dratingmaject.com/9f961cb1-cf52-4303-9131-56622bd15a1c
18.195.149.11302 0 B URL HTTP/1.1 dratingmaject.com/9f961cb1-cf52-4303-9131-56622bd15a1c
IP 18.195.149.11:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /9f961cb1-cf52-4303-9131-56622bd15a1c HTTP/1.1
Host: dratingmaject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Server: nginx
Date: Sat, 03 Sep 2022 02:55:13 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wumnpcku2gu4m2pii7rf3oas&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61
Pragma: no-cache
Set-Cookie: 9f961cb1-cf52-4303-9131-56622bd15a1c-v4=opaOZmZ8k1l3t50SkyRFVd9CxaOw9BwHFKDjAiT7T6Y; Max-Age=86400; Expires=Sun, 04-Sep-2022 02:55:13 GMT; Domain=dratingmaject.com; Path=/; HttpOnly
cc-v4=6ts2yeMIv%2FK4uTaoYtlvfA48Wx%2BmM6ZtdwvdlGr%2FyH4pCrZAYMTtsVYItwZISADEEz6ixcHhjubzz4Ou9ItkDimgpCWMyddAyr%2F0f69XDGVzNhvoBbQ%2F8NQQuTAH9r2YOfin5U1WRuaBgBSmLNhcWg%3D%3D; Max-Age=31536000; Expires=Sun, 03-Sep-2023 02:55:13 GMT; Domain=dratingmaject.com; Path=/; HttpOnly
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 03 Sep 2022 02:42:45 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 1GQKwGEct93PclHmLyThED4ZDJMTLACeGVqmpn6oyNq3pKNnDbgz_A==
Age: 749
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bcdebf7a2bad5db595e8a0c1abb2ddcb
249dda2fa5e37b8a8f3a8c797193bf0874b6eedc
9b43ec48b16f96449208a0094c4d660806a2a2d344b5862dbff4c393bf3f9f9f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B43EC48B16F96449208A0094C4D660806A2A2D344B5862DBFF4C393BF3F9F9F"
Last-Modified: Thu, 01 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14493
Expires: Sat, 03 Sep 2022 06:56:47 GMT
Date: Sat, 03 Sep 2022 02:55:14 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 03 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: dx5NzQdL8yfsY61L3oC6hTuEsp5nSgVBYz3Pr4D6q_9jecs1liw27g==
age: 5997
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 02:55:14 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 03 Sep 2022 02:38:17 GMT
Cache-Control: max-age=3600
Expires: Sat, 03 Sep 2022 03:29:34 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: RcPznDIQp88azK2DmhrlFYpZhI9TqHzO6W5G1Mjw3i_KBKFE-FPCtQ==
Age: 1018
cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js
151.101.85.229200 OK 14 kB URL HTTP/2 cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js
IP 151.101.85.229:0
File type Unicode text, UTF-8 text, with very long lines (33348)
Hash e7b94e944315bb48c9b9820ad324718d
f77317565b6243287bd3ee74fe96a9632fef559a
4c8e188a605e3090b34c87622bf7038d6699cb06af2f242eb77843ff3966f97a
GET /npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.3.5
x-jsd-version-type: version
etag: W/"8392-Rfi4DUKsZmgOw+7TcNmFhcx8ixc"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Sep 2022 02:55:15 GMT
age: 6712
x-served-by: cache-fra19145-FRA, cache-bma1648-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 14137
X-Firefox-Spdy: h2
other.landerhd.com/landingpages/mcafee/os_versions.png
188.240.52.20200 OK 3.1 kB URL HTTP/2 other.landerhd.com/landingpages/mcafee/os_versions.png
IP 188.240.52.20:0
File type PNG image data, 135 x 26, 8-bit/color RGBA, interlaced\012- data
Hash e662ac219b9626c6488250a2b09640c5
45636878adece610ed4d2c44bb177ac53e68adfb
cb28be8a2c6c7ef36afd59c211b5a1f50ad26229c14ae714c39df687c96ab823
GET /landingpages/mcafee/os_versions.png HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/899637196
Cookie: XSRF-TOKEN=eyJpdiI6Ijg2NU96Qk9SSjE0NUlKR0piZWxpdnc9PSIsInZhbHVlIjoiMi9UUGkxTUZwQzRLQUI0WkRXQzFnd2hlN2tIaTVEMFVwOTFML09WaXJCVzRlRDljUVlYdXBJemt5eFJ4RUN5WG1RQWw0VmlmeElHbTdidkF2WVNzSnZxaFhSMGlTUU1PdTZpbDJXR1JqSTZqcjRQbG9ETEI0WXNwQUxtZVE3cDUiLCJtYWMiOiI3ODE3MTViZTgyMWRjYTc1M2IxZDQ0MjYyNzI4MzRiMDczZmI0MjYxZjA5OWRkZGFlMTFjYTkxMDIzNWFlNjQ0IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Ikpvb0VFZVNRSHNvNlJEUW1tcTREU0E9PSIsInZhbHVlIjoiVjl4MVIzMDFnQTQ0bUhuV2xkSVR0S25YZWdIbW9NVHZiWFpoM0REVFp6QnNlaFEyZEZyNHNtelZlbUpjOW05MmRmY3NwTFFGVldJblJmcnNLK01uK0lrcG9aVGRwUW54K2VtRUxIWldaVmNhTklPSlNZMi9FUHZaWmlqWitGMEwiLCJtYWMiOiJiYzM4NjhkOTUwY2RkYmM3NDgwM2Q5ZjBlOWY4YzEwN2MzOWViOWU2MWQwODAwOTUwZmM5ZWIzY2MwMGEwMzVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:15 GMT
content-type: image/png
content-length: 3073
last-modified: Wed, 31 Aug 2022 12:57:34 GMT
etag: "630f5abe-c01"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js
151.101.85.229200 OK 3.1 kB URL HTTP/2 cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js
IP 151.101.85.229:0
File type ASCII text, with very long lines (8836)
Hash b066530dd980f68abf6d92414bc4c7ed
34ad41df121cf682a0471d60e19ca4590fb5314f
b494f22ff0e7d3f34e58eed4232718aec04e61857777fff1bee495f488a52084
GET /npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.1.20
x-jsd-version-type: version
etag: W/"2349-ZoOIlhfcFugXpJwXzjjzWO/fFjg"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 03 Sep 2022 02:55:15 GMT
age: 20303
x-served-by: cache-fra19148-FRA, cache-bma1648-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 3067
X-Firefox-Spdy: h2
other.landerhd.com/landingpages/mcafee/360.png
188.240.52.20200 OK 38 kB URL HTTP/2 other.landerhd.com/landingpages/mcafee/360.png
IP 188.240.52.20:0
File type PNG image data, 125 x 168, 8-bit/color RGBA, non-interlaced\012- data
Hash 15f432f9006e7256a9452bdd27835619
7042133d844e198542a7cc1fadcc513059130fe6
010ba660952072e4c859f26dd1f74bc21cc2d7bdbf7c37b90d9e3ed279ad500f
GET /landingpages/mcafee/360.png HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/899637196
Cookie: XSRF-TOKEN=eyJpdiI6Ijg2NU96Qk9SSjE0NUlKR0piZWxpdnc9PSIsInZhbHVlIjoiMi9UUGkxTUZwQzRLQUI0WkRXQzFnd2hlN2tIaTVEMFVwOTFML09WaXJCVzRlRDljUVlYdXBJemt5eFJ4RUN5WG1RQWw0VmlmeElHbTdidkF2WVNzSnZxaFhSMGlTUU1PdTZpbDJXR1JqSTZqcjRQbG9ETEI0WXNwQUxtZVE3cDUiLCJtYWMiOiI3ODE3MTViZTgyMWRjYTc1M2IxZDQ0MjYyNzI4MzRiMDczZmI0MjYxZjA5OWRkZGFlMTFjYTkxMDIzNWFlNjQ0IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Ikpvb0VFZVNRSHNvNlJEUW1tcTREU0E9PSIsInZhbHVlIjoiVjl4MVIzMDFnQTQ0bUhuV2xkSVR0S25YZWdIbW9NVHZiWFpoM0REVFp6QnNlaFEyZEZyNHNtelZlbUpjOW05MmRmY3NwTFFGVldJblJmcnNLK01uK0lrcG9aVGRwUW54K2VtRUxIWldaVmNhTklPSlNZMi9FUHZaWmlqWitGMEwiLCJtYWMiOiJiYzM4NjhkOTUwY2RkYmM3NDgwM2Q5ZjBlOWY4YzEwN2MzOWViOWU2MWQwODAwOTUwZmM5ZWIzY2MwMGEwMzVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:15 GMT
content-type: image/png
content-length: 38110
last-modified: Wed, 31 Aug 2022 12:57:28 GMT
etag: "630f5ab8-94de"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
other.landerhd.com/landingpages/mcafee/logo.png
188.240.52.20200 OK 30 kB URL HTTP/2 other.landerhd.com/landingpages/mcafee/logo.png
