMDIzNWFlNjQ0IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Ikpvb0VFZVNRSHNvNlJEUW1tcTREU0E9PSIsInZhbHVlIjoiVjl4MVIzMDFnQTQ0bUhuV2xkSVR0S25YZWdIbW9NVHZiWFpoM0REVFp6QnNlaFEyZEZyNHNtelZlbUpjOW05MmRmY3NwTFFGVldJblJmcnNLK01uK0lrcG9aVGRwUW54K2VtRUxIWldaVmNhTklPSlNZMi9FUHZaWmlqWitGMEwiLCJtYWMiOiJiYzM4NjhkOTUwY2RkYmM3NDgwM2Q5ZjBlOWY4YzEwN2MzOWViOWU2MWQwODAwOTUwZmM5ZWIzY2MwMGEwMzVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:15 GMT
content-type: image/png
content-length: 30211
last-modified: Wed, 31 Aug 2022 12:57:28 GMT
etag: "630f5ab8-7603"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1

104.18.21.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1462 bytes)
Hash
1e44fe5b89483e5daff984f8c320bfdd
4ed24dcc9f1a080d7493ae1aec94d301c0efa704
466b103965e99dbbac6220f0033cfa949775654842dbf9dc4a107a6db1ba5a1b

HTTP Headers

POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 02:55:15 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "F44941A94EFB69688F9D98AA87B5FC757AE6BAC0"
Expires: Sat, 03 Sep 2022 14:00:00 GMT
Last-Modified: Sat, 03 Sep 2022 02:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 265
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 744b34974d260b69-OSL

use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff2

172.67.169.247

200 OK

74 kB

URL HTTP/2
use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff2
IP
172.67.169.247:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 74348, version 329.31064\012- data
Size
74 kB (74348 bytes)
Hash
462806316fea535a6a57651bc2b000b0
80644191098f863f25be27841c0d92c452cf2327
4f9ee3d8f6e621642979e6a8f7e75c57cb9da34918cc08a38abfe178dbae1dd2

HTTP Headers

GET /releases/v5.7.2/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 03 Sep 2022 02:55:15 GMT
content-type: font/woff2
content-length: 74348
x-amz-id-2: 3/jdcpXI5+xJK7nwn8d2HdkJXJ8r1+io6huMQ4QXh7pg2id0g0n3j3YsvIgin01B5xYbhPbKRn0=
x-amz-request-id: JK0848QW7EBGRV95
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:46:18 GMT
etag: "462806316fea535a6a57651bc2b000b0"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 24685
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gh58UNA5Y7xOs1dFBeNXukZe6vedhnisNyI9HgTi47MEcPVZaHGxotL7zcjievHxHGPJdJsJ2NACibliMycHWj0W0g34RpcQYSuqxmcAIC%2BmU3fruEfbLrHUEgsQV6ELSnNL48cG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 744b3497cbc71bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
21daf45cdda2eb462873226bb5c1f0fb
4d4621bbf1461f35f7e536c1dbd9de71978ffa23
8164c742d013bdc2836cac1167acfe482547347ab6a1daefa15475f694dae057

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4295
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 02:55:15 GMT
Last-Modified: Sat, 03 Sep 2022 01:43:40 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

other.landerhd.com/landingpages/mcafee/bg.jpg

188.240.52.20

200 OK

130 kB

URL HTTP/2
other.landerhd.com/landingpages/mcafee/bg.jpg
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x613, components 3\012- data
Size
130 kB (129948 bytes)
Hash
444f46588f202bb38dceb8191f606f3e
f4eb55005df6be8068bb9c78d7fc0cd70651a1dc
86102483f8cb9a2d5bd4771914f960e1ea0bf6b1866aa1c2b86f75a1018b94ce

HTTP Headers

GET /landingpages/mcafee/bg.jpg HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/899637196
Cookie: XSRF-TOKEN=eyJpdiI6Ijg2NU96Qk9SSjE0NUlKR0piZWxpdnc9PSIsInZhbHVlIjoiMi9UUGkxTUZwQzRLQUI0WkRXQzFnd2hlN2tIaTVEMFVwOTFML09WaXJCVzRlRDljUVlYdXBJemt5eFJ4RUN5WG1RQWw0VmlmeElHbTdidkF2WVNzSnZxaFhSMGlTUU1PdTZpbDJXR1JqSTZqcjRQbG9ETEI0WXNwQUxtZVE3cDUiLCJtYWMiOiI3ODE3MTViZTgyMWRjYTc1M2IxZDQ0MjYyNzI4MzRiMDczZmI0MjYxZjA5OWRkZGFlMTFjYTkxMDIzNWFlNjQ0IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Ikpvb0VFZVNRSHNvNlJEUW1tcTREU0E9PSIsInZhbHVlIjoiVjl4MVIzMDFnQTQ0bUhuV2xkSVR0S25YZWdIbW9NVHZiWFpoM0REVFp6QnNlaFEyZEZyNHNtelZlbUpjOW05MmRmY3NwTFFGVldJblJmcnNLK01uK0lrcG9aVGRwUW54K2VtRUxIWldaVmNhTklPSlNZMi9FUHZaWmlqWitGMEwiLCJtYWMiOiJiYzM4NjhkOTUwY2RkYmM3NDgwM2Q5ZjBlOWY4YzEwN2MzOWViOWU2MWQwODAwOTUwZmM5ZWIzY2MwMGEwMzVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:15 GMT
content-type: image/jpeg
content-length: 129948
last-modified: Wed, 31 Aug 2022 12:57:35 GMT
etag: "630f5abf-1fb9c"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
c1a01f2cba7e7e007ac9a6e0b25b0de3
8ec0cf6b3d01df0e258a6d527671d764e27424ae
fb33e31198b514ff406e70bfeb1f49f8661fbdcf88409315102038e8d5ed1551

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4834
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 02:55:15 GMT
Last-Modified: Sat, 03 Sep 2022 01:34:41 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
51a291e63c81686bc72df6b5ce3b5e00
2dfe01912533530665cf52e3ac1b5a7d7704667f
2449cea77a21367beb4a8fb25248883f24c60ea8868487b20fad1aa735c21cf1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5550
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 02:55:15 GMT
Last-Modified: Sat, 03 Sep 2022 01:22:45 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b69e4ee589f24deef7c8a3004daae9d1
e96ab184083a5084569b86b8846a6fa0c3b6af9a
7560417294eeb0f5c955d68bcc9b9eae40d69d1ff4b717a115ca1c614b1f4a17

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 02:55:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-TRL5HN2

142.250.74.72

200 OK

46 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-TRL5HN2
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (3238)
Size
46 kB (46500 bytes)
Hash
fed66092a73699790c5a5c0ab8c61742
acc29b29757e94ae36f8ab603503afa7e9717819
6ee6f45b0a94e19952a0de0b8aa60c18e5697d359f913b30b6ac14bfac49f2e2

HTTP Headers

GET /gtm.js?id=GTM-TRL5HN2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 03 Sep 2022 02:55:15 GMT
expires: Sat, 03 Sep 2022 02:55:15 GMT
cache-control: private, max-age=900
last-modified: Sat, 03 Sep 2022 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46500
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b69e4ee589f24deef7c8a3004daae9d1
e96ab184083a5084569b86b8846a6fa0c3b6af9a
7560417294eeb0f5c955d68bcc9b9eae40d69d1ff4b717a115ca1c614b1f4a17

