other.landerhd.com/923242532
188.240.52.20200 OK 6.9 kB URL HTTP/1.1 other.landerhd.com/923242532
IP 188.240.52.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4905)
Hash cbaaba4267856b5946cea0f972737476
bc6fdeffad72404b1547ad32fbf0a4321869950a
a797e0f21c01f2f959122c45b18c2ff5220cd031f9028cfc398727a07c30c16e
GET /923242532 HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 04 Nov 2022 22:52:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private, must-revalidate
pragma: no-cache
expires: -1
Set-Cookie: XSRF-TOKEN=eyJpdiI6IlNIcHZlVEJVc01wUkk1RmZqdW1jYUE9PSIsInZhbHVlIjoiMDZab1VGR3Vobm5SV0duUVBkN0I3WVdrRjllblcvMGV5U0xMUHFSVktvSVBNZTlJdjZlcTZTbDBhSzVicHNKM2M4MUhkcnpqS2cxRno1Z01xUkVXczYwVWc0NGVCTlRtazI3RDR6cWdHakJMMXNNYlhCN1VJTjhiaUtxajlMTHYiLCJtYWMiOiIxMjhhY2QxNGM1NzM5ODY5Mzg4ZWMyYWNmMzljYTJhMDRjZGE4OTNmNDAyNjE4ODAwNWJkOWJiNGE1YmFiNGMzIiwidGFnIjoiIn0%3D; expires=Sat, 05-Nov-2022 00:52:02 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IjRDSmZ3WUwyYUtTZ2pIUTNZbzl3eVE9PSIsInZhbHVlIjoiQUR4bWRBbWNxZ3NlMnAxOGZyUGJhQjVLb1R5SnJmSktSbmFXa1NkTUhPZXBCQm1yTUNuTnk5ZVg5aE5XdkdKdlFTTzQxUXVlTUxpTTNHTFNUTG85QjdvZTI5cTdVWmI3Z2doZVY3TlRpTWZlbGJlaEhENG9ONEI5c1FmM2lQNGQiLCJtYWMiOiIxMzE0N2M1MGY5ZTQ3NGZmY2ZhZGNlMmE4ZjcxZjdjNDVlNTlkNjgwOTFmNjk2NTI5ZWQyMzM4NTBkMjNlZTRlIiwidGFnIjoiIn0%3D; expires=Sat, 05-Nov-2022 00:52:02 GMT; Max-Age=7200; path=/; httponly; samesite=lax
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b720c31d9c036cd2ef10e35fa29f5345
ac625d2e69284e5080bede4b37c31af62c26338b
323b76eceb5d3ad339a1c55bfa7eea4e39741258e08d5005b691f712a9e9c81c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "323B76ECEB5D3AD339A1C55BFA7EEA4E39741258E08D5005B691F712A9E9C81C"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7510
Expires: Sat, 05 Nov 2022 00:57:13 GMT
Date: Fri, 04 Nov 2022 22:52:03 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cd02b32dbc8416dcb10b468af2166c33
503a9c4cabdb19dfde769f5e2d3ef919c818c364
46ca638514d9d4cf252762fdac37a5e7b1da550fcc9911070b0b26a6aa6150a7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4885
Cache-Control: max-age=129627
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 22:52:03 GMT
Etag: "6364dbd9-1d7"
Expires: Sun, 06 Nov 2022 10:52:30 GMT
Last-Modified: Fri, 04 Nov 2022 09:31:05 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cd02b32dbc8416dcb10b468af2166c33
503a9c4cabdb19dfde769f5e2d3ef919c818c364
46ca638514d9d4cf252762fdac37a5e7b1da550fcc9911070b0b26a6aa6150a7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4885
Cache-Control: max-age=129627
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 22:52:03 GMT
Etag: "6364dbd9-1d7"
Expires: Sun, 06 Nov 2022 10:52:30 GMT
Last-Modified: Fri, 04 Nov 2022 09:31:05 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 078950c3ba9ad01927f3da494b1d1de4
443c8a8247e4e3e04c14d21e0227fc4e8f396142
dd5dd09fec51669adf36b3014bbf65d7bff608f72018d037f9ed9b414675037c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DD5DD09FEC51669ADF36B3014BBF65D7BFF608F72018D037F9ED9B414675037C"
Last-Modified: Fri, 04 Nov 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4863
Expires: Sat, 05 Nov 2022 00:13:06 GMT
Date: Fri, 04 Nov 2022 22:52:03 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: dBffCVlBXGxEUs1jxlFOQzczo13OFeUep82YjvQK0NUCqnG/KuArgeK3aHWPGg+cd5nd4vMij0I=
x-amz-request-id: BM2GEFVP8ZBJY4XZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 04 Nov 2022 22:46:57 GMT
age: 306
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 04 Nov 2022 22:52:03 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js
151.101.85.229200 OK 14 kB URL HTTP/2 cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js
IP 151.101.85.229:0
File type Unicode text, UTF-8 text, with very long lines (33322)
Hash aae718b2a0cb61c252946cb2c90eee97
b80eb9c3bde5f4dd455940832989f52d39deafcc
7ac3def7374012c4a78adafd9f76513168890454ad16f053d58060836a582f7f
GET /npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.3.6
x-jsd-version-type: version
etag: W/"8378-YyDrsgfkSqD4ErmTv6bGJ5gw0yk"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 04 Nov 2022 22:52:03 GMT
age: 15642
x-served-by: cache-fra-eddf8230075-FRA, cache-bma1652-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 14187
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js
151.101.85.229200 OK 3.1 kB URL HTTP/2 cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js
IP 151.101.85.229:0
File type ASCII text, with very long lines (8836)
Hash b066530dd980f68abf6d92414bc4c7ed
34ad41df121cf682a0471d60e19ca4590fb5314f
b494f22ff0e7d3f34e58eed4232718aec04e61857777fff1bee495f488a52084
GET /npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.1.20
x-jsd-version-type: version
etag: W/"2349-ZoOIlhfcFugXpJwXzjjzWO/fFjg"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 04 Nov 2022 22:52:03 GMT
age: 32
x-served-by: cache-fra-eddf8230022-FRA, cache-bma1652-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3067
X-Firefox-Spdy: h2
other.landerhd.com/landingpages/mcafee/logo.png
188.240.52.20200 OK 30 kB URL HTTP/2 other.landerhd.com/landingpages/mcafee/logo.png
IP 188.240.52.20:0
File type PNG image data, 1280 x 257, 8-bit/color RGBA, non-interlaced\012- data
Hash 26740ccd6ca2d5d3542f4b0d540bd30c
13c7ccbb771765399a7aeb351a9c8d79e668c480
9db2bed7f1778805e72f7f079f0b8789eaf039e3d9124145d2e88dab53e22ae2
GET /landingpages/mcafee/logo.png HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Fri, 04 Nov 2022 22:52:03 GMT
content-type: image/png
content-length: 30211
last-modified: Fri, 04 Nov 2022 14:33:51 GMT
etag: "636522cf-7603"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
other.landerhd.com/landingpages/mcafee/os_versions.png
188.240.52.20200 OK 3.1 kB URL HTTP/2 other.landerhd.com/landingpages/mcafee/os_versions.png
IP 188.240.52.20:0
File type PNG image data, 135 x 26, 8-bit/color RGBA, interlaced\012- data
Hash e662ac219b9626c6488250a2b09640c5
45636878adece610ed4d2c44bb177ac53e68adfb
cb28be8a2c6c7ef36afd59c211b5a1f50ad26229c14ae714c39df687c96ab823
GET /landingpages/mcafee/os_versions.png HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Fri, 04 Nov 2022 22:52:03 GMT