IP 188.240.52.20:0
File type PNG image data, 1280 x 257, 8-bit/color RGBA, non-interlaced\012- data
Hash 26740ccd6ca2d5d3542f4b0d540bd30c
13c7ccbb771765399a7aeb351a9c8d79e668c480
9db2bed7f1778805e72f7f079f0b8789eaf039e3d9124145d2e88dab53e22ae2
GET /landingpages/mcafee/logo.png HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/899637196
Cookie: XSRF-TOKEN=eyJpdiI6Ijg2NU96Qk9SSjE0NUlKR0piZWxpdnc9PSIsInZhbHVlIjoiMi9UUGkxTUZwQzRLQUI0WkRXQzFnd2hlN2tIaTVEMFVwOTFML09WaXJCVzRlRDljUVlYdXBJemt5eFJ4RUN5WG1RQWw0VmlmeElHbTdidkF2WVNzSnZxaFhSMGlTUU1PdTZpbDJXR1JqSTZqcjRQbG9ETEI0WXNwQUxtZVE3cDUiLCJtYWMiOiI3ODE3MTViZTgyMWRjYTc1M2IxZDQ0MjYyNzI4MzRiMDczZmI0MjYxZjA5OWRkZGFlMTFjYTkxMDIzNWFlNjQ0IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Ikpvb0VFZVNRSHNvNlJEUW1tcTREU0E9PSIsInZhbHVlIjoiVjl4MVIzMDFnQTQ0bUhuV2xkSVR0S25YZWdIbW9NVHZiWFpoM0REVFp6QnNlaFEyZEZyNHNtelZlbUpjOW05MmRmY3NwTFFGVldJblJmcnNLK01uK0lrcG9aVGRwUW54K2VtRUxIWldaVmNhTklPSlNZMi9FUHZaWmlqWitGMEwiLCJtYWMiOiJiYzM4NjhkOTUwY2RkYmM3NDgwM2Q5ZjBlOWY4YzEwN2MzOWViOWU2MWQwODAwOTUwZmM5ZWIzY2MwMGEwMzVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:15 GMT
content-type: image/png
content-length: 30211
last-modified: Wed, 31 Aug 2022 12:57:28 GMT
etag: "630f5ab8-7603"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.21.226:0
Hash 1e44fe5b89483e5daff984f8c320bfdd
4ed24dcc9f1a080d7493ae1aec94d301c0efa704
466b103965e99dbbac6220f0033cfa949775654842dbf9dc4a107a6db1ba5a1b
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 02:55:15 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "F44941A94EFB69688F9D98AA87B5FC757AE6BAC0"
Expires: Sat, 03 Sep 2022 14:00:00 GMT
Last-Modified: Sat, 03 Sep 2022 02:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 265
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 744b34974d260b69-OSL
use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff2
172.67.169.247200 OK 74 kB URL HTTP/2 use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff2
IP 172.67.169.247:0
File type Web Open Font Format (Version 2), TrueType, length 74348, version 329.31064\012- data
Hash 462806316fea535a6a57651bc2b000b0
80644191098f863f25be27841c0d92c452cf2327
4f9ee3d8f6e621642979e6a8f7e75c57cb9da34918cc08a38abfe178dbae1dd2
GET /releases/v5.7.2/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 02:55:15 GMT
content-type: font/woff2
content-length: 74348
x-amz-id-2: 3/jdcpXI5+xJK7nwn8d2HdkJXJ8r1+io6huMQ4QXh7pg2id0g0n3j3YsvIgin01B5xYbhPbKRn0=
x-amz-request-id: JK0848QW7EBGRV95
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:46:18 GMT
etag: "462806316fea535a6a57651bc2b000b0"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 24685
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gh58UNA5Y7xOs1dFBeNXukZe6vedhnisNyI9HgTi47MEcPVZaHGxotL7zcjievHxHGPJdJsJ2NACibliMycHWj0W0g34RpcQYSuqxmcAIC%2BmU3fruEfbLrHUEgsQV6ELSnNL48cG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 744b3497cbc71bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 21daf45cdda2eb462873226bb5c1f0fb
4d4621bbf1461f35f7e536c1dbd9de71978ffa23
8164c742d013bdc2836cac1167acfe482547347ab6a1daefa15475f694dae057
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4295
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 02:55:15 GMT
Last-Modified: Sat, 03 Sep 2022 01:43:40 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
other.landerhd.com/landingpages/mcafee/bg.jpg
188.240.52.20200 OK 130 kB URL HTTP/2 other.landerhd.com/landingpages/mcafee/bg.jpg
IP 188.240.52.20:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x613, components 3\012- data
Size 130 kB (129948 bytes)
Hash 444f46588f202bb38dceb8191f606f3e
f4eb55005df6be8068bb9c78d7fc0cd70651a1dc
86102483f8cb9a2d5bd4771914f960e1ea0bf6b1866aa1c2b86f75a1018b94ce
GET /landingpages/mcafee/bg.jpg HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/899637196
Cookie: XSRF-TOKEN=eyJpdiI6Ijg2NU96Qk9SSjE0NUlKR0piZWxpdnc9PSIsInZhbHVlIjoiMi9UUGkxTUZwQzRLQUI0WkRXQzFnd2hlN2tIaTVEMFVwOTFML09WaXJCVzRlRDljUVlYdXBJemt5eFJ4RUN5WG1RQWw0VmlmeElHbTdidkF2WVNzSnZxaFhSMGlTUU1PdTZpbDJXR1JqSTZqcjRQbG9ETEI0WXNwQUxtZVE3cDUiLCJtYWMiOiI3ODE3MTViZTgyMWRjYTc1M2IxZDQ0MjYyNzI4MzRiMDczZmI0MjYxZjA5OWRkZGFlMTFjYTkxMDIzNWFlNjQ0IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Ikpvb0VFZVNRSHNvNlJEUW1tcTREU0E9PSIsInZhbHVlIjoiVjl4MVIzMDFnQTQ0bUhuV2xkSVR0S25YZWdIbW9NVHZiWFpoM0REVFp6QnNlaFEyZEZyNHNtelZlbUpjOW05MmRmY3NwTFFGVldJblJmcnNLK01uK0lrcG9aVGRwUW54K2VtRUxIWldaVmNhTklPSlNZMi9FUHZaWmlqWitGMEwiLCJtYWMiOiJiYzM4NjhkOTUwY2RkYmM3NDgwM2Q5ZjBlOWY4YzEwN2MzOWViOWU2MWQwODAwOTUwZmM5ZWIzY2MwMGEwMzVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:15 GMT
content-type: image/jpeg
content-length: 129948
last-modified: Wed, 31 Aug 2022 12:57:35 GMT
etag: "630f5abf-1fb9c"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c1a01f2cba7e7e007ac9a6e0b25b0de3
8ec0cf6b3d01df0e258a6d527671d764e27424ae
fb33e31198b514ff406e70bfeb1f49f8661fbdcf88409315102038e8d5ed1551
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4834
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 02:55:15 GMT
Last-Modified: Sat, 03 Sep 2022 01:34:41 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 51a291e63c81686bc72df6b5ce3b5e00
2dfe01912533530665cf52e3ac1b5a7d7704667f
2449cea77a21367beb4a8fb25248883f24c60ea8868487b20fad1aa735c21cf1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5550
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 02:55:15 GMT
Last-Modified: Sat, 03 Sep 2022 01:22:45 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b69e4ee589f24deef7c8a3004daae9d1
e96ab184083a5084569b86b8846a6fa0c3b6af9a
7560417294eeb0f5c955d68bcc9b9eae40d69d1ff4b717a115ca1c614b1f4a17
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 02:55:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-TRL5HN2
142.250.74.72200 OK 46 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-TRL5HN2
IP 142.250.74.72:0
File type ASCII text, with very long lines (3238)
Hash fed66092a73699790c5a5c0ab8c61742
acc29b29757e94ae36f8ab603503afa7e9717819
6ee6f45b0a94e19952a0de0b8aa60c18e5697d359f913b30b6ac14bfac49f2e2
GET /gtm.js?id=GTM-TRL5HN2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 03 Sep 2022 02:55:15 GMT
expires: Sat, 03 Sep 2022 02:55:15 GMT
cache-control: private, max-age=900
last-modified: Sat, 03 Sep 2022 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46500
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b69e4ee589f24deef7c8a3004daae9d1
e96ab184083a5084569b86b8846a6fa0c3b6af9a
7560417294eeb0f5c955d68bcc9b9eae40d69d1ff4b717a115ca1c614b1f4a17