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 02:55:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
51a291e63c81686bc72df6b5ce3b5e00
2dfe01912533530665cf52e3ac1b5a7d7704667f
2449cea77a21367beb4a8fb25248883f24c60ea8868487b20fad1aa735c21cf1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5550
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 02:55:15 GMT
Last-Modified: Sat, 03 Sep 2022 01:22:45 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

34.214.110.180

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.214.110.180:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jU7sEEBQFRShFzKuGuA+HA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 12hLmOucVz5ytSREeOWeJCOxQJ0=

ocsp.sca1b.amazontrust.com/

143.204.42.165

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.165:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
91c1841b9e88630ba722794218f2f705
defd76fa005f2ecd3adc8a03270a5e12caedde30
28f4cfdc9c12294f859760b443579b7f8d35cc007f8b3991f4db93d1c175ce6a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 03 Sep 2022 02:55:15 GMT
Last-Modified: Sat, 03 Sep 2022 01:15:14 GMT
Server: ECS (nyb/1D31)
X-Cache: Miss from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: KBEzrHF4DvO4WScfkciH_BWwRDFuZRjUIoyx34el9Tg_RXp0h7ZcKg==
Age: 6001

botd.fpapi.io/api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20

18.215.75.60

200 OK

313 B

URL HTTP/2
botd.fpapi.io/api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20
IP
18.215.75.60:0
ASN
#14618 AMAZON-AES

File type
data
Size
313 B (313 bytes)
Hash
dfa7c14be637f4aa59f0e91cd35cbd99
a9f4b11bcd8044f41d794bb2a4ab79b93c6a90d7
775c320c4f413cecfd7b3da68c87a58555f79630bdbe7802b9c5180a6580dce5

HTTP Headers

POST /api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20 HTTP/1.1
Host: botd.fpapi.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://other.landerhd.com/
Content-Type: text/plain
Origin: https://other.landerhd.com
Content-Length: 21686
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Sep 2022 02:55:15 GMT
content-type: application/octet-stream
content-length: 313
server: nginx
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Origin, Content-Length, Accept-Encoding, Authorization, Auth-Subscriptions, Botd-Password
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://other.landerhd.com
x-amzn-trace-id: Root=1-6312c213-5c774eac55bec6ef5307dcf8
X-Firefox-Spdy: h2

other.landerhd.com/landingpages/mcafee/favicon.ico

188.240.52.20

200 OK

1.2 kB

URL HTTP/2
other.landerhd.com/landingpages/mcafee/favicon.ico
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
ff7441c3264d89023f376e5319dad793
1f0be835d947eb2de35d945ea5b9b92578a8cbd7
93130759a18703dcad5862bc2fd2973edf9ab7e48ba2c0b4cd4fcfaf832df223

HTTP Headers

GET /landingpages/mcafee/favicon.ico HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/899637196
Cookie: XSRF-TOKEN=eyJpdiI6Ijg2NU96Qk9SSjE0NUlKR0piZWxpdnc9PSIsInZhbHVlIjoiMi9UUGkxTUZwQzRLQUI0WkRXQzFnd2hlN2tIaTVEMFVwOTFML09WaXJCVzRlRDljUVlYdXBJemt5eFJ4RUN5WG1RQWw0VmlmeElHbTdidkF2WVNzSnZxaFhSMGlTUU1PdTZpbDJXR1JqSTZqcjRQbG9ETEI0WXNwQUxtZVE3cDUiLCJtYWMiOiI3ODE3MTViZTgyMWRjYTc1M2IxZDQ0MjYyNzI4MzRiMDczZmI0MjYxZjA5OWRkZGFlMTFjYTkxMDIzNWFlNjQ0IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Ikpvb0VFZVNRSHNvNlJEUW1tcTREU0E9PSIsInZhbHVlIjoiVjl4MVIzMDFnQTQ0bUhuV2xkSVR0S25YZWdIbW9NVHZiWFpoM0REVFp6QnNlaFEyZEZyNHNtelZlbUpjOW05MmRmY3NwTFFGVldJblJmcnNLK01uK0lrcG9aVGRwUW54K2VtRUxIWldaVmNhTklPSlNZMi9FUHZaWmlqWitGMEwiLCJtYWMiOiJiYzM4NjhkOTUwY2RkYmM3NDgwM2Q5ZjBlOWY4YzEwN2MzOWViOWU2MWQwODAwOTUwZmM5ZWIzY2MwMGEwMzVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:15 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Wed, 31 Aug 2022 12:57:35 GMT
etag: "630f5abf-47e"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
b1ad004f11b9c337660dfc7b6a5091de
5e017d69c3549cd9d9b33d11486989bec8500b5a
6dfad0eaa16c37e2c7c9264636adcf2b3eed1577d44df08c388a983b810121b2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4446
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 02:55:15 GMT
Last-Modified: Sat, 03 Sep 2022 01:41:09 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4d6c49cdfc9ba8e2c35c0864cdd02a9a
ea1b2234ca6f8e87594c1cd3329d61ccf1e6c8a2
662b1013ed12b05bebf54a1cb3040105777d022f0768b3e3fe532b1d8239bfbe

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 02:55:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

novidash.com/smartlink-css/6312c212994913464d155879?fingerprintid=9e4947f35751465411fd1a4f5c358c78

188.240.52.20

200 OK

20 kB

URL HTTP/2
novidash.com/smartlink-css/6312c212994913464d155879?fingerprintid=9e4947f35751465411fd1a4f5c358c78
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type
gzip compressed data, max compression\012- data
Size
20 kB (20006 bytes)
Hash
56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /smartlink-css/6312c212994913464d155879?fingerprintid=9e4947f35751465411fd1a4f5c358c78 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 22284
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:15 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IjAxdW9ZaTNTSDhLNmtsaGVzOXE2TUE9PSIsInZhbHVlIjoieFdYREhzU2tNQkpBK1NvM3JJTi9Oc1ZjamFBc28vSHhTc251YVU3c3A0Vy9yVWFseGduQUVEQ21HdmRDbGxJc3J6ekNWYTI1Q00rSWtnR1NyM1F0Vk5pQVA5V1N2SzZMTUpiYnduTHJURmJNZzZta3lpZkFlRWhuNG5neUlOUEYiLCJtYWMiOiJiZDg5ZWUwMzkzNDFjY2JjZjdiYzg1Yzk3ZDBjNDVhZWRkNjUwYmNjYTUwMWFjMTczMDRiMGQzMDBiODI0NjZmIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:15 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IjlVL3ZJQzRSeEVSTlFsbGZuSkRSckE9PSIsInZhbHVlIjoibHFQRXlZY2h3UGpHY3ZqSnJuRUtYeXkwRzAvUW5oaWFPd1U1UitFQ2htRmMyckpYWTBWaGZLOW5aQTFnQ1JSYmlJTndPMHJjWUpodlpTZ20wcmhrUXZuaEdGRExXbmhMcTg3cW1DTXd6bWtXMFZ1Ny9BMmFMRzVycG51ZmVTWjUiLCJtYWMiOiJjYjE3OTRkZjUwMWRiZDg1Nzk0MjEzNDFjNWVkYzRhNTUzNTc4ZWMyYzE4ODg0OWYwYzNjNjU3OTZhZjVmNGVkIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:15 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4d6c49cdfc9ba8e2c35c0864cdd02a9a
ea1b2234ca6f8e87594c1cd3329d61ccf1e6c8a2
662b1013ed12b05bebf54a1cb3040105777d022f0768b3e3fe532b1d8239bfbe