content-type: image/png
content-length: 3073
last-modified: Fri, 04 Nov 2022 14:33:51 GMT
etag: "636522cf-c01"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
151.101.86.133200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 151.101.86.133:0
Hash 2541524bc8eec7ff4f536ed3ff5e18f9
1aae5493ba0e69936372bf26d516c4cf9375530a
553287c4e99f8f4216ecde799f7bd636d376a622e2c14128d5b0ba4b6d47dad8
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1462
Content-Type: application/ocsp-response
Etag: "212A9E0BF312495B5FDF59C6745E3808B3C54593"
Expires: Sat, 05 Nov 2022 10:00:00 UTC
Last-Modified: Fri, 04 Nov 2022 22:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
Accept-Ranges: bytes
Date: Fri, 04 Nov 2022 22:52:03 GMT
Via: 1.1 varnish
Age: 185
X-Served-By: cache-bma1670-BMA
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1667602323.328639,VS0,VE0
other.landerhd.com/landingpages/mcafee/360.png
188.240.52.20200 OK 38 kB URL HTTP/2 other.landerhd.com/landingpages/mcafee/360.png
IP 188.240.52.20:0
File type PNG image data, 125 x 168, 8-bit/color RGBA, non-interlaced\012- data
Hash 15f432f9006e7256a9452bdd27835619
7042133d844e198542a7cc1fadcc513059130fe6
010ba660952072e4c859f26dd1f74bc21cc2d7bdbf7c37b90d9e3ed279ad500f
GET /landingpages/mcafee/360.png HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Fri, 04 Nov 2022 22:52:03 GMT
content-type: image/png
content-length: 38110
last-modified: Fri, 04 Nov 2022 14:33:57 GMT
etag: "636522d5-94de"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 85631ced1a44c2add184ab0a40d39a96
2d911523a462eb893fef42c823fc0c12c6016219
c592dda6ad3064db55e65ff8399a2dc05c5b55275f5044b483259240c95531d1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4645
Cache-Control: max-age=124351
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 22:52:03 GMT
Etag: "6364c82e-1d7"
Expires: Sun, 06 Nov 2022 09:24:34 GMT
Last-Modified: Fri, 04 Nov 2022 08:07:10 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d65c94a3bfe8605059e5e626ea0fa57e
b0fbc3577331b82efc8e320095b8d8705a6360d3
0878edd256a972f526d7053cdebceb28241db5662cc7660a10f1b4c3430c43c6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 22:52:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
other.landerhd.com/landingpages/mcafee/bg.jpg
188.240.52.20200 OK 130 kB URL HTTP/2 other.landerhd.com/landingpages/mcafee/bg.jpg
IP 188.240.52.20:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x613, components 3\012- data
Size 130 kB (129948 bytes)
Hash 444f46588f202bb38dceb8191f606f3e
f4eb55005df6be8068bb9c78d7fc0cd70651a1dc
86102483f8cb9a2d5bd4771914f960e1ea0bf6b1866aa1c2b86f75a1018b94ce
GET /landingpages/mcafee/bg.jpg HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Fri, 04 Nov 2022 22:52:03 GMT
content-type: image/jpeg
content-length: 129948
last-modified: Fri, 04 Nov 2022 14:33:57 GMT
etag: "636522d5-1fb9c"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-TRL5HN2
142.250.74.168200 OK 48 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-TRL5HN2
IP 142.250.74.168:0
File type ASCII text, with very long lines (3238)
Hash 9be03698386e212761add65dde48f261
121fb2198d4b31cfa6169a4744991b7f23433467
8e01f3e8c012a2cc38135fc9be24c0014599c1a44e4e4a2cd1aff00aa249ff04
GET /gtm.js?id=GTM-TRL5HN2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 04 Nov 2022 22:52:03 GMT
expires: Fri, 04 Nov 2022 22:52:03 GMT
cache-control: private, max-age=900
last-modified: Fri, 04 Nov 2022 21:09:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 48164
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b36f754d19ff8f13c4e83dbdf41edf08
d1d44b41b3f028e93705557aed22d4e4b5577c9c
9eb94ce23cc9a32e6ac0bc83f82a4a6b1b909a092be7f68603888246119875d4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5920
Cache-Control: max-age=147565
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 22:52:03 GMT
Etag: "63651de0-1d7"
Expires: Sun, 06 Nov 2022 15:51:28 GMT
Last-Modified: Fri, 04 Nov 2022 14:12:48 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 42a0adacced30df52cf7cad3e200036d
f7b4114defc61f806dbb74fd228bca155d52362a
e4928481739a2a75dce86c03b355c6dff507426e8d851cba5ca8537b1be87c20
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1099
Cache-Control: max-age=120783
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 22:52:03 GMT
Etag: "6364c817-1d7"
Expires: Sun, 06 Nov 2022 08:25:06 GMT
Last-Modified: Fri, 04 Nov 2022 08:06:47 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d65c94a3bfe8605059e5e626ea0fa57e
b0fbc3577331b82efc8e320095b8d8705a6360d3
0878edd256a972f526d7053cdebceb28241db5662cc7660a10f1b4c3430c43c6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 22:52:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b36f754d19ff8f13c4e83dbdf41edf08
d1d44b41b3f028e93705557aed22d4e4b5577c9c
9eb94ce23cc9a32e6ac0bc83f82a4a6b1b909a092be7f68603888246119875d4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5920
Cache-Control: max-age=147565
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 22:52:03 GMT
Etag: "63651de0-1d7"
Expires: Sun, 06 Nov 2022 15:51:28 GMT
Last-Modified: Fri, 04 Nov 2022 14:12:48 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff2
172.64.132.15200 OK 74 kB URL HTTP/2 use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff2
IP 172.64.132.15:0
File type Web Open Font Format (Version 2), TrueType, length 74348, version 329.31064\012- data
Hash 462806316fea535a6a57651bc2b000b0
80644191098f863f25be27841c0d92c452cf2327
4f9ee3d8f6e621642979e6a8f7e75c57cb9da34918cc08a38abfe178dbae1dd2
GET /releases/v5.7.2/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 04 Nov 2022 22:52:03 GMT
content-type: font/woff2
content-length: 74348
x-amz-id-2: 0l6dYEP1uAj5/NMoyplIYQyQHhSnvJEK8vCLRcswJvXUgY2bGvjNXDpPa54g5nURiWCH/XSd37A=
x-amz-request-id: 1XKS29XE9F1G42GN
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:46:18 GMT
etag: "462806316fea535a6a57651bc2b000b0"
cache-control: max-age=31556926
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qIHfxM%2B7eOJJdwNcmQeNdLjzxL0C9yrv4Oyok7qlFyKcgR5K17yTLLcuz4epNhaSAAkl%2FNYujLvBfU4ucjjhodFfVoEuJ9qszQmsGCaZrD%2BOlmVh6gpcGWMU%2FhLpoohU%2BjjNawSE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7650eafb9a22754d-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 2c0d399aa0bd348c344af12f7e60dab9