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 02:55:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 51a291e63c81686bc72df6b5ce3b5e00
2dfe01912533530665cf52e3ac1b5a7d7704667f
2449cea77a21367beb4a8fb25248883f24c60ea8868487b20fad1aa735c21cf1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5550
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 02:55:15 GMT
Last-Modified: Sat, 03 Sep 2022 01:22:45 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.214.110.180101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.214.110.180:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jU7sEEBQFRShFzKuGuA+HA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 12hLmOucVz5ytSREeOWeJCOxQJ0=
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 91c1841b9e88630ba722794218f2f705
defd76fa005f2ecd3adc8a03270a5e12caedde30
28f4cfdc9c12294f859760b443579b7f8d35cc007f8b3991f4db93d1c175ce6a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 03 Sep 2022 02:55:15 GMT
Last-Modified: Sat, 03 Sep 2022 01:15:14 GMT
Server: ECS (nyb/1D31)
X-Cache: Miss from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: KBEzrHF4DvO4WScfkciH_BWwRDFuZRjUIoyx34el9Tg_RXp0h7ZcKg==
Age: 6001
botd.fpapi.io/api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20
18.215.75.60200 OK 313 B URL HTTP/2 botd.fpapi.io/api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20
IP 18.215.75.60:0
Hash dfa7c14be637f4aa59f0e91cd35cbd99
a9f4b11bcd8044f41d794bb2a4ab79b93c6a90d7
775c320c4f413cecfd7b3da68c87a58555f79630bdbe7802b9c5180a6580dce5
POST /api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20 HTTP/1.1
Host: botd.fpapi.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://other.landerhd.com/
Content-Type: text/plain
Origin: https://other.landerhd.com
Content-Length: 21686
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 02:55:15 GMT
content-type: application/octet-stream
content-length: 313
server: nginx
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Origin, Content-Length, Accept-Encoding, Authorization, Auth-Subscriptions, Botd-Password
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://other.landerhd.com
x-amzn-trace-id: Root=1-6312c213-5c774eac55bec6ef5307dcf8
X-Firefox-Spdy: h2
other.landerhd.com/landingpages/mcafee/favicon.ico
188.240.52.20200 OK 1.2 kB URL HTTP/2 other.landerhd.com/landingpages/mcafee/favicon.ico
IP 188.240.52.20:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash ff7441c3264d89023f376e5319dad793
1f0be835d947eb2de35d945ea5b9b92578a8cbd7
93130759a18703dcad5862bc2fd2973edf9ab7e48ba2c0b4cd4fcfaf832df223
GET /landingpages/mcafee/favicon.ico HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/899637196
Cookie: XSRF-TOKEN=eyJpdiI6Ijg2NU96Qk9SSjE0NUlKR0piZWxpdnc9PSIsInZhbHVlIjoiMi9UUGkxTUZwQzRLQUI0WkRXQzFnd2hlN2tIaTVEMFVwOTFML09WaXJCVzRlRDljUVlYdXBJemt5eFJ4RUN5WG1RQWw0VmlmeElHbTdidkF2WVNzSnZxaFhSMGlTUU1PdTZpbDJXR1JqSTZqcjRQbG9ETEI0WXNwQUxtZVE3cDUiLCJtYWMiOiI3ODE3MTViZTgyMWRjYTc1M2IxZDQ0MjYyNzI4MzRiMDczZmI0MjYxZjA5OWRkZGFlMTFjYTkxMDIzNWFlNjQ0IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Ikpvb0VFZVNRSHNvNlJEUW1tcTREU0E9PSIsInZhbHVlIjoiVjl4MVIzMDFnQTQ0bUhuV2xkSVR0S25YZWdIbW9NVHZiWFpoM0REVFp6QnNlaFEyZEZyNHNtelZlbUpjOW05MmRmY3NwTFFGVldJblJmcnNLK01uK0lrcG9aVGRwUW54K2VtRUxIWldaVmNhTklPSlNZMi9FUHZaWmlqWitGMEwiLCJtYWMiOiJiYzM4NjhkOTUwY2RkYmM3NDgwM2Q5ZjBlOWY4YzEwN2MzOWViOWU2MWQwODAwOTUwZmM5ZWIzY2MwMGEwMzVmIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:15 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Wed, 31 Aug 2022 12:57:35 GMT
etag: "630f5abf-47e"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b1ad004f11b9c337660dfc7b6a5091de
5e017d69c3549cd9d9b33d11486989bec8500b5a
6dfad0eaa16c37e2c7c9264636adcf2b3eed1577d44df08c388a983b810121b2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4446
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 02:55:15 GMT
Last-Modified: Sat, 03 Sep 2022 01:41:09 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4d6c49cdfc9ba8e2c35c0864cdd02a9a
ea1b2234ca6f8e87594c1cd3329d61ccf1e6c8a2
662b1013ed12b05bebf54a1cb3040105777d022f0768b3e3fe532b1d8239bfbe
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 02:55:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
novidash.com/smartlink-css/6312c212994913464d155879?fingerprintid=9e4947f35751465411fd1a4f5c358c78
188.240.52.20200 OK 20 kB URL HTTP/2 novidash.com/smartlink-css/6312c212994913464d155879?fingerprintid=9e4947f35751465411fd1a4f5c358c78
IP 188.240.52.20:0
File type gzip compressed data, max compression\012- data
Hash 56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
Analyzer Verdict Alert fortinet Phishing
POST /smartlink-css/6312c212994913464d155879?fingerprintid=9e4947f35751465411fd1a4f5c358c78 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 22284
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:15 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IjAxdW9ZaTNTSDhLNmtsaGVzOXE2TUE9PSIsInZhbHVlIjoieFdYREhzU2tNQkpBK1NvM3JJTi9Oc1ZjamFBc28vSHhTc251YVU3c3A0Vy9yVWFseGduQUVEQ21HdmRDbGxJc3J6ekNWYTI1Q00rSWtnR1NyM1F0Vk5pQVA5V1N2SzZMTUpiYnduTHJURmJNZzZta3lpZkFlRWhuNG5neUlOUEYiLCJtYWMiOiJiZDg5ZWUwMzkzNDFjY2JjZjdiYzg1Yzk3ZDBjNDVhZWRkNjUwYmNjYTUwMWFjMTczMDRiMGQzMDBiODI0NjZmIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:15 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IjlVL3ZJQzRSeEVSTlFsbGZuSkRSckE9PSIsInZhbHVlIjoibHFQRXlZY2h3UGpHY3ZqSnJuRUtYeXkwRzAvUW5oaWFPd1U1UitFQ2htRmMyckpYWTBWaGZLOW5aQTFnQ1JSYmlJTndPMHJjWUpodlpTZ20wcmhrUXZuaEdGRExXbmhMcTg3cW1DTXd6bWtXMFZ1Ny9BMmFMRzVycG51ZmVTWjUiLCJtYWMiOiJjYjE3OTRkZjUwMWRiZDg1Nzk0MjEzNDFjNWVkYzRhNTUzNTc4ZWMyYzE4ODg0OWYwYzNjNjU3OTZhZjVmNGVkIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:15 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4d6c49cdfc9ba8e2c35c0864cdd02a9a
ea1b2234ca6f8e87594c1cd3329d61ccf1e6c8a2
662b1013ed12b05bebf54a1cb3040105777d022f0768b3e3fe532b1d8239bfbe
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 02:55:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 394 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (385)
Hash 6654dd333e47e3fa1d5d1dec3e1cd619
9a088ff2921fe2fdc719d6e06cfee04a236ee05e
35bcddbc81f1ff5dae81431598ae724a2472e7e6aa029bd8e07415aa69203617
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 03 Sep 2022 02:55:15 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1894852716%3A1662173715852221&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmW9rJH5YUC-6E5LSVGZanyKywSleyyjxMdPTvnEgvYFigEtMJ6ab9qGOPpW7Ia20OUabu7L6w