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 02:55:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

216.58.207.237

302 Found

394 B

URL HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
216.58.207.237:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (385)
Size
394 B (394 bytes)
Hash
6654dd333e47e3fa1d5d1dec3e1cd619
9a088ff2921fe2fdc719d6e06cfee04a236ee05e
35bcddbc81f1ff5dae81431598ae724a2472e7e6aa029bd8e07415aa69203617

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 03 Sep 2022 02:55:15 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1894852716%3A1662173715852221&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmW9rJH5YUC-6E5LSVGZanyKywSleyyjxMdPTvnEgvYFigEtMJ6ab9qGOPpW7Ia20OUabu7L6w
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-cDX527YkZhdrzizJqkCnDA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 394
server: GSE
set-cookie: __Host-GAPS=1:nm96wdEXf2sB6jdgB9vjIHL1lHuf:dZNyZn2uDH9NspXw;Path=/;Expires=Mon, 02-Sep-2024 02:55:15 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail

216.58.207.237

302 Found

390 B

URL HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
216.58.207.237:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Size
390 B (390 bytes)
Hash
b192609d0f3ca29f5d7e3179168b7c12
305d03faecff2e712ebc663c4ce74c477462825e
abb116ad57c4d794aa85f5f967f4d67d25aaa2dfd8cf8f3e11dae2709d2453e6

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 03 Sep 2022 02:55:15 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S973727434%3A1662173715896780&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmUFeefvQKpiBx-wI6f06q3ql5nx7HB-NZ9tBeRE3n45D2GNxjoVXEsVxkTdQL93ogG1Ey_pYw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-8JKe895gTSfna64s-lSjcg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 390
server: GSE
set-cookie: __Host-GAPS=1:MKPhyi0mOohjcQbjiHROzi9plkfDpg:nKCjPLW7H0lIoML6;Path=/;Expires=Mon, 02-Sep-2024 02:55:15 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

static.hotjar.com/c/hotjar-2841648.js?sv=6

54.230.111.113

200 OK

2.7 kB

URL HTTP/2
static.hotjar.com/c/hotjar-2841648.js?sv=6
IP
54.230.111.113:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (3790)
Size
2.7 kB (2735 bytes)
Hash
4ad0f401581a7a99b5c10857def6b778
de265aac61477e4d9889eb15a0f7a06a1a39b8b7
64dbb6966e871b27c3dbfc02f56ddcc8f9172aa4f800b5497f33e7a7251d1d05

HTTP Headers

GET /c/hotjar-2841648.js?sv=6 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=86400; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
date: Sat, 03 Sep 2022 02:55:15 GMT
cache-control: max-age=60
etag: W/4d9b30f9a9ee54b99baf24a8090bace2
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: OlzaCRjegBASAUin6XEGl2YIdHlhIjd2nZ7dPA7VK5om6SAKJTSTpA==
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?dsh=S-1894852716%3A1662173715852221&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmW9rJH5YUC-6E5LSVGZanyKywSleyyjxMdPTvnEgvYFigEtMJ6ab9qGOPpW7Ia20OUabu7L6w

216.58.207.237

403 Forbidden

66 kB

URL HTTP/2
accounts.google.com/v3/signin/identifier?dsh=S-1894852716%3A1662173715852221&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmW9rJH5YUC-6E5LSVGZanyKywSleyyjxMdPTvnEgvYFigEtMJ6ab9qGOPpW7Ia20OUabu7L6w
IP
216.58.207.237:0
ASN
#15169 GOOGLE

File type
data
Size
66 kB (66315 bytes)
Hash
61d1868b85d282afa94b4ffec8357a3b
4aa6a7f7caac5851f2fdad0f2a27f1e89da549f6
6f24a6f4e1fa627cc7eeacf5b93ffea3fa75b6a188282bd43de4478095fbf51c

HTTP Headers

GET /v3/signin/identifier?dsh=S-1894852716%3A1662173715852221&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmW9rJH5YUC-6E5LSVGZanyKywSleyyjxMdPTvnEgvYFigEtMJ6ab9qGOPpW7Ia20OUabu7L6w HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 03 Sep 2022 02:55:15 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-xvWML3n3c8ilnTpNVRjaFw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=pD9WzmdvSz2YVeQD5z0k_a55INga3yN-A-TvnRdfRqZwVsuyCQkBuElvoCA8_k-9m70vFKJT2f0TB8rpw-44zOClhQvhHl0rr0uzspwtWQxZV_OW5J2ElDyrG2jbq7L6k1lWWQ33yD_S_IQHaoo9KgPUthc2-6QljjH7HbDsWco; expires=Sun, 05-Mar-2023 02:55:15 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0fb935f05e6aaba744f686e2bb3928f9
5b8211247e237b44ddd5bc3df47063bfcac84b0e
a998f91aa98aee49510e973a892dd630395bb1af087c7dbc77b61d29bef2bf68

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 02:55:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
b1ad004f11b9c337660dfc7b6a5091de
5e017d69c3549cd9d9b33d11486989bec8500b5a
6dfad0eaa16c37e2c7c9264636adcf2b3eed1577d44df08c388a983b810121b2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4446
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 02:55:15 GMT
Last-Modified: Sat, 03 Sep 2022 01:41:09 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-165133312-2&cid=1946346750.1662173714&jid=1643252601&gjid=1264672244&_gid=2082388919.1662173714&_u=YEBAAEAAAAAAAC~&z=596860561

173.194.221.155

200 OK

1 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-165133312-2&cid=1946346750.1662173714&jid=1643252601&gjid=1264672244&_gid=2082388919.1662173714&_u=YEBAAEAAAAAAAC~&z=596860561
IP
173.194.221.155:0
ASN
#15169 GOOGLE

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-165133312-2&cid=1946346750.1662173714&jid=1643252601&gjid=1264672244&_gid=2082388919.1662173714&_u=YEBAAEAAAAAAAC~&z=596860561 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://other.landerhd.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 03 Sep 2022 02:55:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

vars.hotjar.com/box-1ada912494ba7fc7aca15fcef1c2a7ae.html

143.204.55.118

200 OK

1.0 kB

URL HTTP/2
vars.hotjar.com/box-1ada912494ba7fc7aca15fcef1c2a7ae.html
IP
143.204.55.118:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2431), with no line terminators
Size
1.0 kB (1044 bytes)
Hash
0b3d3f4206ab84d8861a8cc4b2ddbe66
4561b7c0419b65db5c1314be2143bd1734e88d89
ec42652b198c82469afbe5e6e69312a25425c1fd38d379cf3761b328ecd48e4a