c9d6fb76bb13e1ee6c88c691695b66407bb0a274
0b97fa858bb3fc7578232b4b4ac7eae42d42f2bcf4b250e7f0bf25186085af34
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=103443
Date: Fri, 04 Nov 2022 22:52:04 GMT
Etag: "63646f98-1d7"
Expires: Sun, 06 Nov 2022 03:36:07 GMT
Last-Modified: Fri, 04 Nov 2022 01:49:12 GMT
Server: ECS (bsa/EB15)
X-Cache: Miss from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: qLd7Tt7yPwuBkcfr9GHQXzOe0_M6PIRYojgF-3NI44nfvZt4Y-7DOw==
Age: 6415
push.services.mozilla.com/
34.208.31.97101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.208.31.97:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: TuQT5hyjkrY7djSg4KXzug==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 2WCZpuhbLcAo7wdkBwhhDELljTw=
botd.fpapi.io/api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20
3.228.168.1200 OK 325 B URL HTTP/2 botd.fpapi.io/api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20
IP 3.228.168.1:0
Hash 0bb646379710e7b50244f7dce1a231cd
663c1f4efffde9c431167e173abf694632660fad
5e478e567c7aaf941a7d9caee46a84b10b12f86f1f938b36aa2727c2caef874c
POST /api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20 HTTP/1.1
Host: botd.fpapi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://other.landerhd.com/
Content-Type: text/plain
Origin: http://other.landerhd.com
Content-Length: 20860
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 04 Nov 2022 22:52:04 GMT
content-type: application/octet-stream
content-length: 325
server: nginx
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Origin, Content-Length, Accept-Encoding, Authorization, Auth-Subscriptions, Botd-Password
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://other.landerhd.com
x-amzn-trace-id: Root=1-63659794-68498a855a45157c763c7339
X-Firefox-Spdy: h2
other.landerhd.com/landingpages/mcafee/favicon.ico
188.240.52.20200 OK 1.2 kB URL HTTP/2 other.landerhd.com/landingpages/mcafee/favicon.ico
IP 188.240.52.20:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash ff7441c3264d89023f376e5319dad793
1f0be835d947eb2de35d945ea5b9b92578a8cbd7
93130759a18703dcad5862bc2fd2973edf9ab7e48ba2c0b4cd4fcfaf832df223
GET /landingpages/mcafee/favicon.ico HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Fri, 04 Nov 2022 22:52:04 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Fri, 04 Nov 2022 14:33:51 GMT
etag: "636522cf-47e"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b0b8880417d19c1159f5a4cef3d0aa45
d3609cf6dee19df09ff41fcc5e3a9bc828dc26e2
f0b9186d45786a2aceb2577aabb0c9a0bb70da208c46d8c323a88ced9ca296b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 22:52:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 04 Nov 2022 22:41:09 GMT
expires: Sat, 05 Nov 2022 00:41:09 GMT
cache-control: public, max-age=7200
age: 655
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b0b8880417d19c1159f5a4cef3d0aa45
d3609cf6dee19df09ff41fcc5e3a9bc828dc26e2
f0b9186d45786a2aceb2577aabb0c9a0bb70da208c46d8c323a88ced9ca296b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 22:52:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1e621d5bb6fab8b48d9ada58825c783c
61bd0fbfb86d4381c273d2968af4d72c2d199458
b3f60319e256fc417a33cb7f88c0cb2a7997190e23c275cb6caefa600ad47c77
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5375
Cache-Control: max-age=99503
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 22:52:04 GMT
Etag: "63646444-1d7"
Expires: Sun, 06 Nov 2022 02:30:27 GMT
Last-Modified: Fri, 04 Nov 2022 01:00:52 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/j/collect?v=1&_v=j98&a=2080374909&t=pageview&_s=1&dl=http%3A%2F%2Fother.landerhd.com%2F923242532&ul=en-us&de=UTF-8&dt=Mcafee%20360%20Antivirus%20Protection!&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAEABAAAAACAAI~&jid=2114686455&gjid=1125654261&cid=748017586.1667602323&tid=UA-165133312-2&_gid=305286488.1667602323&_r=1>m=2wgb20TRL5HN2&z=671372497
142.250.74.174200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&a=2080374909&t=pageview&_s=1&dl=http%3A%2F%2Fother.landerhd.com%2F923242532&ul=en-us&de=UTF-8&dt=Mcafee%20360%20Antivirus%20Protection!&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAEABAAAAACAAI~&jid=2114686455&gjid=1125654261&cid=748017586.1667602323&tid=UA-165133312-2&_gid=305286488.1667602323&_r=1>m=2wgb20TRL5HN2&z=671372497
IP 142.250.74.174:0
File type ASCII text, with no line terminators
Hash cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
POST /j/collect?v=1&_v=j98&a=2080374909&t=pageview&_s=1&dl=http%3A%2F%2Fother.landerhd.com%2F923242532&ul=en-us&de=UTF-8&dt=Mcafee%20360%20Antivirus%20Protection!&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAEABAAAAACAAI~&jid=2114686455&gjid=1125654261&cid=748017586.1667602323&tid=UA-165133312-2&_gid=305286488.1667602323&_r=1>m=2wgb20TRL5HN2&z=671372497 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: http://other.landerhd.com
date: Fri, 04 Nov 2022 22:52:04 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 394 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash 5a8347555fe2cd6c4e6531e910487a5f
236ebd5758bbde436d8ac20171099421fe125d31
37443243f08caa51798db02b22c03d899223f8371c1adf47f9ca84377f32f218
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 04 Nov 2022 22:52:04 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-837930465%3A1667602324444852&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvafPDGFQopP_u96agxOcCNUSJyS5UhGwE7npYmLWcvAQ_HkCgisrhk6INiHhN-TCWMI31fnw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-k2OuWewTa3UKKJ2o8GCXag' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 394
server: GSE
set-cookie: __Host-GAPS=1:ZGdLu-p8kCUU6AprgzJJ5M0Y9hoUVQ:3yESqaiAjEWxPxSV;Path=/;Expires=Sun, 03-Nov-2024 22:52:04 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 396 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381)
Hash f1d9343e2aa92f94152865523330403e
a8573bde227fe2ae6a45e023365ef189946380c7
8629d68c29e37edb333ed9f6fe5a7fdd01f5ad28ad3e09b1daf03367e8701a96