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-cDX527YkZhdrzizJqkCnDA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 394
server: GSE
set-cookie: __Host-GAPS=1:nm96wdEXf2sB6jdgB9vjIHL1lHuf:dZNyZn2uDH9NspXw;Path=/;Expires=Mon, 02-Sep-2024 02:55:15 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 390 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Hash b192609d0f3ca29f5d7e3179168b7c12
305d03faecff2e712ebc663c4ce74c477462825e
abb116ad57c4d794aa85f5f967f4d67d25aaa2dfd8cf8f3e11dae2709d2453e6
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 03 Sep 2022 02:55:15 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S973727434%3A1662173715896780&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmUFeefvQKpiBx-wI6f06q3ql5nx7HB-NZ9tBeRE3n45D2GNxjoVXEsVxkTdQL93ogG1Ey_pYw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-8JKe895gTSfna64s-lSjcg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 390
server: GSE
set-cookie: __Host-GAPS=1:MKPhyi0mOohjcQbjiHROzi9plkfDpg:nKCjPLW7H0lIoML6;Path=/;Expires=Mon, 02-Sep-2024 02:55:15 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.hotjar.com/c/hotjar-2841648.js?sv=6
54.230.111.113200 OK 2.7 kB URL HTTP/2 static.hotjar.com/c/hotjar-2841648.js?sv=6
IP 54.230.111.113:0
File type ASCII text, with very long lines (3790)
Hash 4ad0f401581a7a99b5c10857def6b778
de265aac61477e4d9889eb15a0f7a06a1a39b8b7
64dbb6966e871b27c3dbfc02f56ddcc8f9172aa4f800b5497f33e7a7251d1d05
GET /c/hotjar-2841648.js?sv=6 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=86400; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
date: Sat, 03 Sep 2022 02:55:15 GMT
cache-control: max-age=60
etag: W/4d9b30f9a9ee54b99baf24a8090bace2
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: OlzaCRjegBASAUin6XEGl2YIdHlhIjd2nZ7dPA7VK5om6SAKJTSTpA==
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-1894852716%3A1662173715852221&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmW9rJH5YUC-6E5LSVGZanyKywSleyyjxMdPTvnEgvYFigEtMJ6ab9qGOPpW7Ia20OUabu7L6w
216.58.207.237403 Forbidden 66 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-1894852716%3A1662173715852221&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmW9rJH5YUC-6E5LSVGZanyKywSleyyjxMdPTvnEgvYFigEtMJ6ab9qGOPpW7Ia20OUabu7L6w
IP 216.58.207.237:0
Hash 61d1868b85d282afa94b4ffec8357a3b
4aa6a7f7caac5851f2fdad0f2a27f1e89da549f6
6f24a6f4e1fa627cc7eeacf5b93ffea3fa75b6a188282bd43de4478095fbf51c
GET /v3/signin/identifier?dsh=S-1894852716%3A1662173715852221&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmW9rJH5YUC-6E5LSVGZanyKywSleyyjxMdPTvnEgvYFigEtMJ6ab9qGOPpW7Ia20OUabu7L6w HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 03 Sep 2022 02:55:15 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-xvWML3n3c8ilnTpNVRjaFw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=pD9WzmdvSz2YVeQD5z0k_a55INga3yN-A-TvnRdfRqZwVsuyCQkBuElvoCA8_k-9m70vFKJT2f0TB8rpw-44zOClhQvhHl0rr0uzspwtWQxZV_OW5J2ElDyrG2jbq7L6k1lWWQ33yD_S_IQHaoo9KgPUthc2-6QljjH7HbDsWco; expires=Sun, 05-Mar-2023 02:55:15 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 0fb935f05e6aaba744f686e2bb3928f9
5b8211247e237b44ddd5bc3df47063bfcac84b0e
a998f91aa98aee49510e973a892dd630395bb1af087c7dbc77b61d29bef2bf68
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 02:55:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b1ad004f11b9c337660dfc7b6a5091de
5e017d69c3549cd9d9b33d11486989bec8500b5a
6dfad0eaa16c37e2c7c9264636adcf2b3eed1577d44df08c388a983b810121b2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4446
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 02:55:15 GMT
Last-Modified: Sat, 03 Sep 2022 01:41:09 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-165133312-2&cid=1946346750.1662173714&jid=1643252601&gjid=1264672244&_gid=2082388919.1662173714&_u=YEBAAEAAAAAAAC~&z=596860561
173.194.221.155200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-165133312-2&cid=1946346750.1662173714&jid=1643252601&gjid=1264672244&_gid=2082388919.1662173714&_u=YEBAAEAAAAAAAC~&z=596860561
IP 173.194.221.155:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-165133312-2&cid=1946346750.1662173714&jid=1643252601&gjid=1264672244&_gid=2082388919.1662173714&_u=YEBAAEAAAAAAAC~&z=596860561 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://other.landerhd.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 03 Sep 2022 02:55:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
vars.hotjar.com/box-1ada912494ba7fc7aca15fcef1c2a7ae.html
143.204.55.118200 OK 1.0 kB URL HTTP/2 vars.hotjar.com/box-1ada912494ba7fc7aca15fcef1c2a7ae.html
IP 143.204.55.118:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2431), with no line terminators
Hash 0b3d3f4206ab84d8861a8cc4b2ddbe66
4561b7c0419b65db5c1314be2143bd1734e88d89
ec42652b198c82469afbe5e6e69312a25425c1fd38d379cf3761b328ecd48e4a
GET /box-1ada912494ba7fc7aca15fcef1c2a7ae.html HTTP/1.1
Host: vars.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhd.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1044
date: Wed, 13 Jul 2022 08:33:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "0b3d3f4206ab84d8861a8cc4b2ddbe66"
last-modified: Wed, 13 Jul 2022 08:32:20 GMT
strict-transport-security: max-age=86400; includeSubDomains
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: QtRTZBvn9QnTAqAmF0_bzUj8LiQi9BUiBVWBoHjtWTcBH3JF2q4TjA==
age: 4472530
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 0fb935f05e6aaba744f686e2bb3928f9
5b8211247e237b44ddd5bc3df47063bfcac84b0e
a998f91aa98aee49510e973a892dd630395bb1af087c7dbc77b61d29bef2bf68
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 02:55:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 7a2f6cbdcf0431e51538036268d84d81
2a3800616c684e2c7faef1132bfac144bc08fbb0
3d7ff722be5d4cea31d24d5a663136230d01e4e88edbcb29ec5a3aead14f6b78
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 03 Sep 2022 02:55:16 GMT
Last-Modified: Sat, 03 Sep 2022 01:36:52 GMT
Server: ECS (nyb/1D0D)
X-Cache: Miss from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 3PSwJZBC1nh70Yw-GnDA0bxEmHT0ZukVpAso1Gw-1U31ns2PGFFvzQ==
Age: 4704
in.hotjar.com/api/v2/client/sites/2841648/visit-data?sv=6
34.251.112.219200 OK 92 B URL HTTP/2 in.hotjar.com/api/v2/client/sites/2841648/visit-data?sv=6
IP 34.251.112.219:0
File type JSON data\012- , ASCII text, with no line terminators
Hash e03464b4f14a1d296cb59883ae134e96
67e8cfe5f193093e715f15ed21b071dc13c8ee3d
51f23e4ba6b1a83ad7e297301a89147870b4c73952c3ae44d9ca7babb77d9955
POST /api/v2/client/sites/2841648/visit-data?sv=6 HTTP/1.1
Host: in.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=UTF-8