HTTP Headers

GET /box-1ada912494ba7fc7aca15fcef1c2a7ae.html HTTP/1.1
Host: vars.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
content-length: 1044
date: Wed, 13 Jul 2022 08:33:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "0b3d3f4206ab84d8861a8cc4b2ddbe66"
last-modified: Wed, 13 Jul 2022 08:32:20 GMT
strict-transport-security: max-age=86400; includeSubDomains
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: QtRTZBvn9QnTAqAmF0_bzUj8LiQi9BUiBVWBoHjtWTcBH3JF2q4TjA==
age: 4472530
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0fb935f05e6aaba744f686e2bb3928f9
5b8211247e237b44ddd5bc3df47063bfcac84b0e
a998f91aa98aee49510e973a892dd630395bb1af087c7dbc77b61d29bef2bf68

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 02:55:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sca1b.amazontrust.com/

143.204.42.165

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.165:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
7a2f6cbdcf0431e51538036268d84d81
2a3800616c684e2c7faef1132bfac144bc08fbb0
3d7ff722be5d4cea31d24d5a663136230d01e4e88edbcb29ec5a3aead14f6b78

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 03 Sep 2022 02:55:16 GMT
Last-Modified: Sat, 03 Sep 2022 01:36:52 GMT
Server: ECS (nyb/1D0D)
X-Cache: Miss from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 3PSwJZBC1nh70Yw-GnDA0bxEmHT0ZukVpAso1Gw-1U31ns2PGFFvzQ==
Age: 4704

in.hotjar.com/api/v2/client/sites/2841648/visit-data?sv=6

34.251.112.219

200 OK

92 B

URL HTTP/2
in.hotjar.com/api/v2/client/sites/2841648/visit-data?sv=6
IP
34.251.112.219:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
92 B (92 bytes)
Hash
e03464b4f14a1d296cb59883ae134e96
67e8cfe5f193093e715f15ed21b071dc13c8ee3d
51f23e4ba6b1a83ad7e297301a89147870b4c73952c3ae44d9ca7babb77d9955

HTTP Headers

POST /api/v2/client/sites/2841648/visit-data?sv=6 HTTP/1.1
Host: in.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=UTF-8
Content-Length: 120
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Sep 2022 02:55:16 GMT
content-type: application/json
vary: Accept-Encoding
cache-control: no-cache, no-store
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: br
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9243
Expires: Sat, 03 Sep 2022 05:29:19 GMT
Date: Sat, 03 Sep 2022 02:55:16 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9243
Expires: Sat, 03 Sep 2022 05:29:19 GMT
Date: Sat, 03 Sep 2022 02:55:16 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9243
Expires: Sat, 03 Sep 2022 05:29:19 GMT
Date: Sat, 03 Sep 2022 02:55:16 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9243
Expires: Sat, 03 Sep 2022 05:29:19 GMT
Date: Sat, 03 Sep 2022 02:55:16 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93ac38e4-a58e-4303-b7a1-e6c19cc7f80e.jpeg

34.120.237.76

200 OK

7.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93ac38e4-a58e-4303-b7a1-e6c19cc7f80e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.3 kB (7332 bytes)
Hash
8a1a9b226f6556f7ea2f3e990e618c78
72796327f9481a7516aac1fbfd73a36d69f83626
187b68b54b976b7a1a17928e172c9726b5583b650b982eb5cd2378a4ee2aa54d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93ac38e4-a58e-4303-b7a1-e6c19cc7f80e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7332
x-amzn-requestid: b4f35a34-c467-4582-9072-954573a77ff3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XTiVBHorIAMF_Bg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63047db9-52dcb6600c9faf001774a655;Sampled=0
x-amzn-remapped-date: Tue, 23 Aug 2022 07:11:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5yft4kr6Uo9C3m4xt0BoFRarcgJDT3bjQr_c2QPBsbyw4xL6Omos3g==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 09:53:01 GMT
age: 61335
etag: "72796327f9481a7516aac1fbfd73a36d69f83626"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9669117-bdb7-4eca-9f0c-900e888a9a98.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13241 bytes)
Hash
d9ae49d397bc8300ce0eceda8175a3ad
087b7d14d84ebb179126c9dcd8964d22f24f30ab
b9daa2fc390a97a4bd622dbdec7fe0fff7e6527ffb844a46b9b87b2bd6e0f006

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9669117-bdb7-4eca-9f0c-900e888a9a98.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13241
x-amzn-requestid: 80083a05-9884-48f8-983b-d4132d7c8a0c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eMHFgPIAMF9qg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312771a-16fd2f06541cb4bc027f153f;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: sMzgVvKpAdIumqHzRtYOOYP1Yjy8oQzsn6PIo50kE_3NOlrdsCaohA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 21:49:44 GMT
age: 18332
etag: "087b7d14d84ebb179126c9dcd8964d22f24f30ab"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (6976 bytes)
Hash
c199f7fc2a2857dec134bfdb2673e28c
af3989072b658e2de119d006ae4ca1703468913d
e57411ba0221f6ffa7baf7c374ec790959a66d6a683fad40883ef01cf67e35c3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6976
x-amzn-requestid: da379546-9525-4e13-b9f0-a6446839df66
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eNeG7kIAMF4-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63127722-37399f67565b06e7111095cd;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:30 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: alcmiW5Cb3Z96RJNXfz4F54HNERbyV71Q8hqVuNEOTUc48kItzlfHQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 21:49:53 GMT
age: 18323
etag: "af3989072b658e2de119d006ae4ca1703468913d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7501 bytes)
Hash
23b580e2b673257d24b9c2e80c4c48ce
f3a3d835a37f9b23e7458f9b7bc721bc415b61cc
c0e3559fde3dd08cdbd360f39dddcc98dd7c1b3aebd0861cc07105872a116d11

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7501
x-amzn-requestid: bf297fc4-9164-45ee-bfab-06761a52e3ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eMJEP1IAMFdpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312771a-6b3e6416133d67a83d8a1469;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: datd5eYK6nOAUdEpy_y4gcqsVmCqjP4qhzTnlJ9pSrquoYk2PPugTA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 21:49:54 GMT
age: 18322
etag: "f3a3d835a37f9b23e7458f9b7bc721bc415b61cc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7dce7ca4-6ed1-4f00-8943-1ea59bc2cfd0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11776 bytes)
Hash
940d722cca434f3267ad6a1567b92e7b
8f8d5827588201a2b6aa883cbf812b0db2318df2
33c16b50e7c317df2b91def5625e8e39c8c2ecc75054ee40f82d4b22c80eb831

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7dce7ca4-6ed1-4f00-8943-1ea59bc2cfd0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11776
x-amzn-requestid: 59dcda55-4c16-4842-828d-2588c43178c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XqdN-FzkIAMFy4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630da8bf-37b930cb3e54dfa21883ead4;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 06:05:51 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lpnEYXkNqGxPiVSToeatrE1dQhERF7CIEs7nYZEJWJbAsL3dqs9SaA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 21:25:19 GMT
age: 19797
etag: "8f8d5827588201a2b6aa883cbf812b0db2318df2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.dropbox.com/login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif

162.125.71.18

200 OK

34 kB

URL HTTP/2
www.dropbox.com/login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif
IP
162.125.71.18:0
ASN
#19679 DROPBOX

File type
data
Size
34 kB (34226 bytes)
Hash
749aa08de039477d0704d1f61d0b3838
ad2c76e66d0cab71c964fdb9f1370e5bb9b821a8
e7879cf63db6dfb091ab92f494af2caab78cc7a98e21955303b711b39e8d8b43