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 04 Nov 2022 22:52:04 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1710633886%3A1667602324489184&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAucj-AgTT0LM71o5Mi1Jh8PuS0b3LyeGUAx-aqLw2JV161i_HqQyEwohXlZIhy1778BSD-ixw
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-JrwznwKaih1-H0dmKTBrjg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 396
server: GSE
set-cookie: __Host-GAPS=1:Ka7FAmTaQTYWW1WHSk3RPVDVEQUEzg:MTzYBmTp3E707Vws;Path=/;Expires=Sun, 03-Nov-2024 22:52:04 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.hotjar.com/c/hotjar-2841648.js?sv=6
143.204.55.98200 OK 2.7 kB URL HTTP/2 static.hotjar.com/c/hotjar-2841648.js?sv=6
IP 143.204.55.98:0
File type ASCII text, with very long lines (3790)
Hash a789dc661abe5e37dddc06f36597866d
9edf24dec11973d27b6851cc38a43889842164e7
bdab0224f04514ac78933ff996a4642cdad0613dad15c72e1b58dcee5a531864
GET /c/hotjar-2841648.js?sv=6 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
date: Fri, 04 Nov 2022 22:52:04 GMT
cache-control: max-age=60
etag: W/f6d5103b17684def5ad89b831afc8782
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: TphKdFcxrceSHj6WFjr9cxtkp7666ZhD8tUAB2pf_jKqLsziEvp1fQ==
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-837930465%3A1667602324444852&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvafPDGFQopP_u96agxOcCNUSJyS5UhGwE7npYmLWcvAQ_HkCgisrhk6INiHhN-TCWMI31fnw
216.58.207.237403 Forbidden 1.3 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-837930465%3A1667602324444852&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvafPDGFQopP_u96agxOcCNUSJyS5UhGwE7npYmLWcvAQ_HkCgisrhk6INiHhN-TCWMI31fnw
IP 216.58.207.237:0
Hash 81c398e9d6d2c2d2d69c9edcb328db9d
93058a405d4b800d4bb667d9257e787b3920e475
bbace37cc2097e78564c2d6f681ddb6a05e7161b1211da3be68f2d7bc49ece8c
GET /v3/signin/identifier?dsh=S-837930465%3A1667602324444852&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvafPDGFQopP_u96agxOcCNUSJyS5UhGwE7npYmLWcvAQ_HkCgisrhk6INiHhN-TCWMI31fnw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 04 Nov 2022 22:52:04 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-_lD6eZ6qVlKDiPMjLIKkEg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
cross-origin-opener-policy-report-only: same-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-165133312-2&cid=748017586.1667602323&jid=2114686455&gjid=1125654261&_gid=305286488.1667602323&_u=YEBAAEAAAAAAACAAI~&z=1132370516
64.233.165.154200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-165133312-2&cid=748017586.1667602323&jid=2114686455&gjid=1125654261&_gid=305286488.1667602323&_u=YEBAAEAAAAAAACAAI~&z=1132370516
IP 64.233.165.154:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-165133312-2&cid=748017586.1667602323&jid=2114686455&gjid=1125654261&_gid=305286488.1667602323&_u=YEBAAEAAAAAAACAAI~&z=1132370516 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://other.landerhd.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 04 Nov 2022 22:52:04 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-1710633886%3A1667602324489184&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAucj-AgTT0LM71o5Mi1Jh8PuS0b3LyeGUAx-aqLw2JV161i_HqQyEwohXlZIhy1778BSD-ixw
216.58.207.237403 Forbidden 1.3 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-1710633886%3A1667602324489184&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAucj-AgTT0LM71o5Mi1Jh8PuS0b3LyeGUAx-aqLw2JV161i_HqQyEwohXlZIhy1778BSD-ixw
IP 216.58.207.237:0
Hash d5f515e9be2198c2edfd389109b85e5a
10f92aef7a59965205cc91e4b30101e10b1543f7
8febfe6c70e0678779b0ce75414293f87c0865ef84636db34778731f80c07326
GET /v3/signin/identifier?dsh=S-1710633886%3A1667602324489184&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAucj-AgTT0LM71o5Mi1Jh8PuS0b3LyeGUAx-aqLw2JV161i_HqQyEwohXlZIhy1778BSD-ixw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 04 Nov 2022 22:52:04 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-CVK0Y6ho654LeXO7C4dmgQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1e621d5bb6fab8b48d9ada58825c783c
61bd0fbfb86d4381c273d2968af4d72c2d199458
b3f60319e256fc417a33cb7f88c0cb2a7997190e23c275cb6caefa600ad47c77
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5375
Cache-Control: max-age=99503
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 22:52:04 GMT
Etag: "63646444-1d7"
Expires: Sun, 06 Nov 2022 02:30:27 GMT
Last-Modified: Fri, 04 Nov 2022 01:00:52 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8ee5640e4bbe5e2c0dd4aa0698a3ce62
a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef
938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7258
Expires: Sat, 05 Nov 2022 00:53:02 GMT
Date: Fri, 04 Nov 2022 22:52:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8ee5640e4bbe5e2c0dd4aa0698a3ce62
a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef
938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7258
Expires: Sat, 05 Nov 2022 00:53:02 GMT
Date: Fri, 04 Nov 2022 22:52:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8ee5640e4bbe5e2c0dd4aa0698a3ce62
a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef
938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7258
Expires: Sat, 05 Nov 2022 00:53:02 GMT
Date: Fri, 04 Nov 2022 22:52:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8ee5640e4bbe5e2c0dd4aa0698a3ce62
a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef
938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7258
Expires: Sat, 05 Nov 2022 00:53:02 GMT
Date: Fri, 04 Nov 2022 22:52:04 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F026ddf6a-a4ad-4c8d-9da5-41a184265e24.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F026ddf6a-a4ad-4c8d-9da5-41a184265e24.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8fd1a79378f8a426e682c599e64e9bdf
d223df60a7340cf3745e981f19c1d3fd9c75d44a
14e3192a87f45d7ed4f809c528e1631bba69e69fc541637574ae3c3f70540408
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F026ddf6a-a4ad-4c8d-9da5-41a184265e24.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4749
x-amzn-requestid: d6545893-af81-4e76-bd31-cd80a0658a28