Content-Length: 120
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 02:55:16 GMT
content-type: application/json
vary: Accept-Encoding
cache-control: no-cache, no-store
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9243
Expires: Sat, 03 Sep 2022 05:29:19 GMT
Date: Sat, 03 Sep 2022 02:55:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9243
Expires: Sat, 03 Sep 2022 05:29:19 GMT
Date: Sat, 03 Sep 2022 02:55:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9243
Expires: Sat, 03 Sep 2022 05:29:19 GMT
Date: Sat, 03 Sep 2022 02:55:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9243
Expires: Sat, 03 Sep 2022 05:29:19 GMT
Date: Sat, 03 Sep 2022 02:55:16 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93ac38e4-a58e-4303-b7a1-e6c19cc7f80e.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93ac38e4-a58e-4303-b7a1-e6c19cc7f80e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8a1a9b226f6556f7ea2f3e990e618c78
72796327f9481a7516aac1fbfd73a36d69f83626
187b68b54b976b7a1a17928e172c9726b5583b650b982eb5cd2378a4ee2aa54d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93ac38e4-a58e-4303-b7a1-e6c19cc7f80e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7332
x-amzn-requestid: b4f35a34-c467-4582-9072-954573a77ff3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XTiVBHorIAMF_Bg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63047db9-52dcb6600c9faf001774a655;Sampled=0
x-amzn-remapped-date: Tue, 23 Aug 2022 07:11:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5yft4kr6Uo9C3m4xt0BoFRarcgJDT3bjQr_c2QPBsbyw4xL6Omos3g==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 09:53:01 GMT
age: 61335
etag: "72796327f9481a7516aac1fbfd73a36d69f83626"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9669117-bdb7-4eca-9f0c-900e888a9a98.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9669117-bdb7-4eca-9f0c-900e888a9a98.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d9ae49d397bc8300ce0eceda8175a3ad
087b7d14d84ebb179126c9dcd8964d22f24f30ab
b9daa2fc390a97a4bd622dbdec7fe0fff7e6527ffb844a46b9b87b2bd6e0f006
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9669117-bdb7-4eca-9f0c-900e888a9a98.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13241
x-amzn-requestid: 80083a05-9884-48f8-983b-d4132d7c8a0c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eMHFgPIAMF9qg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312771a-16fd2f06541cb4bc027f153f;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: sMzgVvKpAdIumqHzRtYOOYP1Yjy8oQzsn6PIo50kE_3NOlrdsCaohA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 21:49:44 GMT
age: 18332
etag: "087b7d14d84ebb179126c9dcd8964d22f24f30ab"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c199f7fc2a2857dec134bfdb2673e28c
af3989072b658e2de119d006ae4ca1703468913d
e57411ba0221f6ffa7baf7c374ec790959a66d6a683fad40883ef01cf67e35c3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6976
x-amzn-requestid: da379546-9525-4e13-b9f0-a6446839df66
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eNeG7kIAMF4-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63127722-37399f67565b06e7111095cd;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:30 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: alcmiW5Cb3Z96RJNXfz4F54HNERbyV71Q8hqVuNEOTUc48kItzlfHQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 21:49:53 GMT
age: 18323
etag: "af3989072b658e2de119d006ae4ca1703468913d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 23b580e2b673257d24b9c2e80c4c48ce
f3a3d835a37f9b23e7458f9b7bc721bc415b61cc
c0e3559fde3dd08cdbd360f39dddcc98dd7c1b3aebd0861cc07105872a116d11
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7501
x-amzn-requestid: bf297fc4-9164-45ee-bfab-06761a52e3ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eMJEP1IAMFdpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312771a-6b3e6416133d67a83d8a1469;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: datd5eYK6nOAUdEpy_y4gcqsVmCqjP4qhzTnlJ9pSrquoYk2PPugTA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 21:49:54 GMT
age: 18322
etag: "f3a3d835a37f9b23e7458f9b7bc721bc415b61cc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7dce7ca4-6ed1-4f00-8943-1ea59bc2cfd0.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7dce7ca4-6ed1-4f00-8943-1ea59bc2cfd0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 940d722cca434f3267ad6a1567b92e7b
8f8d5827588201a2b6aa883cbf812b0db2318df2
33c16b50e7c317df2b91def5625e8e39c8c2ecc75054ee40f82d4b22c80eb831
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7dce7ca4-6ed1-4f00-8943-1ea59bc2cfd0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11776
x-amzn-requestid: 59dcda55-4c16-4842-828d-2588c43178c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XqdN-FzkIAMFy4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630da8bf-37b930cb3e54dfa21883ead4;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 06:05:51 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lpnEYXkNqGxPiVSToeatrE1dQhERF7CIEs7nYZEJWJbAsL3dqs9SaA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 21:25:19 GMT
age: 19797
etag: "8f8d5827588201a2b6aa883cbf812b0db2318df2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.dropbox.com/login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif
162.125.71.18200 OK 34 kB URL HTTP/2 www.dropbox.com/login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif
IP 162.125.71.18:0
Hash 749aa08de039477d0704d1f61d0b3838
ad2c76e66d0cab71c964fdb9f1370e5bb9b821a8
e7879cf63db6dfb091ab92f494af2caab78cc7a98e21955303b711b39e8d8b43
GET /login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif HTTP/1.1
Host: www.dropbox.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache,no-cache, no-store
content-security-policy: base-uri 'self' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; connect-src https://* ws://127.0.0.1:*/ws ; default-src 'none' ; font-src https://* data: ; form-action 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; img-src https://* data: blob: ; media-src https://* blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' https://www.dropbox.com/static/api/ https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client 'nonce-wx/ftw8NmaADIGeezyuy' ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; worker-src https://www.dropbox.com/static/serviceworker/ blob:, report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-wx/ftw8NmaADIGeezyuy' 'nonce-xUWjYSpFoV9cfYYTZoDu'
referrer-policy: strict-origin-when-cross-origin