HTTP Headers

GET /login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif HTTP/1.1
Host: www.dropbox.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: no-cache,no-cache, no-store
content-security-policy: base-uri 'self' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; connect-src https://* ws://127.0.0.1:*/ws ; default-src 'none' ; font-src https://* data: ; form-action 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; img-src https://* data: blob: ; media-src https://* blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' https://www.dropbox.com/static/api/ https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client 'nonce-wx/ftw8NmaADIGeezyuy' ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; worker-src https://www.dropbox.com/static/serviceworker/ blob:, report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-wx/ftw8NmaADIGeezyuy' 'nonce-xUWjYSpFoV9cfYYTZoDu'
referrer-policy: strict-origin-when-cross-origin
set-cookie: gvc=MjIwOTgxNjYxNTU4MzAyNTEzMDk2NDMxMzQ3MTg1ODgyNDI4MTAz; expires=Thu, 02 Sep 2027 02:55:15 GMT; HttpOnly; Path=/; SameSite=None; Secure
t=1TVcgdwXpUzdvwcf8eJkJc8M; Domain=dropbox.com; expires=Tue, 02 Sep 2025 02:55:15 GMT; HttpOnly; Path=/; SameSite=None; Secure
__Host-js_csrf=1TVcgdwXpUzdvwcf8eJkJc8M; expires=Tue, 02 Sep 2025 02:55:15 GMT; Path=/; SameSite=None; Secure
__Host-ss=eRTDFjhixc; expires=Tue, 02 Sep 2025 02:55:15 GMT; HttpOnly; Path=/; SameSite=Strict; Secure
locale=en; Domain=dropbox.com; expires=Thu, 02 Sep 2027 02:55:15 GMT; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-server-response-time: 204
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8
date: Sat, 03 Sep 2022 02:55:15 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: ab1f7a9a6fee4760a3cfa2e840dbec0d
X-Firefox-Spdy: h2

novidash.com/smartlink-css/6312c212994913464d155879?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0

188.240.52.20

200 OK

0 B

URL HTTP/2
novidash.com/smartlink-css/6312c212994913464d155879?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /smartlink-css/6312c212994913464d155879?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:18 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6ImRQN2NwRW9FMGkxbGFyTVBDMTBNUFE9PSIsInZhbHVlIjoid3NwMXhMR3BIUGJxUGJZQUxqUDJMdEZmOVZyOC9xQW04YlhRbG9yMi9vOEFUL3F6cW03dHE4SXU5c3o3WmN4bEVLYUFFYkNTL1FlWTBYWThVRkl4WTkrNEFJWktMQWtUR2d0Nm9qMU5tNWNWU045U3hRcjRWd3VJMGlhYnBhYTIiLCJtYWMiOiI0NmI1MDA1MGU1ODVhMjFkNWU5NjIyY2RiNWNiMWY1NTgwNDJkOTI2NzgzYjJlYjZiOGUzOWE5Y2VkMDc0NTZiIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:18 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IlNMSFUxcEtYME51blAwRmJVM1J6QUE9PSIsInZhbHVlIjoiS3pDUm1Gd3pMVnFiVXdqbXZ0ckhydmg1VXJzNytieXMwMURlMENET1lxUGhCUEFCOE1XUFdLaHpqdmJtWjVWajViNmhnRmg2ZzF3ZFdwTldUbm1halZBL2MrZHVwRlBkY0xDUVNycmRqNUZBK29WcWYzdXUwaEtXN3pvNnN6YloiLCJtYWMiOiIyNDhiZjA4NDk1ZDQ0NWE4ODA4ZTMwN2Y0YWFlZDYzMzdiMTI2N2VmMzg4OGYyYTcxN2U0ZTVkZWIyMjg2YjAwIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:18 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

0ee06.trknovi.com/smartlink-css/6312c212994913464d155879

188.240.52.20

200 OK

0 B

URL HTTP/2
0ee06.trknovi.com/smartlink-css/6312c212994913464d155879
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /smartlink-css/6312c212994913464d155879 HTTP/1.1
Host: 0ee06.trknovi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wumnpcku2gu4m2pii7rf3oas&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61
Cookie: XSRF-TOKEN=eyJpdiI6InRzblNVVWV0cFBURlA5MVJBL1ZBTXc9PSIsInZhbHVlIjoiVWF3cnYyVlBmVEcyMTdzZmhhcHlxM1dyOW1IdWdqNjZady9QZDAwcmN4TnlxbnZpY2tobk0vNlJrQlZ4TWJYaVFZUTZyR05WOXhMekxCM0JjS3dFUkhRMHZ0SGtyT3hwWnBPcHpveTNTMjFQdkJnUUNVK1dMUDNDNVlCS21uWGgiLCJtYWMiOiI0NDBjNGJiMzQxYTc1MTFmYjdmZDY0NmFjZWZmNTM3NmExM2EyOTBjZjA5OTJiZDMxZmFiNTI5NGNiNDgwZGYyIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6ImlCOHRGMzBwanM0UDlmSGcvSEdkTlE9PSIsInZhbHVlIjoiSHNjRDkwZ2EwcDFmdXA3cEdxNGRiQVVJajFNdy9vcTZSRWcxLzg2NWtSc3EyT0VHdkxUeUFKVERSY0wrVE5vbkt1OXZnSG5PN3oxcEpIejFGQWkzZUNIZzZiK3piT1VpS3laVmhGV3hxejh4b0UwUnAzcEUzZ01LNkxhZHVBVjYiLCJtYWMiOiJmMDZlYTM5OWYzNjE2NmJiM2UzZDE0MzQ2ZmI3YjFlNDI0ZWZhNzJjYzEzNDNmNTk0YjMzNjk5YzAzZmIxYjg4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:14 GMT
content-type: text/css; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IjVNYzlFVTRYMGZsa3F4WmFUeisvb1E9PSIsInZhbHVlIjoibklyWU5nckxXVmFCUUhPMjV5YjAzZXJmYjFicGt4d1NHZk5kRElGNVBGWXRRYlVqSktrWjlGL0daL3FQWFFnYUpzdzdpMGEvdGZVUElJbGVxU09WTGtkbXVQWmV1UVFKVEJ3MWEyZjRuUlJnZy96RTZMbmprNkFnbDQyR3hHM2MiLCJtYWMiOiJkYTliYjQwNjYxMjY4NGY1YzcyMWY4MTcxYmNiNjMzZDRiODM5NTA4YmJjYmZmZGZiNjBjZjk4OGQ2NWJjMjIxIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:14 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IjlpTU1oYWJKejR5WUJBclBYanNvenc9PSIsInZhbHVlIjoiRGRZL1pSQVk0cGk5TkdGaFJ0SzF1MXdTcFhlY0NaMjUwMDVpSm8zSlFRd25kaDlqakRIZzQxREdwcjBjTFAvR1g4Z0dpQ2krdnFkKy9CTE01cmltQkJEVUtnZGFkMVdYUE1KN1FSbFhhdTZIOU9CelIyMWdzeVJtbDFyNDhCSmoiLCJtYWMiOiI1OGU3NmI2NjM4MzNhNTE0ZDBhODI4MzhjZWFjOWM3NDU0Y2I0NzZkOTQ1ZDc4MTgzYjE2ZWJjOWFmMmUwMGNlIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:14 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