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: asg4QH3HoAMFX7w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635b4834-015a8ad175cc388576dcddc5;Sampled=0
x-amzn-remapped-date: Fri, 28 Oct 2022 03:10:44 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p3tf0WwkKam_wcY3Ik0IJxu_b11GqHoTWyQ4kxl0mtejIfJD14ji0Q==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 21:49:43 GMT
age: 3741
etag: "d223df60a7340cf3745e981f19c1d3fd9c75d44a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb94b0737-3952-4bbe-b940-e1f79fb95cbe.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb94b0737-3952-4bbe-b940-e1f79fb95cbe.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash eaf06d0fb99703abfd57b962eb21ce96
ce73b0ad22139bec863ed990e3d3af4bdc3df288
a226250245611193be882c92f2d9920cb6ceeb12823b48c0b9c8fa2aba1c8c0d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb94b0737-3952-4bbe-b940-e1f79fb95cbe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6909
x-amzn-requestid: 7c500c29-f514-491c-b2fe-a732a546925f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: awWpEEYHoAMFWdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635cd16d-6d9c4c5c41f4fcd16cabda59;Sampled=0
x-amzn-remapped-date: Sat, 29 Oct 2022 07:08:29 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: wf0k3Di2KCCXHIo68FTdztfEbq_A8t7xCE608dP64CVIdFxSEHTijw==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 22:20:50 GMT
age: 1874
etag: "ce73b0ad22139bec863ed990e3d3af4bdc3df288"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3494b1e3-ddc8-454c-8b43-e70e2d8f07b8.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3494b1e3-ddc8-454c-8b43-e70e2d8f07b8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2ae2b8d827fb2c8bef64febcd36f1645
f7705fcd2d91ce90c58e79324cce1e3abba6c1c8
2dc55e97ef3a85fccb104b80161a8bac16b12d37527c336563677432584c7ad5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3494b1e3-ddc8-454c-8b43-e70e2d8f07b8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11421
x-amzn-requestid: 80f2a46c-6682-4160-b896-eeaa366dbab7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aUsKNF4SoAMFn5g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6351c0a7-5a5517d005ec7a7d1507b58e;Sampled=0
x-amzn-remapped-date: Thu, 20 Oct 2022 21:41:59 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: gdqoswTMqjrfyzzY-103agxLH8ak-rFsCId29eoLOF6WHgFmd04K7g==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 08:24:41 GMT
age: 52043
etag: "f7705fcd2d91ce90c58e79324cce1e3abba6c1c8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F621f6bc7-a17b-4b8f-95ef-65d27abd5513.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F621f6bc7-a17b-4b8f-95ef-65d27abd5513.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1fc9b492d6cc0a516998cec9fa5dc2a0
1082e5e96362a4960929c59ff1d4d995cb28f40d
3dc82302d8615c615526cc9a828844d291d775d05ff7174f8d6b82b7172b2908
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F621f6bc7-a17b-4b8f-95ef-65d27abd5513.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9006
x-amzn-requestid: 1a0ea36b-a610-485c-be62-b6950288afbc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bGIVGGG7oAMFXJw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63658753-2fc408853092bf61646b7584;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 21:42:43 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: xdg0glkctHhh3-kmb8HhwEnYjcxchpOLF4DrDIkICI7fSiHpIRPKIw==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 22:20:07 GMT
age: 1917
etag: "1082e5e96362a4960929c59ff1d4d995cb28f40d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52bfe915-baee-403a-9240-12d17207ec94.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52bfe915-baee-403a-9240-12d17207ec94.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d12961439cd33c86c7b8041ed9d42321
ddb7b18fae0082ce22d8ffa537c7367e1da404a5
d2cc0f7735f04a07c681eb2eae7c52e9f4c75b6d475b3ad4de587899089850a7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52bfe915-baee-403a-9240-12d17207ec94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4662
x-amzn-requestid: 32199e11-d856-4403-ad55-65076eac83ff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: amd5UFJQIAMFf-A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6358dd08-1761126e37ed504e46896b4d;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 07:08:56 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Nu2uC3we8aHv4ERvh7QcmiErm4Ax-NNmdWFovpdU9Or9DguzrIcn5g==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 22:00:38 GMT
age: 3086
etag: "ddb7b18fae0082ce22d8ffa537c7367e1da404a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3819323-4f77-4bb2-bbbb-6926d5bc62aa.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3819323-4f77-4bb2-bbbb-6926d5bc62aa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6ee20d59c5ac266f8eb9c47057271a10
61dc4e78907f114519ff3fdd3c806b36557ab744
2cba117cfe96fa5e1b53981f98d42eb3e5f956083c3435a1d44d1d40784614bf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3819323-4f77-4bb2-bbbb-6926d5bc62aa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11427
x-amzn-requestid: 0dcc7ef4-d7fa-492e-8ddf-4342b4bc44e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bGHxJGJZoAMFWlw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6365866d-7c3de2ed509a640f37c52843;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 21:38:53 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: gAHLlJ0JzB6TfEUNw_sCNmrjMK-EX1hZbCY34i99xQok7R-wvcpqug==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 21:59:04 GMT
age: 3180
etag: "61dc4e78907f114519ff3fdd3c806b36557ab744"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
novidash.com/smartlink-css/636597668d10047f751147cf?sop=5&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 5.6 kB URL HTTP/2 novidash.com/smartlink-css/636597668d10047f751147cf?sop=5&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a5b4e91e11387354ae4208f1cc27e4dd
c904608373d3e938b09a5ed82a51c2e43f13452d
2b967cacc0433762c074cfa0e032c2694171d221c004ac9465027a8667f9207f