set-cookie: gvc=MjIwOTgxNjYxNTU4MzAyNTEzMDk2NDMxMzQ3MTg1ODgyNDI4MTAz; expires=Thu, 02 Sep 2027 02:55:15 GMT; HttpOnly; Path=/; SameSite=None; Secure
t=1TVcgdwXpUzdvwcf8eJkJc8M; Domain=dropbox.com; expires=Tue, 02 Sep 2025 02:55:15 GMT; HttpOnly; Path=/; SameSite=None; Secure
__Host-js_csrf=1TVcgdwXpUzdvwcf8eJkJc8M; expires=Tue, 02 Sep 2025 02:55:15 GMT; Path=/; SameSite=None; Secure
__Host-ss=eRTDFjhixc; expires=Tue, 02 Sep 2025 02:55:15 GMT; HttpOnly; Path=/; SameSite=Strict; Secure
locale=en; Domain=dropbox.com; expires=Thu, 02 Sep 2027 02:55:15 GMT; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-server-response-time: 204
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8
date: Sat, 03 Sep 2022 02:55:15 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: ab1f7a9a6fee4760a3cfa2e840dbec0d
X-Firefox-Spdy: h2
novidash.com/smartlink-css/6312c212994913464d155879?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/6312c212994913464d155879?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
GET /smartlink-css/6312c212994913464d155879?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:18 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6ImRQN2NwRW9FMGkxbGFyTVBDMTBNUFE9PSIsInZhbHVlIjoid3NwMXhMR3BIUGJxUGJZQUxqUDJMdEZmOVZyOC9xQW04YlhRbG9yMi9vOEFUL3F6cW03dHE4SXU5c3o3WmN4bEVLYUFFYkNTL1FlWTBYWThVRkl4WTkrNEFJWktMQWtUR2d0Nm9qMU5tNWNWU045U3hRcjRWd3VJMGlhYnBhYTIiLCJtYWMiOiI0NmI1MDA1MGU1ODVhMjFkNWU5NjIyY2RiNWNiMWY1NTgwNDJkOTI2NzgzYjJlYjZiOGUzOWE5Y2VkMDc0NTZiIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:18 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IlNMSFUxcEtYME51blAwRmJVM1J6QUE9PSIsInZhbHVlIjoiS3pDUm1Gd3pMVnFiVXdqbXZ0ckhydmg1VXJzNytieXMwMURlMENET1lxUGhCUEFCOE1XUFdLaHpqdmJtWjVWajViNmhnRmg2ZzF3ZFdwTldUbm1halZBL2MrZHVwRlBkY0xDUVNycmRqNUZBK29WcWYzdXUwaEtXN3pvNnN6YloiLCJtYWMiOiIyNDhiZjA4NDk1ZDQ0NWE4ODA4ZTMwN2Y0YWFlZDYzMzdiMTI2N2VmMzg4OGYyYTcxN2U0ZTVkZWIyMjg2YjAwIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:18 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
0ee06.trknovi.com/smartlink-css/6312c212994913464d155879
188.240.52.20200 OK 0 B URL HTTP/2 0ee06.trknovi.com/smartlink-css/6312c212994913464d155879
IP 188.240.52.20:0
GET /smartlink-css/6312c212994913464d155879 HTTP/1.1
Host: 0ee06.trknovi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wumnpcku2gu4m2pii7rf3oas&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61
Cookie: XSRF-TOKEN=eyJpdiI6InRzblNVVWV0cFBURlA5MVJBL1ZBTXc9PSIsInZhbHVlIjoiVWF3cnYyVlBmVEcyMTdzZmhhcHlxM1dyOW1IdWdqNjZady9QZDAwcmN4TnlxbnZpY2tobk0vNlJrQlZ4TWJYaVFZUTZyR05WOXhMekxCM0JjS3dFUkhRMHZ0SGtyT3hwWnBPcHpveTNTMjFQdkJnUUNVK1dMUDNDNVlCS21uWGgiLCJtYWMiOiI0NDBjNGJiMzQxYTc1MTFmYjdmZDY0NmFjZWZmNTM3NmExM2EyOTBjZjA5OTJiZDMxZmFiNTI5NGNiNDgwZGYyIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6ImlCOHRGMzBwanM0UDlmSGcvSEdkTlE9PSIsInZhbHVlIjoiSHNjRDkwZ2EwcDFmdXA3cEdxNGRiQVVJajFNdy9vcTZSRWcxLzg2NWtSc3EyT0VHdkxUeUFKVERSY0wrVE5vbkt1OXZnSG5PN3oxcEpIejFGQWkzZUNIZzZiK3piT1VpS3laVmhGV3hxejh4b0UwUnAzcEUzZ01LNkxhZHVBVjYiLCJtYWMiOiJmMDZlYTM5OWYzNjE2NmJiM2UzZDE0MzQ2ZmI3YjFlNDI0ZWZhNzJjYzEzNDNmNTk0YjMzNjk5YzAzZmIxYjg4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:14 GMT
content-type: text/css; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IjVNYzlFVTRYMGZsa3F4WmFUeisvb1E9PSIsInZhbHVlIjoibklyWU5nckxXVmFCUUhPMjV5YjAzZXJmYjFicGt4d1NHZk5kRElGNVBGWXRRYlVqSktrWjlGL0daL3FQWFFnYUpzdzdpMGEvdGZVUElJbGVxU09WTGtkbXVQWmV1UVFKVEJ3MWEyZjRuUlJnZy96RTZMbmprNkFnbDQyR3hHM2MiLCJtYWMiOiJkYTliYjQwNjYxMjY4NGY1YzcyMWY4MTcxYmNiNjMzZDRiODM5NTA4YmJjYmZmZGZiNjBjZjk4OGQ2NWJjMjIxIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:14 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IjlpTU1oYWJKejR5WUJBclBYanNvenc9PSIsInZhbHVlIjoiRGRZL1pSQVk0cGk5TkdGaFJ0SzF1MXdTcFhlY0NaMjUwMDVpSm8zSlFRd25kaDlqakRIZzQxREdwcjBjTFAvR1g4Z0dpQ2krdnFkKy9CTE01cmltQkJEVUtnZGFkMVdYUE1KN1FSbFhhdTZIOU9CelIyMWdzeVJtbDFyNDhCSmoiLCJtYWMiOiI1OGU3NmI2NjM4MzNhNTE0ZDBhODI4MzhjZWFjOWM3NDU0Y2I0NzZkOTQ1ZDc4MTgzYjE2ZWJjOWFmMmUwMGNlIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:14 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
0ee06.trknovi.com/smartlink?mongo_id=6312c212994913464d155879&mongo_grouped_id=6312bf94d058792a2663b3b7&redirect_url=https%3A%2F%2Fother.landerhd.com%2F899637196&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMjgwLCJvdXRlckhlaWdodCI6MTAyNCwiY29sb3JEZXB0aCI6MjQsImRldmljZU1lbW9yeSI6MCwiaGFyZHdhcmVDb25jdXJyZW5jeSI6MTYsInN0YW5kYWxvbmUiOjAsInRpbWV6b25lIjoiVVRDIiwibGFuZ3VhZ2UiOiJlbi1VUyIsImxhbmd1YWdlcyI6WyJlbi1VUyIsImVuIl0sInBsYXRmb3JtIjoiTGludXggeDg2XzY0IiwidG91Y2giOjAsImlmcmFtZSI6MCwiZXZhbCI6MzcsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wIiwib3ZlcnJpZGUiOjEsImR1cmF0aW9uIjozMn0=&js=1
188.240.52.20302 Found 0 B URL HTTP/2 0ee06.trknovi.com/smartlink?mongo_id=6312c212994913464d155879&mongo_grouped_id=6312bf94d058792a2663b3b7&redirect_url=https%3A%2F%2Fother.landerhd.com%2F899637196&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMjgwLCJvdXRlckhlaWdodCI6MTAyNCwiY29sb3JEZXB0aCI6MjQsImRldmljZU1lbW9yeSI6MCwiaGFyZHdhcmVDb25jdXJyZW5jeSI6MTYsInN0YW5kYWxvbmUiOjAsInRpbWV6b25lIjoiVVRDIiwibGFuZ3VhZ2UiOiJlbi1VUyIsImxhbmd1YWdlcyI6WyJlbi1VUyIsImVuIl0sInBsYXRmb3JtIjoiTGludXggeDg2XzY0IiwidG91Y2giOjAsImlmcmFtZSI6MCwiZXZhbCI6MzcsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wIiwib3ZlcnJpZGUiOjEsImR1cmF0aW9uIjozMn0=&js=1
IP 188.240.52.20:0
GET /smartlink?mongo_id=6312c212994913464d155879&mongo_grouped_id=6312bf94d058792a2663b3b7&redirect_url=https%3A%2F%2Fother.landerhd.com%2F899637196&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMjgwLCJvdXRlckhlaWdodCI6MTAyNCwiY29sb3JEZXB0aCI6MjQsImRldmljZU1lbW9yeSI6MCwiaGFyZHdhcmVDb25jdXJyZW5jeSI6MTYsInN0YW5kYWxvbmUiOjAsInRpbWV6b25lIjoiVVRDIiwibGFuZ3VhZ2UiOiJlbi1VUyIsImxhbmd1YWdlcyI6WyJlbi1VUyIsImVuIl0sInBsYXRmb3JtIjoiTGludXggeDg2XzY0IiwidG91Y2giOjAsImlmcmFtZSI6MCwiZXZhbCI6MzcsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wIiwib3ZlcnJpZGUiOjEsImR1cmF0aW9uIjozMn0=&js=1 HTTP/1.1
Host: 0ee06.trknovi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjVNYzlFVTRYMGZsa3F4WmFUeisvb1E9PSIsInZhbHVlIjoibklyWU5nckxXVmFCUUhPMjV5YjAzZXJmYjFicGt4d1NHZk5kRElGNVBGWXRRYlVqSktrWjlGL0daL3FQWFFnYUpzdzdpMGEvdGZVUElJbGVxU09WTGtkbXVQWmV1UVFKVEJ3MWEyZjRuUlJnZy96RTZMbmprNkFnbDQyR3hHM2MiLCJtYWMiOiJkYTliYjQwNjYxMjY4NGY1YzcyMWY4MTcxYmNiNjMzZDRiODM5NTA4YmJjYmZmZGZiNjBjZjk4OGQ2NWJjMjIxIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6IjlpTU1oYWJKejR5WUJBclBYanNvenc9PSIsInZhbHVlIjoiRGRZL1pSQVk0cGk5TkdGaFJ0SzF1MXdTcFhlY0NaMjUwMDVpSm8zSlFRd25kaDlqakRIZzQxREdwcjBjTFAvR1g4Z0dpQ2krdnFkKy9CTE01cmltQkJEVUtnZGFkMVdYUE1KN1FSbFhhdTZIOU9CelIyMWdzeVJtbDFyNDhCSmoiLCJtYWMiOiI1OGU3NmI2NjM4MzNhNTE0ZDBhODI4MzhjZWFjOWM3NDU0Y2I0NzZkOTQ1ZDc4MTgzYjE2ZWJjOWFmMmUwMGNlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:14 GMT