0ee06.trknovi.com/smartlink?mongo_id=6312c212994913464d155879&mongo_grouped_id=6312bf94d058792a2663b3b7&redirect_url=https%3A%2F%2Fother.landerhd.com%2F899637196&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMjgwLCJvdXRlckhlaWdodCI6MTAyNCwiY29sb3JEZXB0aCI6MjQsImRldmljZU1lbW9yeSI6MCwiaGFyZHdhcmVDb25jdXJyZW5jeSI6MTYsInN0YW5kYWxvbmUiOjAsInRpbWV6b25lIjoiVVRDIiwibGFuZ3VhZ2UiOiJlbi1VUyIsImxhbmd1YWdlcyI6WyJlbi1VUyIsImVuIl0sInBsYXRmb3JtIjoiTGludXggeDg2XzY0IiwidG91Y2giOjAsImlmcmFtZSI6MCwiZXZhbCI6MzcsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wIiwib3ZlcnJpZGUiOjEsImR1cmF0aW9uIjozMn0=&js=1

188.240.52.20

302 Found

0 B

URL HTTP/2
0ee06.trknovi.com/smartlink?mongo_id=6312c212994913464d155879&mongo_grouped_id=6312bf94d058792a2663b3b7&redirect_url=https%3A%2F%2Fother.landerhd.com%2F899637196&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMjgwLCJvdXRlckhlaWdodCI6MTAyNCwiY29sb3JEZXB0aCI6MjQsImRldmljZU1lbW9yeSI6MCwiaGFyZHdhcmVDb25jdXJyZW5jeSI6MTYsInN0YW5kYWxvbmUiOjAsInRpbWV6b25lIjoiVVRDIiwibGFuZ3VhZ2UiOiJlbi1VUyIsImxhbmd1YWdlcyI6WyJlbi1VUyIsImVuIl0sInBsYXRmb3JtIjoiTGludXggeDg2XzY0IiwidG91Y2giOjAsImlmcmFtZSI6MCwiZXZhbCI6MzcsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wIiwib3ZlcnJpZGUiOjEsImR1cmF0aW9uIjozMn0=&js=1
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /smartlink?mongo_id=6312c212994913464d155879&mongo_grouped_id=6312bf94d058792a2663b3b7&redirect_url=https%3A%2F%2Fother.landerhd.com%2F899637196&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMjgwLCJvdXRlckhlaWdodCI6MTAyNCwiY29sb3JEZXB0aCI6MjQsImRldmljZU1lbW9yeSI6MCwiaGFyZHdhcmVDb25jdXJyZW5jeSI6MTYsInN0YW5kYWxvbmUiOjAsInRpbWV6b25lIjoiVVRDIiwibGFuZ3VhZ2UiOiJlbi1VUyIsImxhbmd1YWdlcyI6WyJlbi1VUyIsImVuIl0sInBsYXRmb3JtIjoiTGludXggeDg2XzY0IiwidG91Y2giOjAsImlmcmFtZSI6MCwiZXZhbCI6MzcsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wIiwib3ZlcnJpZGUiOjEsImR1cmF0aW9uIjozMn0=&js=1 HTTP/1.1
Host: 0ee06.trknovi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjVNYzlFVTRYMGZsa3F4WmFUeisvb1E9PSIsInZhbHVlIjoibklyWU5nckxXVmFCUUhPMjV5YjAzZXJmYjFicGt4d1NHZk5kRElGNVBGWXRRYlVqSktrWjlGL0daL3FQWFFnYUpzdzdpMGEvdGZVUElJbGVxU09WTGtkbXVQWmV1UVFKVEJ3MWEyZjRuUlJnZy96RTZMbmprNkFnbDQyR3hHM2MiLCJtYWMiOiJkYTliYjQwNjYxMjY4NGY1YzcyMWY4MTcxYmNiNjMzZDRiODM5NTA4YmJjYmZmZGZiNjBjZjk4OGQ2NWJjMjIxIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6IjlpTU1oYWJKejR5WUJBclBYanNvenc9PSIsInZhbHVlIjoiRGRZL1pSQVk0cGk5TkdGaFJ0SzF1MXdTcFhlY0NaMjUwMDVpSm8zSlFRd25kaDlqakRIZzQxREdwcjBjTFAvR1g4Z0dpQ2krdnFkKy9CTE01cmltQkJEVUtnZGFkMVdYUE1KN1FSbFhhdTZIOU9CelIyMWdzeVJtbDFyNDhCSmoiLCJtYWMiOiI1OGU3NmI2NjM4MzNhNTE0ZDBhODI4MzhjZWFjOWM3NDU0Y2I0NzZkOTQ1ZDc4MTgzYjE2ZWJjOWFmMmUwMGNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 302 Found
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:14 GMT
content-type: text/html; charset=UTF-8
location: https://other.landerhd.com/899637196
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6Im00VStUdjhCeDdZelRWRDU0VHd0ZGc9PSIsInZhbHVlIjoiNXR0SndoTUZubC9zeE0xckY4SVFYaU1mbjBLUitBS20xOEt0cXhpbnlZcWVZejVyNkJRWW5EcXhpdC8zc1lRcVlKcUd4QmM1WUJSVWwvcWU0Rk41NC95VnBRNFlyY2FpVWdpa2RwRDZ5VWgzam5tYkY2UUM0Sm1zUXdPN3IyYVMiLCJtYWMiOiIzODgxZjg2ZjU0NjBmZGUwMTA1ZDY2MDllNzA3OGIwYTczYTNhNDAwNjc2YWZkODFkN2M2NGUxNWM1NmVmMGNmIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:14 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6Iks3SFZ3bVFoa2hydkpJenU0anBjanc9PSIsInZhbHVlIjoiN3g4UmNoOTk5U2lSaUtrN1d5QzdtMnRiR01obG9wdHd1OHhmNFRZWjc1RDV4VCtRZHREMDFLSlM3UlBvWXA5RmdRKzJyQ3ZKZk5kL01MUDY2UjlDellUWk8rYzg0Z3YrQnFXWUNnek5RVUErdk85SjdBdDVIaGRNSENlSUZjeWoiLCJtYWMiOiI2NzE1NjI3Y2ExZjAwNzU0M2Y2ZTRjNWIxY2Q5YjNlNjY0Mjc5MDllMGRkMGNhZDE1NTRmN2YyNGQ2MmRhOGNlIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:14 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

www.spotify.com/de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico

35.186.224.25

302 Found

0 B

URL HTTP/2
www.spotify.com/de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico
IP
35.186.224.25:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico HTTP/1.1
Host: www.spotify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Sat, 03 Sep 2022 02:55:15 GMT
x-powered-by: Express
set-cookie: sp_usid=af354575-f3ec-456d-b6d5-58331f3b1b4f; Max-Age=1800; Domain=spotify.com; Path=/; Secure
sp_m=de; Path=/; Domain=.spotify.com; Max-Age=115516800; Expires=Sat, 02 May 2026 02:55:15 GMT; Secure; HttpOnly; SameSite=Lax
sp_t=cd187d17-be84-4747-8e1e-765bd04fae6d; Path=/; Domain=.spotify.com; Max-Age=31536000; Expires=Sun, 03 Sep 2023 02:55:15 GMT; Secure
sp_new=1; Path=/; Domain=.spotify.com; Max-Age=86400; Expires=Sun, 04 Sep 2022 02:55:15 GMT; Secure
sp_landing=https%3A%2F%2Fwww.spotify.com%2Fde%2Flogin%2F; Path=/; Domain=.spotify.com; Max-Age=86400; Expires=Sun, 04 Sep 2022 02:55:15 GMT; Secure; HttpOnly
location: https://accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE
content-security-policy: base-uri 'none'; connect-src https: wss:; form-action https:; frame-ancestors 'self' https://*.spotify.com https://*.spotify.net; object-src 'none'
x-join-the-band: https://www.spotify.com/jobs/
sp-trace-id: 632cbd3d0252ec19
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
vary: Accept-Encoding
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE

35.186.224.25

200 OK

0 B

URL HTTP/2
accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE
IP
35.186.224.25:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE HTTP/1.1
Host: accounts.spotify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 03 Sep 2022 02:55:15 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
x-frame-options: deny
set-cookie: __Host-device_id=AQCQpqToQFMjbO2UsShKMSYwNj7Mum9BWAejnKlcW882ruYIBDxnAXJa-y_KUl2e1qiRZTvXyNuZ0cUC2O-eDAUSFClG8cSuPQ0;Version=1;Path=/;Max-Age=2147483647;Secure;HttpOnly;SameSite=Lax
__Secure-TPASESSION=AQBTuUdbDdt2uDvPrj0gfn7kR32Jeubjuc8xQ1H65V8BXtSLfxHSQkU1LfKXfJdcEKKc27dNuvC8YE/2vUFUJiWLrCmk2Z/XzLw=;Version=1;Domain=accounts.spotify.com;Path=/;Secure;HttpOnly;SameSite=None
sp_sso_csrf_token=013acda719309b397e7ca091c28a672e646e2bf8af31363632313733373135343232;Version=1;Domain=accounts.spotify.com;Path=/;Secure;SameSite=Lax
sp_tr=false;Version=1;Domain=accounts.spotify.com;Path=/;Secure;SameSite=Lax
__Host-sp_csrf_sid=78ccf50e188853056911a25c5abf8f3b3d88e72d4b21d94fab6c48655176aa55; Path=/; HttpOnly; Secure; Expires=2022-09-3 03:55:15.422; Max-Age=3600; SameSite=Lax
content-security-policy: default-src 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.cookielaw.org/scripttemplates/ https://*.onetrust.com https://accounts.scdn.co; img-src 'self' https://i.imgur.com https://d2mv8tnci56s9d.cloudfront.net https://profile-images.scdn.co https://*.scdn.co https://graph.facebook.com https://fbcdn-profile-a.akamaihd.net https://*.fbcdn.net https://platform-lookaside.fbsbx.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net data: https://accounts.scdn.co; font-src 'self' data: https://sp-bootstrap.global.ssl.fastly.net https://fonts.gstatic.com https://*.scdn.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css2; frame-src 'self' https://www.spotify.com https://www.google.com https://app.adjust.com https://itunes.apple.com itms-apps: https://www.google.com/recaptcha/; connect-src 'self' https://*.spotify.com https://www.google-analytics.com https://*.ingest.sentry.io/;
x-content-security-policy: default-src 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.cookielaw.org/scripttemplates/ https://*.onetrust.com https://accounts.scdn.co; img-src 'self' https://i.imgur.com https://d2mv8tnci56s9d.cloudfront.net https://profile-images.scdn.co https://*.scdn.co https://graph.facebook.com https://fbcdn-profile-a.akamaihd.net https://*.fbcdn.net https://platform-lookaside.fbsbx.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net data: https://accounts.scdn.co; font-src 'self' data: https://sp-bootstrap.global.ssl.fastly.net https://fonts.gstatic.com https://*.scdn.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css2; frame-src 'self' https://www.spotify.com https://www.google.com https://app.adjust.com https://itunes.apple.com itms-apps: https://www.google.com/recaptcha/; connect-src 'self' https://*.spotify.com https://www.google-analytics.com https://*.ingest.sentry.io/;
sp-trace-id: a7099648cd366c5a
content-encoding: gzip
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.7.2/css/all.css

172.67.169.247

200 OK

0 B

URL HTTP/2
use.fontawesome.com/releases/v5.7.2/css/all.css
IP
172.67.169.247:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /releases/v5.7.2/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Sep 2022 02:55:15 GMT
content-type: text/css
x-amz-id-2: 5NP8+xqRh1FzZXuC3zm1osHKfH9eWYVU3hULOnty9foAbYVoWS+RrTgF3GpHTQPZ4zo7NrfhwaQ=
x-amz-request-id: FGM1ZV7T0WW9J2JQ
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:57 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 2113406
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NsrYouuc7sI%2FT6SW7GPRg3gqU2C%2FZcqw9GJhgEfCt9rV4uKE7uqWXRIBI%2Bv1UMCJa04PIzgDKK4%2FIbdfcVoRR1jsJ9wprLWpfLLflyEI6vb%2BvTV0F9h0rD8SVAyZTblVDurOwM1C"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 744b3496fb621bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

novidash.com/smartlink-css/6312c212994913464d155879?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0

188.240.52.20

200 OK

0 B

URL HTTP/2
novidash.com/smartlink-css/6312c212994913464d155879?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /smartlink-css/6312c212994913464d155879?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:16 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6InczcTYvVTlkZGZvQ3VwaC9xNXdobmc9PSIsInZhbHVlIjoiWEZSWlFSVmpWdTdPRk9mV2xCWnRDWEYybXhjbTlRRW9XNE95azJYR0ZML2ZmZkg4Vyt0V21RbCtYb2tDbXlnZytJS1pBVnU0MmdOS2RRald0ZjBsemtDaUMwYWtsZk9VcGFQSEZCRkJIcnE2bk5zeUtaM3RzMzVxRnF2bWFZcDYiLCJtYWMiOiIxM2I5ZTc3NDBmNjYyMTFlNjhjYWQwZjNjNGRhM2Q3NmQyODZlYWFiNjBlZjEyNTNlOTAwZmFhM2QyOTY0NGIzIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:16 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IlRFS09nbit1VnFYa3A4d3lrSmNKcVE9PSIsInZhbHVlIjoiRnNNdW54bzJVb21ndjFzUW5ZRmgzbitSS215SE16SjQ0QmVwMEQwYngzS0FFaSs5bGYxaHdHRXRnMHdmMm9INzNGTjlrWGtjSnJYN3pORms3YTFmbW1HQ3k5aDFsYUozT3JPVkZqdmwzaGtETVo1S0l6WWF2R1JONzAwc0JndTYiLCJtYWMiOiJmMGMxYTM3NmEzNjVmZWQ2ZWNhYWZkZTUzMThmNjI2NGY3NTcyMWRiYjNiNmY2M2UzYjc1OTcxMmJhNGYzMDY5IiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:16 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