GET /smartlink-css/636597668d10047f751147cf?sop=5&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Fri, 04 Nov 2022 22:52:08 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IkpKc00vTWtOSnJYWXJZVk9tSnpkTEE9PSIsInZhbHVlIjoibjVBS2VMRlVBNlpuTzJUMDBra2lLUGRzSENvRXZwNjhCVXpsU2F1UUhjTCtKQThmcnVlajc3WHZNdzdzNXpMTzdnM3lHZitPeEdXZituUXcrUVhLM0VsUFNmMXRtVkZnNko3U3lMVkFQSWprV1FYOUZxOElIWUlJY0hISDVJc2ciLCJtYWMiOiI2ZjdiNDRhMzNkYTY0Y2JhMDk0ZjlmYTRlZTc1MmU4MDY0MDY0ZGYzMzUyYzYwZGY4NTdhN2I3MWRmNWRjMDI3IiwidGFnIjoiIn0%3D; expires=Sat, 05-Nov-2022 00:52:08 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IkgwTGhvL2dZVVZtZklrUXRlVFZrR0E9PSIsInZhbHVlIjoiNjlZYkdiZnVKeUhKM0puQms5eHdsbWswNnFiK1RhWkFhcHRpWnZLcmlEcVN1Z2tFVUpkYXNkK1NBa0hkdzJYbWNMbnAyVy9OUE5mWFVrdUY5aVNPMllXKzNaMmZvbS91ZEdRbUtzdVdOWFJNekszRkJyU0tQWXFPa3d6WEhiQ2QiLCJtYWMiOiI3MGRiMjlkYTg3MmRiZDUzNTZlZTg2ZGRjZGQ2NjllMDM5YWM5YWQ2OGUwNzQ0Mjc0MWE0ZTQ5MDY2OTY3YzY2IiwidGFnIjoiIn0%3D; expires=Sat, 05-Nov-2022 00:52:08 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
www.spotify.com/de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico
35.186.224.25302 Found 0 B URL HTTP/2 www.spotify.com/de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico
IP 35.186.224.25:0
GET /de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico HTTP/1.1
Host: www.spotify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 04 Nov 2022 22:52:03 GMT
x-powered-by: Express
set-cookie: sp_usid=82a22ec0-dc7c-4931-add1-6786469a5ac1; Max-Age=1800; Domain=spotify.com; Path=/; Secure
sp_m=de; Path=/; Domain=.spotify.com; Max-Age=115516800; Expires=Fri, 03 Jul 2026 22:52:03 GMT; Secure; HttpOnly; SameSite=Lax
sp_t=f1ea6905-6d65-4b72-b52a-652df3ae51a6; Path=/; Domain=.spotify.com; Max-Age=31536000; Expires=Sat, 04 Nov 2023 22:52:03 GMT; Secure
sp_new=1; Path=/; Domain=.spotify.com; Max-Age=86400; Expires=Sat, 05 Nov 2022 22:52:03 GMT; Secure
sp_landing=https%3A%2F%2Fwww.spotify.com%2Fde%2Flogin%2F; Path=/; Domain=.spotify.com; Max-Age=86400; Expires=Sat, 05 Nov 2022 22:52:03 GMT; Secure; HttpOnly
location: https://accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE
x-join-the-band: https://www.spotify.com/jobs/
content-security-policy: base-uri 'none'; connect-src https: wss:; form-action https:; frame-ancestors 'self' https://*.spotify.com https://*.spotify.net; object-src 'none'
sp-trace-id: 63e52d454b05bd56
x-envoy-upstream-service-time: 15
server: envoy
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
vary: Accept-Encoding
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE
35.186.224.25200 OK 0 B URL HTTP/2 accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE
IP 35.186.224.25:0
GET /login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE HTTP/1.1
Host: accounts.spotify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 04 Nov 2022 22:52:03 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding
set-cookie: __Host-device_id=AQC0XXw-gT2x2gnEoxY5Yrk7qwwo9xdTmfACemK-NulzzjVhdFIrnIdW_X27YI5q7B46t5TgwclMseV6gl9F6WJhf-vmAbfPSqc;Version=1;Path=/;Max-Age=2147483647;Secure;HttpOnly;SameSite=Lax
__Secure-TPASESSION=AQCrvkMtVjhj8+3gubA+fdVgMDmPH0c1mO++JXh2Y7/EhItNrL4TB0Ji4CASlUJNgmNN3kGVM0BrHCSGr7PbsqUpFOIz0eo6ous=;Version=1;Domain=accounts.spotify.com;Path=/;Secure;HttpOnly;SameSite=None
sp_sso_csrf_token=013acda7191c9a44b646dbd971c90ae108d0cf5e9631363637363032333233393834;Version=1;Domain=accounts.spotify.com;Path=/;Secure;SameSite=Lax
sp_tr=false;Version=1;Domain=accounts.spotify.com;Path=/;Secure;SameSite=Lax
__Host-sp_csrf_sid=30f455e3f5f2b0769cd04c27f6984bd5f331ea2e78427ca7d634f9ddebca49c7; Path=/; HttpOnly; Secure; Expires=2022-11-4 23:52:03.984; Max-Age=3600; SameSite=Lax
x-frame-options: deny
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-security-policy: default-src 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.cookielaw.org/scripttemplates/ https://*.onetrust.com https://accounts.scdn.co; img-src 'self' https://i.imgur.com https://d2mv8tnci56s9d.cloudfront.net https://profile-images.scdn.co https://*.scdn.co https://graph.facebook.com https://fbcdn-profile-a.akamaihd.net https://*.fbcdn.net https://platform-lookaside.fbsbx.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net data: https://accounts.scdn.co; font-src 'self' data: https://sp-bootstrap.global.ssl.fastly.net https://fonts.gstatic.com https://*.scdn.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css2; frame-src 'self' https://www.spotify.com https://www.google.com https://app.adjust.com https://itunes.apple.com itms-apps: https://www.google.com/recaptcha/; connect-src 'self' https://*.spotify.com https://www.google-analytics.com https://*.ingest.sentry.io/;
x-content-security-policy: default-src 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.cookielaw.org/scripttemplates/ https://*.onetrust.com https://accounts.scdn.co; img-src 'self' https://i.imgur.com https://d2mv8tnci56s9d.cloudfront.net https://profile-images.scdn.co https://*.scdn.co https://graph.facebook.com https://fbcdn-profile-a.akamaihd.net https://*.fbcdn.net https://platform-lookaside.fbsbx.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net data: https://accounts.scdn.co; font-src 'self' data: https://sp-bootstrap.global.ssl.fastly.net https://fonts.gstatic.com https://*.scdn.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css2; frame-src 'self' https://www.spotify.com https://www.google.com https://app.adjust.com https://itunes.apple.com itms-apps: https://www.google.com/recaptcha/; connect-src 'self' https://*.spotify.com https://www.google-analytics.com https://*.ingest.sentry.io/;
sp-trace-id: 1833ad07b5a9911b
content-encoding: gzip
x-envoy-upstream-service-time: 13
server: envoy
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.dropbox.com/login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif
162.125.71.18200 OK 0 B URL HTTP/2 www.dropbox.com/login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif
IP 162.125.71.18:0
GET /login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif HTTP/1.1
Host: www.dropbox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache,no-cache, no-store
content-security-policy: base-uri 'self' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; connect-src https://* ws://127.0.0.1:*/ws ; default-src 'none' ; font-src https://* data: ; form-action 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; img-src https://* data: blob: ; media-src https://* blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' https://www.dropbox.com/static/api/ https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client 'nonce-Yc/yNOutsGD4yPHBYJLB' ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; worker-src https://www.dropbox.com/static/serviceworker/ blob:, report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-Yc/yNOutsGD4yPHBYJLB' 'nonce-4iA3A9az0nvc1m+3WCCn'
referrer-policy: strict-origin-when-cross-origin
set-cookie: gvc=MTk4MzQzOTQ5MzE1MzA1NzM0NzYyMjM4NTU5OTM2NTk0MzAyNTky; expires=Wed, 03 Nov 2027 22:52:04 GMT; HttpOnly; Path=/; SameSite=None; Secure
t=3sMebsyx0hls9FkV3EEf8IN0; Domain=dropbox.com; expires=Mon, 03 Nov 2025 22:52:04 GMT; HttpOnly; Path=/; SameSite=None; Secure
__Host-js_csrf=3sMebsyx0hls9FkV3EEf8IN0; expires=Mon, 03 Nov 2025 22:52:04 GMT; Path=/; SameSite=None; Secure
__Host-ss=5Onbl6yrb8; expires=Mon, 03 Nov 2025 22:52:04 GMT; HttpOnly; Path=/; SameSite=Strict; Secure
locale=en; Domain=dropbox.com; expires=Wed, 03 Nov 2027 22:52:04 GMT; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-server-response-time: 229
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8
date: Fri, 04 Nov 2022 22:52:03 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: e9b026fd981a479896b9c7d464ce4e27
X-Firefox-Spdy: h2
novidash.com/smartlink-css/636597668d10047f751147cf?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/636597668d10047f751147cf?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
GET /smartlink-css/636597668d10047f751147cf?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Fri, 04 Nov 2022 22:52:04 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IkJ0RXc1Z1dMUmwrSDhIOGpCcThtZ3c9PSIsInZhbHVlIjoiTERTUTdvZll6emV0MCtNR0YxQk9hQVNGMysvMSs3UlRpdFRpTWhDUWZEbnZmRDdGN29QMkVtd201L0JLWDdXL0pHcldEaFVqamJZSmU1a3dBNUJPemd1MzVyV1Z4T3ZzOHpaaFVNcjIxdjdSSlpNSEVIQ2QyaWMyQmx1dzFrM0QiLCJtYWMiOiJlMDFhOTJmMDYwMzNjMmI4MThiOTU2NGM4MWMwZjczNGQ2MjA4MTE1MGQ0MzcwNzU1YzIxNTcyYmUyZTU1Zjg1IiwidGFnIjoiIn0%3D; expires=Sat, 05-Nov-2022 00:52:04 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6ImlhQmJBWDdaU0psOUk5bjIyQWVjMFE9PSIsInZhbHVlIjoiZGJLM2lZUU9SOFQzWmNrM0FjTE1pbFJRUnVFMFpYL0w5OGgrNWFvWUhmWFBpM1JxN2Q1M2ZCSFltVUdsQUlXdXNGYk1iTXRnamtLWHhGVlhXb0pTc3RIWmNSVitVTytuSzVXbkM4aEFEVjltdUpSUjJGaVNTZEhGeDNRazlDazciLCJtYWMiOiI3ODQzMjIxMjVhOGUzNjk1OTRiOWU0ODI1ZTAyYWIxM2VlNTQ4NDQ0OWY5MWVlMTQ2NTg3MThmMGRmMjEyMGU3IiwidGFnIjoiIn0%3D; expires=Sat, 05-Nov-2022 00:52:04 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
novidash.com/smartlink-css/636597668d10047f751147cf?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/636597668d10047f751147cf?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
GET /smartlink-css/636597668d10047f751147cf?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Fri, 04 Nov 2022 22:52:05 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6ImRZY0dpV3c3bEhTOVEyaGgvWE9sTFE9PSIsInZhbHVlIjoiaVVFV2JuTnM5NFdYNjhRTStTQWtRMFhValBuM0dnNmJKTVEvMHZ1dU03ZnN1Z2VRQXdISFlGSHY0WFlOeWN0OHJTaGY5VytBdEdDNXMrWC96aGNDZHAvM3hVN0Q1NnBnQmw1M2lMeGdCdklvd3JGa2ZVdHJ0TEFScWFRWUF0K2YiLCJtYWMiOiIwNTg0OTU1OGZlMWZkOTVjY2RkNzA3YjgwNGIzMDFjNjg1NjVjMzE5MTJlN2JiOWVlMGM1NWQ5Y2YwZTg3NWZmIiwidGFnIjoiIn0%3D; expires=Sat, 05-Nov-2022 00:52:05 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6InZqRHNmWWxSQ3IwUEh4U3ByRzM0amc9PSIsInZhbHVlIjoiUlh1cHNVZG1RVDU3dEpKOFFWeG54ZWdKYUQwZ2Z4V3M4WEVCT0dFRFlabFhCS3p0YXI4a1BJRjVFcC9GajR6SzZFVGtJWnBIMlh5STJiTDVQOWJDRG8vMjZuNmVLNlNWdHRaYXhjQ1g1QVFmeTlaMlFKSjdvL0l2ZzkrVFcrM2EiLCJtYWMiOiJhZjJmNTQ3MGFhMjk1OGJiZWRkODZiMTYwYzVhMzE2NDdlMjllMmZlNmQ1NTkxMTkxYTc4YmNmOTZhMmJjM2JmIiwidGFnIjoiIn0%3D; expires=Sat, 05-Nov-2022 00:52:05 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
novidash.com/smartlink-css/636597668d10047f751147cf?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/636597668d10047f751147cf?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
GET /smartlink-css/636597668d10047f751147cf?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Fri, 04 Nov 2022 22:52:06 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6Imw5R0VtYXczWFdJbUNmTlJDVVJ4YXc9PSIsInZhbHVlIjoiWUw5SERiT3E3N0xLNllMRFRvNnQ0dmFwcWdaQk5QRlpHMWJWVVJkUU1IL1pKcWNvaTRFMUVha2hlSUxMQjY2S2hLYzBEVGZ5VmR6bjc4NitsVUdEOGtiL3hTd3NFUk1Hc2F3TW9JcTRXcGhaTUNFOTg1cFA0U0VCTXRMWi9YdDUiLCJtYWMiOiJkMjE4MjA1N2ZhMGJjZGQ2MDgzYzMzMjlhMjY5MTRiYmU0M2NjNjZlOTYxZmNlMGRlNTMyOWQ3MDAxZjQ5Yjg4IiwidGFnIjoiIn0%3D; expires=Sat, 05-Nov-2022 00:52:06 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IkhzM0xhZHZmTWxTaCsxYldyM25WdEE9PSIsInZhbHVlIjoiWXJHOFlqZVl5MlFxTlZCb1ptWTNwcmg5LzNZLzRuZ24ya1JPTGpxdW8yT2VueGVmbEtyMnEzaHJCOS9HcVZLZE5jaE1GVURNdW1yaEtlOWJhdkZ4N21nNktjRGNwSGN4NjVIUitoTG1rK0czTEM0a29EZkIxVGZkb2ZraTV0RGwiLCJtYWMiOiI5ODk0ZDAxYmY5MDAwMmJlYjM0MDdiOWQzMGY1NGFmOTJhYjI5MmRhZjMzM2I2ZmI4YTE5NGJiNDNkOWI4OTFmIiwidGFnIjoiIn0%3D; expires=Sat, 05-Nov-2022 00:52:06 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
novidash.com/landing-interaction/923242532
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/landing-interaction/923242532
IP 188.240.52.20:0
Analyzer Verdict Alert fortinet Phishing
GET /landing-interaction/923242532 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Fri, 04 Nov 2022 22:52:12 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6ImJlUUpUS21Lbloya205UFpJdFFCc2c9PSIsInZhbHVlIjoiUm1BY1gwMFJTdFc0WGJaVy9BZG5qY09uWEZQdUI4eUlldDF2L0VTNlVMc1cxUFZreXkyOGJTTGYzNGhwRzh0Qy8xR2s4aSttQ0JERHpXM01pOUQ1UTJUNE56WUVPQjdWVldTZG9IbS9xa3I2Mjlrd3NTQ29jcms5Ym5xVm40MUoiLCJtYWMiOiI0Njc4MTU0MDI3ZTM1NjBhNGFiMzIyOGY0Mzc4M2U3NTFhMmI5MDJiYzZlMjI5ZDhhYTljZTQ3YTE5MmQ3NmVlIiwidGFnIjoiIn0%3D; expires=Sat, 05-Nov-2022 00:52:12 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IkwyZDRCTUZQOUtFZWQ0VzNVbGQzY0E9PSIsInZhbHVlIjoidHFnV0FpQmN1cmJ1dmFRaXNyOW1CalJGazhaaTZlMzdjaFNBNkZRcGF5bnV2RktrMUtHc0hyMnE1UDVZS1dSbVhYNEVpdklvWW5zQ3VLdTNLYVF1UnUyVUR0OE5pcTBHRHAydkhXZzgwSVJWYTJuZ2VqK1Q0ZWtXL0JlRFNlYTUiLCJtYWMiOiI5M2M2OTMwODg0NDYzZTBhY2FmMGY4M2MyNWVlOGIzYmJhZGQzMTA5NDQxNTE0YmM2Yjg4NTNkYTU5YzU2NzE5IiwidGFnIjoiIn0%3D; expires=Sat, 05-Nov-2022 00:52:12 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
novidash.com/smartlink-css/636597668d10047f751147cf?sop=8&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/636597668d10047f751147cf?sop=8&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
GET /smartlink-css/636597668d10047f751147cf?sop=8&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Fri, 04 Nov 2022 22:52:11 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IncyUjlldHJUVXcxVXJtWWo5YWw4UGc9PSIsInZhbHVlIjoiZlo2RGllRU5XNTFGeVUwbWFxV2V0RGFHeFR1U0xzeVMvcVhyMU1CaHRWcjhMWTE0QUl5bUp4dkRYL3BRL3ZBVlZYcGE3dlJPR3hSQ2tzYXJ3dC9CT1VKZnE1TmRTZ0ZtalUySnY1QzArcGpxVUtCWURaQkQvMHY3dTlEMVNQaGQiLCJtYWMiOiIwMjI0MzVkYjlhOGQ0MjdlYjcxOTQwODEwZTM2YzhmMjU3N2Q5MjU1MDViMmYzYWZmMjI1MTRiY2JjYWQ0NzJlIiwidGFnIjoiIn0%3D; expires=Sat, 05-Nov-2022 00:52:11 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6ImxReW50TXUwSXZVS1MwSjJSTWlBZ0E9PSIsInZhbHVlIjoicURhR1pyMGVNUm0xOVBvcE4rQXlvY1k3b2Z4OS9HSnVzbGl1U2VFWWFWaEJKRzlSbDBPNmIra2c3Y0F1SC91b3N3aWpFVHVSZjIxZTMxOTZCaGJ5OXNIVUU5dXNmeWlPVUl2bWlYN1hKb2tRYWNaQUtnTWY1djBFWW5KNGJUZ2QiLCJtYWMiOiIyYWI1MDE5YWQxMTQzMTFjZmFkYmNlNzFjMTk1NjM2MTFhMjdjOWVkMTA1MWU3Y2NkYThmZmYzYTMxMGZiNzdjIiwidGFnIjoiIn0%3D; expires=Sat, 05-Nov-2022 00:52:11 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.2/css/all.css
172.64.132.15200 OK 0 B URL HTTP/2 use.fontawesome.com/releases/v5.7.2/css/all.css
IP 172.64.132.15:0
GET /releases/v5.7.2/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 04 Nov 2022 22:52:03 GMT
content-type: text/css
x-amz-id-2: dDirhc97XgNSBbFq00Iawfmkhw35WPrslMtwqykXqt/nHPNq9DbsJWr5aktrcQNlMxlR2MhOJRI=
x-amz-request-id: 1XKZ4DYJ7GGPED7Z
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:57 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y%2BxIre6zt352bB9AHtjcAR8XdUsr%2BtNkTuglFmDNMo4kPga%2Bzr3FiBj0Se1JMKqaJqyIpiPKlumn9RFEVZjejwXfZj0eQcDTVRrjA%2BnXMR0Gk0FbZzQ3HDZWUIkig8B0f%2BPKCite"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7650eaf88e95754d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
novidash.com/smartlink-css/636597668d10047f751147cf?fingerprintid=9e4947f35751465411fd1a4f5c358c78
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/636597668d10047f751147cf?fingerprintid=9e4947f35751465411fd1a4f5c358c78
IP 188.240.52.20:0
Analyzer Verdict Alert fortinet Phishing
POST /smartlink-css/636597668d10047f751147cf?fingerprintid=9e4947f35751465411fd1a4f5c358c78 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 22285
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.19.10
date: Fri, 04 Nov 2022 22:52:04 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IjQ5cUV6aEVzM1NyOUJBRU9QVlNMV2c9PSIsInZhbHVlIjoiNDV0eWh3WFFLK09hTHhxaTVzSWttcXFtV0FUTkxGdjRpb2N2U3crQ1VrelhlTzBrSmJpOVRzYTNxYnM5MC9pZDVwOHNPOGNpSFBsdko3bVlRb2tzTHdISzlsZzd6VVd6Q0hHUDNnSyt1eFpwa005RzN3RGZUblI4WXF0OXpwS1UiLCJtYWMiOiIxMTg4ZmM4MDZjZmNiOWI0Yjg1NzEzZjE3NWQ5ODNlOWQ3Njg4MGM2N2ZmMjA0N2Y4ZWM3NWRlM2VkMWNjMjQ1IiwidGFnIjoiIn0%3D; expires=Sat, 05-Nov-2022 00:52:04 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IjFlRi9palZaYXRIR29XTEowdUhQWnc9PSIsInZhbHVlIjoiTE9aWTBTVG9lMDRuODJXVVg0bW5Bckw1dVlzVVJtdTZFSVFqN2pEc2wwQ21GRWVFczR6MGVUV0QweFlnaWJTOGNiTURrS3hRVm9pZlZMcUp3L0tGclRoVEY1bjc4OUFQcUc2SkJDbytWSDY3Mm9LWTUrT3pDajNrQkpZUzVMVisiLCJtYWMiOiJmOTEwZWM5M2M4OTE5NTJmNTkyZGE1YzlmYmQ3ODRkMWY1ODRiY2MwNjRjYmUxZTk1NjY4MDBmOGY4MDI3ZTFmIiwidGFnIjoiIn0%3D; expires=Sat, 05-Nov-2022 00:52:04 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
novidash.com/smartlink-css/636597668d10047f751147cf?sop=6&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/636597668d10047f751147cf?sop=6&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
GET /smartlink-css/636597668d10047f751147cf?sop=6&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Fri, 04 Nov 2022 22:52:09 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6Ik5OKzBXeXlMaDR1SGJtWXVDTWJ3bUE9PSIsInZhbHVlIjoicThxenJjY0pIK3BDUVhad0F2TnduYjNhNWNyVnJ2WlVFSVdNRC9nYkdNUlQ4c1hLd3MrR1IvSk1NQnlLRUdodXhNeGFVSmIrUllZUEtHdDJUQ3ppZXJreEFsck5CNWR2dTl6QjVKUFVtRlBkaXFVK0ppVncwZUxjK0d4SGNvbnMiLCJtYWMiOiJmZTFjNWZiODYxOTlkMjJkNDE5ZjQ1YjJiMzBmODBhNGFkZjgzNTg4Yjc0ODM1NTYzYmZkYTExYmJjMjdiNzEzIiwidGFnIjoiIn0%3D; expires=Sat, 05-Nov-2022 00:52:09 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IjlhK2xBQ0hpVDlDRWYxckt3ZEU4cWc9PSIsInZhbHVlIjoiKzB6U3ZycjlRZlhXRUZDUE1OcEFESDR2M0w0aUw0NHhZNkdXRzBKMklkN0RWMVFhZTlXd2hkNWVOWmxOMVFMdFNVbURNT3ArbER5bHdTakE2VjBwZjU4OGp4MkFMM2U5dU9sYXBCMjZvZzJlSHRyV00zL0llNFBMdWk4VXlkU2kiLCJtYWMiOiI4ZmE2ZDMwNzRiN2ExYzNlNmYxNjJkOWIwYjMzYTM4NmUwNjJmNGI5MmVlMTNhNzMzNGU3NTZkMGY0ZDY5OTdhIiwidGFnIjoiIn0%3D; expires=Sat, 05-Nov-2022 00:52:09 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
novidash.com/smartlink-css/636597668d10047f751147cf
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/636597668d10047f751147cf
IP 188.240.52.20:0
Analyzer Verdict Alert fortinet Phishing
POST /smartlink-css/636597668d10047f751147cf HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 364
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Fri, 04 Nov 2022 22:52:04 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IitydmgvSnl2RE80ck1HbG9nUDhBQXc9PSIsInZhbHVlIjoiclBXNGxvbXBOQTdlQnNrRjhFL1M0b2FJUFJwRVRpZzZxN1kxdTJRY1I1d0hpVC85cE1Yc2hLT05wYnhXbmh1NWl0d1lBMmxTMHlkM3RGSlJXc2laNWpUNTNEYjVCSGRLbldFdEUxU1lDMWJOVjliUTJZVXVoRjZsMCtxUWx5WkgiLCJtYWMiOiI3MTVjNjQzOTVhY2Q2N2NlNzBlMGE2MjM0YmUzMDYyNTVlZWQ5N2M3MDBhZWM4OGQ3NDRmMWU1MDAwZmU3YmExIiwidGFnIjoiIn0%3D; expires=Sat, 05-Nov-2022 00:52:04 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IlE3K1phdnBaT1JrdERqRUUycW5IU1E9PSIsInZhbHVlIjoiU3VWL05hRE1VUVVta0JGbmdHaUpGZGNsSjRYdFdSU1Z5NVRxeTF5cWVlMlJiV0szSUNtbncyT0RYcUJYcUVUTW9wRGc0aTFudGFFV0N3TU1OYSthakVEQk5kNlE4c3daTjljMStjdzlLWEV3ZnI4VVhPcWpMT2JQSW5rUlBmWm0iLCJtYWMiOiI5YjVkYjNkOGI1ZGQ0M2JmZWZkNDczMjQ5N2NiNWUyMTYxZjUyZmRiM2NlYmEzYTY1MTE3ZjNmOTJmOGEyZGYyIiwidGFnIjoiIn0%3D; expires=Sat, 05-Nov-2022 00:52:04 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2