content-type: text/html; charset=UTF-8
location: https://other.landerhd.com/899637196
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6Im00VStUdjhCeDdZelRWRDU0VHd0ZGc9PSIsInZhbHVlIjoiNXR0SndoTUZubC9zeE0xckY4SVFYaU1mbjBLUitBS20xOEt0cXhpbnlZcWVZejVyNkJRWW5EcXhpdC8zc1lRcVlKcUd4QmM1WUJSVWwvcWU0Rk41NC95VnBRNFlyY2FpVWdpa2RwRDZ5VWgzam5tYkY2UUM0Sm1zUXdPN3IyYVMiLCJtYWMiOiIzODgxZjg2ZjU0NjBmZGUwMTA1ZDY2MDllNzA3OGIwYTczYTNhNDAwNjc2YWZkODFkN2M2NGUxNWM1NmVmMGNmIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:14 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6Iks3SFZ3bVFoa2hydkpJenU0anBjanc9PSIsInZhbHVlIjoiN3g4UmNoOTk5U2lSaUtrN1d5QzdtMnRiR01obG9wdHd1OHhmNFRZWjc1RDV4VCtRZHREMDFLSlM3UlBvWXA5RmdRKzJyQ3ZKZk5kL01MUDY2UjlDellUWk8rYzg0Z3YrQnFXWUNnek5RVUErdk85SjdBdDVIaGRNSENlSUZjeWoiLCJtYWMiOiI2NzE1NjI3Y2ExZjAwNzU0M2Y2ZTRjNWIxY2Q5YjNlNjY0Mjc5MDllMGRkMGNhZDE1NTRmN2YyNGQ2MmRhOGNlIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:14 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
www.spotify.com/de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico
35.186.224.25302 Found 0 B URL HTTP/2 www.spotify.com/de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico
IP 35.186.224.25:0
GET /de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico HTTP/1.1
Host: www.spotify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 03 Sep 2022 02:55:15 GMT
x-powered-by: Express
set-cookie: sp_usid=af354575-f3ec-456d-b6d5-58331f3b1b4f; Max-Age=1800; Domain=spotify.com; Path=/; Secure
sp_m=de; Path=/; Domain=.spotify.com; Max-Age=115516800; Expires=Sat, 02 May 2026 02:55:15 GMT; Secure; HttpOnly; SameSite=Lax
sp_t=cd187d17-be84-4747-8e1e-765bd04fae6d; Path=/; Domain=.spotify.com; Max-Age=31536000; Expires=Sun, 03 Sep 2023 02:55:15 GMT; Secure
sp_new=1; Path=/; Domain=.spotify.com; Max-Age=86400; Expires=Sun, 04 Sep 2022 02:55:15 GMT; Secure
sp_landing=https%3A%2F%2Fwww.spotify.com%2Fde%2Flogin%2F; Path=/; Domain=.spotify.com; Max-Age=86400; Expires=Sun, 04 Sep 2022 02:55:15 GMT; Secure; HttpOnly
location: https://accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE
content-security-policy: base-uri 'none'; connect-src https: wss:; form-action https:; frame-ancestors 'self' https://*.spotify.com https://*.spotify.net; object-src 'none'
x-join-the-band: https://www.spotify.com/jobs/
sp-trace-id: 632cbd3d0252ec19
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
vary: Accept-Encoding
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE
35.186.224.25200 OK 0 B URL HTTP/2 accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE
IP 35.186.224.25:0
GET /login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE HTTP/1.1
Host: accounts.spotify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 02:55:15 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
x-frame-options: deny
set-cookie: __Host-device_id=AQCQpqToQFMjbO2UsShKMSYwNj7Mum9BWAejnKlcW882ruYIBDxnAXJa-y_KUl2e1qiRZTvXyNuZ0cUC2O-eDAUSFClG8cSuPQ0;Version=1;Path=/;Max-Age=2147483647;Secure;HttpOnly;SameSite=Lax
__Secure-TPASESSION=AQBTuUdbDdt2uDvPrj0gfn7kR32Jeubjuc8xQ1H65V8BXtSLfxHSQkU1LfKXfJdcEKKc27dNuvC8YE/2vUFUJiWLrCmk2Z/XzLw=;Version=1;Domain=accounts.spotify.com;Path=/;Secure;HttpOnly;SameSite=None
sp_sso_csrf_token=013acda719309b397e7ca091c28a672e646e2bf8af31363632313733373135343232;Version=1;Domain=accounts.spotify.com;Path=/;Secure;SameSite=Lax
sp_tr=false;Version=1;Domain=accounts.spotify.com;Path=/;Secure;SameSite=Lax
__Host-sp_csrf_sid=78ccf50e188853056911a25c5abf8f3b3d88e72d4b21d94fab6c48655176aa55; Path=/; HttpOnly; Secure; Expires=2022-09-3 03:55:15.422; Max-Age=3600; SameSite=Lax
content-security-policy: default-src 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.cookielaw.org/scripttemplates/ https://*.onetrust.com https://accounts.scdn.co; img-src 'self' https://i.imgur.com https://d2mv8tnci56s9d.cloudfront.net https://profile-images.scdn.co https://*.scdn.co https://graph.facebook.com https://fbcdn-profile-a.akamaihd.net https://*.fbcdn.net https://platform-lookaside.fbsbx.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net data: https://accounts.scdn.co; font-src 'self' data: https://sp-bootstrap.global.ssl.fastly.net https://fonts.gstatic.com https://*.scdn.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css2; frame-src 'self' https://www.spotify.com https://www.google.com https://app.adjust.com https://itunes.apple.com itms-apps: https://www.google.com/recaptcha/; connect-src 'self' https://*.spotify.com https://www.google-analytics.com https://*.ingest.sentry.io/;
x-content-security-policy: default-src 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.cookielaw.org/scripttemplates/ https://*.onetrust.com https://accounts.scdn.co; img-src 'self' https://i.imgur.com https://d2mv8tnci56s9d.cloudfront.net https://profile-images.scdn.co https://*.scdn.co https://graph.facebook.com https://fbcdn-profile-a.akamaihd.net https://*.fbcdn.net https://platform-lookaside.fbsbx.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net data: https://accounts.scdn.co; font-src 'self' data: https://sp-bootstrap.global.ssl.fastly.net https://fonts.gstatic.com https://*.scdn.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css2; frame-src 'self' https://www.spotify.com https://www.google.com https://app.adjust.com https://itunes.apple.com itms-apps: https://www.google.com/recaptcha/; connect-src 'self' https://*.spotify.com https://www.google-analytics.com https://*.ingest.sentry.io/;
sp-trace-id: a7099648cd366c5a
content-encoding: gzip
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.2/css/all.css
172.67.169.247200 OK 0 B URL HTTP/2 use.fontawesome.com/releases/v5.7.2/css/all.css
IP 172.67.169.247:0
GET /releases/v5.7.2/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 03 Sep 2022 02:55:15 GMT
content-type: text/css
x-amz-id-2: 5NP8+xqRh1FzZXuC3zm1osHKfH9eWYVU3hULOnty9foAbYVoWS+RrTgF3GpHTQPZ4zo7NrfhwaQ=
x-amz-request-id: FGM1ZV7T0WW9J2JQ
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:57 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 2113406
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NsrYouuc7sI%2FT6SW7GPRg3gqU2C%2FZcqw9GJhgEfCt9rV4uKE7uqWXRIBI%2Bv1UMCJa04PIzgDKK4%2FIbdfcVoRR1jsJ9wprLWpfLLflyEI6vb%2BvTV0F9h0rD8SVAyZTblVDurOwM1C"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 744b3496fb621bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
novidash.com/smartlink-css/6312c212994913464d155879?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/6312c212994913464d155879?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
GET /smartlink-css/6312c212994913464d155879?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:16 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6InczcTYvVTlkZGZvQ3VwaC9xNXdobmc9PSIsInZhbHVlIjoiWEZSWlFSVmpWdTdPRk9mV2xCWnRDWEYybXhjbTlRRW9XNE95azJYR0ZML2ZmZkg4Vyt0V21RbCtYb2tDbXlnZytJS1pBVnU0MmdOS2RRald0ZjBsemtDaUMwYWtsZk9VcGFQSEZCRkJIcnE2bk5zeUtaM3RzMzVxRnF2bWFZcDYiLCJtYWMiOiIxM2I5ZTc3NDBmNjYyMTFlNjhjYWQwZjNjNGRhM2Q3NmQyODZlYWFiNjBlZjEyNTNlOTAwZmFhM2QyOTY0NGIzIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:16 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IlRFS09nbit1VnFYa3A4d3lrSmNKcVE9PSIsInZhbHVlIjoiRnNNdW54bzJVb21ndjFzUW5ZRmgzbitSS215SE16SjQ0QmVwMEQwYngzS0FFaSs5bGYxaHdHRXRnMHdmMm9INzNGTjlrWGtjSnJYN3pORms3YTFmbW1HQ3k5aDFsYUozT3JPVkZqdmwzaGtETVo1S0l6WWF2R1JONzAwc0JndTYiLCJtYWMiOiJmMGMxYTM3NmEzNjVmZWQ2ZWNhYWZkZTUzMThmNjI2NGY3NTcyMWRiYjNiNmY2M2UzYjc1OTcxMmJhNGYzMDY5IiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:16 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
novidash.com/smartlink-css/6312c212994913464d155879
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/6312c212994913464d155879
IP 188.240.52.20:0
Analyzer Verdict Alert fortinet Phishing
POST /smartlink-css/6312c212994913464d155879 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 352
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:15 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IkRUd3lENitwMFNFb2ZvMEdwNnhzL3c9PSIsInZhbHVlIjoiT1FOcXEwVklRMzVxMEpiaElRa0VoOWE2ZlVsanlvMmFVMGk0bG43MUtpYnk2bUpKMmtidktnalN0NCs5aUlGVFp6MndxZ3JJbTFmR043NG44UVl6OTN5Nk1oQWZuOFlEZ29OZkpxUU5PclBsS2FqYzVYckNxeDhtREJJaVJGNVUiLCJtYWMiOiI5OTgxNGFlZDEzNmJhMTA0YTBlMDg3NWJhMTFmNTdiZTdkNThiZTA0ZWI4ZTkwMzg3NGU2ZjZjOWFjYzAyZDA3IiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:15 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6ImNZQ1FpMFdxOWlmTTVNVUQraGRSTkE9PSIsInZhbHVlIjoiVzBpWkMvUlFBN0tFZ1B4RlRlTWNpenRFTVYrWHNMTXp3WW9tdnVMdHVqelJWQmpndmlYdzRJUmVpdDFnMlZab1Byb1FJazlFejRpc2xFL1ZhcUZQQmZNWlFEMGEwa01LL1llSUdQYk50Q3NGTVJjUEVpU1ZiS0RlSTMvMmJCMnoiLCJtYWMiOiI2ODU0NjdlNGM4ZmE4ZGNjODVlNGRkYmM0NzM4YmJmY2MwY2NhMzg0OWM1MTM3ZDExMjFiOTYwNDYyNWQwNTdmIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:15 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: hlJ2VuJj6XENaQC4d2skGs7Q+avVUvdiDa0hI46CSJQ64CheVWz5/jGyOlVUMBcVqFnBjWl/IMWTTyLuWDMhUQ==
date: Sat, 03 Sep 2022 02:55:15 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wumnpcku2gu4m2pii7rf3oas&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61
188.240.52.20200 OK 0 B URL HTTP/2 0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wumnpcku2gu4m2pii7rf3oas&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61
IP 188.240.52.20:0
GET /smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wumnpcku2gu4m2pii7rf3oas&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61 HTTP/1.1
Host: 0ee06.trknovi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:14 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6InRzblNVVWV0cFBURlA5MVJBL1ZBTXc9PSIsInZhbHVlIjoiVWF3cnYyVlBmVEcyMTdzZmhhcHlxM1dyOW1IdWdqNjZady9QZDAwcmN4TnlxbnZpY2tobk0vNlJrQlZ4TWJYaVFZUTZyR05WOXhMekxCM0JjS3dFUkhRMHZ0SGtyT3hwWnBPcHpveTNTMjFQdkJnUUNVK1dMUDNDNVlCS21uWGgiLCJtYWMiOiI0NDBjNGJiMzQxYTc1MTFmYjdmZDY0NmFjZWZmNTM3NmExM2EyOTBjZjA5OTJiZDMxZmFiNTI5NGNiNDgwZGYyIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:14 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6ImlCOHRGMzBwanM0UDlmSGcvSEdkTlE9PSIsInZhbHVlIjoiSHNjRDkwZ2EwcDFmdXA3cEdxNGRiQVVJajFNdy9vcTZSRWcxLzg2NWtSc3EyT0VHdkxUeUFKVERSY0wrVE5vbkt1OXZnSG5PN3oxcEpIejFGQWkzZUNIZzZiK3piT1VpS3laVmhGV3hxejh4b0UwUnAzcEUzZ01LNkxhZHVBVjYiLCJtYWMiOiJmMDZlYTM5OWYzNjE2NmJiM2UzZDE0MzQ2ZmI3YjFlNDI0ZWZhNzJjYzEzNDNmNTk0YjMzNjk5YzAzZmIxYjg4IiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:14 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
other.landerhd.com/899637196
188.240.52.20200 OK 0 B URL HTTP/2 other.landerhd.com/899637196
IP 188.240.52.20:0
GET /899637196 HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:14 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6Ijg2NU96Qk9SSjE0NUlKR0piZWxpdnc9PSIsInZhbHVlIjoiMi9UUGkxTUZwQzRLQUI0WkRXQzFnd2hlN2tIaTVEMFVwOTFML09WaXJCVzRlRDljUVlYdXBJemt5eFJ4RUN5WG1RQWw0VmlmeElHbTdidkF2WVNzSnZxaFhSMGlTUU1PdTZpbDJXR1JqSTZqcjRQbG9ETEI0WXNwQUxtZVE3cDUiLCJtYWMiOiI3ODE3MTViZTgyMWRjYTc1M2IxZDQ0MjYyNzI4MzRiMDczZmI0MjYxZjA5OWRkZGFlMTFjYTkxMDIzNWFlNjQ0IiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:14 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6Ikpvb0VFZVNRSHNvNlJEUW1tcTREU0E9PSIsInZhbHVlIjoiVjl4MVIzMDFnQTQ0bUhuV2xkSVR0S25YZWdIbW9NVHZiWFpoM0REVFp6QnNlaFEyZEZyNHNtelZlbUpjOW05MmRmY3NwTFFGVldJblJmcnNLK01uK0lrcG9aVGRwUW54K2VtRUxIWldaVmNhTklPSlNZMi9FUHZaWmlqWitGMEwiLCJtYWMiOiJiYzM4NjhkOTUwY2RkYmM3NDgwM2Q5ZjBlOWY4YzEwN2MzOWViOWU2MWQwODAwOTUwZmM5ZWIzY2MwMGEwMzVmIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:14 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
novidash.com/smartlink-css/6312c212994913464d155879?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/6312c212994913464d155879?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
GET /smartlink-css/6312c212994913464d155879?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://other.landerhd.com
Connection: keep-alive
Referer: https://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sat, 03 Sep 2022 02:55:17 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IjBjQk1reVRScFVISDJObit3dStZN3c9PSIsInZhbHVlIjoiaFE5T1dXbFBydXBMaThwajkrK3U2WWJnWEtsd2cwVWw0QSt1eEVEemt6TmZWbU1YYVBjRXVCUDdqendqc3VCQ2lldVVsQjMxVzhUVk56OWp4aGdPYzh4WjdqWHBzZ3FnWkNnYVVhWjJMZklGcGxBMU5yM0Y5Vkl4Y2VhNUNQT1YiLCJtYWMiOiJkMWJiMDdmNzFlMjc2Nzg2YWYxOTI4ODNkZTdmNmQ4ZDk1NDg5YTU1YjgwNmE1ZGM3NGU2MzI5NjFjOTkxN2U5IiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:17 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IlpaUmVTcUp2OFNlMFV3UElTRnFRTkE9PSIsInZhbHVlIjoic2xLYjBzOXVYaVRNYXFzVEVnM0hROWRmRTlTRmV0TjgxTkZkTUxtcHR5Rm0xaWRVcXAxYm0rSiswNU8yeGhaeURENURNOTVxVXpIei9pL2U3WnBQc1NBZGJWR1g1ODM2Z1cyOXhjdEh2eGR6U3E2c3lhMnR6ckFYYjBjUHJVSzgiLCJtYWMiOiIyNWM4MGRlMjFhZGVlZjM5OWZmMTY4ZjczMWRkZjBmODJkMGFjZGJlYTc3MTFmMTFiZGE5N2FhNTUzZDU5MzdhIiwidGFnIjoiIn0%3D; expires=Sat, 03-Sep-2022 04:55:17 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2