novidash.com/smartlink-css/6312c212994913464d155879

188.240.52.20

200 OK

0 B

URL HTTP/2
novidash.com/smartlink-css/6312c212994913464d155879
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /smartlink-css/6312c212994913464d155879 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 352
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:15 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IkRUd3lENitwMFNFb2ZvMEdwNnhzL3c9PSIsInZhbHVlIjoiT1FOcXEwVklRMzVxMEpiaElRa0VoOWE2ZlVsanlvMmFVMGk0bG43MUtpYnk2bUpKMmtidktnalN0NCs5aUlGVFp6MndxZ3JJbTFmR043NG44UVl6OTN5Nk1oQWZuOFlEZ29OZkpxUU5PclBsS2FqYzVYckNxeDhtREJJaVJGNVUiLCJtYWMiOiI5OTgxNGFlZDEzNmJhMTA0YTBlMDg3NWJhMTFmNTdiZTdkNThiZTA0ZWI4ZTkwMzg3NGU2ZjZjOWFjYzAyZDA3IiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:15 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6ImNZQ1FpMFdxOWlmTTVNVUQraGRSTkE9PSIsInZhbHVlIjoiVzBpWkMvUlFBN0tFZ1B4RlRlTWNpenRFTVYrWHNMTXp3WW9tdnVMdHVqelJWQmpndmlYdzRJUmVpdDFnMlZab1Byb1FJazlFejRpc2xFL1ZhcUZQQmZNWlFEMGEwa01LL1llSUdQYk50Q3NGTVJjUEVpU1ZiS0RlSTMvMmJCMnoiLCJtYWMiOiI2ODU0NjdlNGM4ZmE4ZGNjODVlNGRkYmM0NzM4YmJmY2MwY2NhMzg0OWM1MTM3ZDExMjFiOTYwNDYyNWQwNTdmIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:15 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp

31.13.72.36

200 OK

0 B

URL HTTP/2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP
31.13.72.36:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: hlJ2VuJj6XENaQC4d2skGs7Q+avVUvdiDa0hI46CSJQ64CheVWz5/jGyOlVUMBcVqFnBjWl/IMWTTyLuWDMhUQ==
date: Sat, 03 Sep 2022 02:55:15 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wumnpcku2gu4m2pii7rf3oas&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61

188.240.52.20

200 OK

0 B

URL HTTP/2
0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wumnpcku2gu4m2pii7rf3oas&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wumnpcku2gu4m2pii7rf3oas&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61 HTTP/1.1
Host: 0ee06.trknovi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:14 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6InRzblNVVWV0cFBURlA5MVJBL1ZBTXc9PSIsInZhbHVlIjoiVWF3cnYyVlBmVEcyMTdzZmhhcHlxM1dyOW1IdWdqNjZady9QZDAwcmN4TnlxbnZpY2tobk0vNlJrQlZ4TWJYaVFZUTZyR05WOXhMekxCM0JjS3dFUkhRMHZ0SGtyT3hwWnBPcHpveTNTMjFQdkJnUUNVK1dMUDNDNVlCS21uWGgiLCJtYWMiOiI0NDBjNGJiMzQxYTc1MTFmYjdmZDY0NmFjZWZmNTM3NmExM2EyOTBjZjA5OTJiZDMxZmFiNTI5NGNiNDgwZGYyIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:14 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6ImlCOHRGMzBwanM0UDlmSGcvSEdkTlE9PSIsInZhbHVlIjoiSHNjRDkwZ2EwcDFmdXA3cEdxNGRiQVVJajFNdy9vcTZSRWcxLzg2NWtSc3EyT0VHdkxUeUFKVERSY0wrVE5vbkt1OXZnSG5PN3oxcEpIejFGQWkzZUNIZzZiK3piT1VpS3laVmhGV3hxejh4b0UwUnAzcEUzZ01LNkxhZHVBVjYiLCJtYWMiOiJmMDZlYTM5OWYzNjE2NmJiM2UzZDE0MzQ2ZmI3YjFlNDI0ZWZhNzJjYzEzNDNmNTk0YjMzNjk5YzAzZmIxYjg4IiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:14 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

other.landerhd.com/899637196

188.240.52.20

200 OK

0 B

URL HTTP/2
other.landerhd.com/899637196
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /899637196 HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:14 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6Ijg2NU96Qk9SSjE0NUlKR0piZWxpdnc9PSIsInZhbHVlIjoiMi9UUGkxTUZwQzRLQUI0WkRXQzFnd2hlN2tIaTVEMFVwOTFML09WaXJCVzRlRDljUVlYdXBJemt5eFJ4RUN5WG1RQWw0VmlmeElHbTdidkF2WVNzSnZxaFhSMGlTUU1PdTZpbDJXR1JqSTZqcjRQbG9ETEI0WXNwQUxtZVE3cDUiLCJtYWMiOiI3ODE3MTViZTgyMWRjYTc1M2IxZDQ0MjYyNzI4MzRiMDczZmI0MjYxZjA5OWRkZGFlMTFjYTkxMDIzNWFlNjQ0IiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:14 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6Ikpvb0VFZVNRSHNvNlJEUW1tcTREU0E9PSIsInZhbHVlIjoiVjl4MVIzMDFnQTQ0bUhuV2xkSVR0S25YZWdIbW9NVHZiWFpoM0REVFp6QnNlaFEyZEZyNHNtelZlbUpjOW05MmRmY3NwTFFGVldJblJmcnNLK01uK0lrcG9aVGRwUW54K2VtRUxIWldaVmNhTklPSlNZMi9FUHZaWmlqWitGMEwiLCJtYWMiOiJiYzM4NjhkOTUwY2RkYmM3NDgwM2Q5ZjBlOWY4YzEwN2MzOWViOWU2MWQwODAwOTUwZmM5ZWIzY2MwMGEwMzVmIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:14 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

novidash.com/smartlink-css/6312c212994913464d155879?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0

188.240.52.20

200 OK

0 B

URL HTTP/2
novidash.com/smartlink-css/6312c212994913464d155879?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP
188.240.52.20:0
ASN
#20857 Signet B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /smartlink-css/6312c212994913464d155879?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:17 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IjBjQk1reVRScFVISDJObit3dStZN3c9PSIsInZhbHVlIjoiaFE5T1dXbFBydXBMaThwajkrK3U2WWJnWEtsd2cwVWw0QSt1eEVEemt6TmZWbU1YYVBjRXVCUDdqendqc3VCQ2lldVVsQjMxVzhUVk56OWp4aGdPYzh4WjdqWHBzZ3FnWkNnYVVhWjJMZklGcGxBMU5yM0Y5Vkl4Y2VhNUNQT1YiLCJtYWMiOiJkMWJiMDdmNzFlMjc2Nzg2YWYxOTI4ODNkZTdmNmQ4ZDk1NDg5YTU1YjgwNmE1ZGM3NGU2MzI5NjFjOTkxN2U5IiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:17 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IlpaUmVTcUp2OFNlMFV3UElTRnFRTkE9PSIsInZhbHVlIjoic2xLYjBzOXVYaVRNYXFzVEVnM0hROWRmRTlTRmV0TjgxTkZkTUxtcHR5Rm0xaWRVcXAxYm0rSiswNU8yeGhaeURENURNOTVxVXpIei9pL2U3WnBQc1NBZGJWR1g1ODM2Z1cyOXhjdEh2eGR6U3E2c3lhMnR6ckFYYjBjUHJVSzgiLCJtYWMiOiIyNWM4MGRlMjFhZGVlZjM5OWZmMTY4ZjczMWRkZjBmODJkMGFjZGJlYTc3MTFmMTFiZGE5N2FhNTUzZDU5MzdhIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:17 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML