dratingmaject.com/5813f290-4ed5-48bb-8ab4-8ee29d4c2471/2
18.195.149.11302 0 B URL HTTP/1.1 dratingmaject.com/5813f290-4ed5-48bb-8ab4-8ee29d4c2471/2
IP 18.195.149.11:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /5813f290-4ed5-48bb-8ab4-8ee29d4c2471/2 HTTP/1.1
Host: dratingmaject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Server: nginx
Date: Sun, 27 Nov 2022 13:32:16 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=w7libv938hmu15pkim4ghfeo&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61
Pragma: no-cache
Set-Cookie: 5813f290-4ed5-48bb-8ab4-8ee29d4c2471-v4=PTlSzLGr7-TZKyC7n0f-_BjCE-KY37bFH-Gg4Nz1-0Y; Max-Age=86400; Expires=Mon, 28-Nov-2022 13:32:16 GMT; Domain=dratingmaject.com; Path=/; HttpOnly
cc-v4=IbJtVe6rOfdvLp%2BJuahAZ14NCXSiRoVEdpHvabUie8Jb55%2Bmh0rS8dXUb2SJzAUVFgD2zFGR2v34nJ7v2sdR1vnLVp%2FXjIczLg6KmfMGBjVEk%2FymPPgnqtxSbQrKM%2FvUe4itVWHal4EG2IpO8HMUsg%3D%3D; Max-Age=31536000; Expires=Mon, 27-Nov-2023 13:32:16 GMT; Domain=dratingmaject.com; Path=/; HttpOnly
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cdbad2434b7d127a4fc769807a9dc3e7
fa98cd9fc2309ab4423f33f683d17bdb17d76713
560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3340
Expires: Sun, 27 Nov 2022 14:27:56 GMT
Date: Sun, 27 Nov 2022 13:32:16 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 64b2a23eab6e5ae8c010ec7242be930c
0673e4385ba01a5a245711bab96cafc34f765793
64751d193f7af72431e9689581faffcae1a30ff50ea425697b2b80ff61c87909
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5830
Cache-Control: max-age=167767
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:32:16 GMT
Etag: "63833c71-1d7"
Expires: Tue, 29 Nov 2022 12:08:23 GMT
Last-Modified: Sun, 27 Nov 2022 10:31:13 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 27 Nov 2022 13:17:40 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 876
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3167
Expires: Sun, 27 Nov 2022 14:25:03 GMT
Date: Sun, 27 Nov 2022 13:32:16 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ePqpk0OHzv8+b+H2Bjfl/9fQWCwzXm7TIIahlDKpfC/E9YEepPXLCUMfQ9xUETjfelZ+DhE8bQU=
x-amz-request-id: 9H0E68YQH0SQ99RC
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 27 Nov 2022 12:41:38 GMT
age: 3038
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 13:32:16 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 27 Nov 2022 13:11:12 GMT
cache-control: public,max-age=3600
age: 1265
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a6fee11dfe1b88cd768a0ca3e2bd0c89
59cec9a44a4a92467678afe65f347f68641a2174
50870c499aae4d5dfd6df25a36cd04b6d185b66ef0590e46933984bf52e2483f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3607
Cache-Control: max-age=160482
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:32:17 GMT
Etag: "638328ac-1d7"
Expires: Tue, 29 Nov 2022 10:06:59 GMT
Last-Modified: Sun, 27 Nov 2022 09:06:52 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
other.landerhq.com/landingpages/mcafee/logo.png
188.240.52.20200 OK 30 kB URL HTTP/2 other.landerhq.com/landingpages/mcafee/logo.png
IP 188.240.52.20:0
File type PNG image data, 1280 x 257, 8-bit/color RGBA, non-interlaced\012- data
Hash 26740ccd6ca2d5d3542f4b0d540bd30c
13c7ccbb771765399a7aeb351a9c8d79e668c480
9db2bed7f1778805e72f7f079f0b8789eaf039e3d9124145d2e88dab53e22ae2
GET /landingpages/mcafee/logo.png HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/936851459
Cookie: XSRF-TOKEN=eyJpdiI6InFyVFhqeWNTOGtrT2RkVEtmMlpBZXc9PSIsInZhbHVlIjoidVRuT1JvaklVN1NGRWs4c1V2MDVxRFBQbG1YZ1lsNk41NWkyRnFxMlVlZzhHWStRa0tRMzRCM2oxOTYrc2cxKzg2S0kwOGQxbFc4ekdSQk91cUV2aTRmSmJrUGJBL0tpS0VxSlk3NnExUzc2bjFXb0sxS0xpbElSOEJWUUNSZVIiLCJtYWMiOiJkNzY5MDU1Njc2YzJhMGIxZWMwNWE2NDJkODgyZWU2OGY5ZjkxMTZiMmFlNzA2MzQ5NzkyNWY5ODBmNmNkNzhiIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6IkgxU1lOVGI1SXB0RGg3ZjJ6KzhTdHc9PSIsInZhbHVlIjoidWd4WForVDFFQ28wTHpVRmNkNnJFbG84UzFmVUZJZ3NsN2M1UDBrdWpXNnBHNWRyTnpNUGk5WGxIWmpFNFdpclpNeTk3amp5MHJqTTduNHNnTjJZYUNzZ2Irc0doTHJ1WVdHcWVGeDhNRmdqNDI5azZNUVl4NVNicWM0OTZodFMiLCJtYWMiOiIzY2Q1ZGQxOGQ1MTRlMWJhYWNiNTNhZjNkYmU1YTQzMzY0ZGViMDRjM2NlMTQxYmUyYWYzYjUzZmI1ZThmYmYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 13:32:17 GMT
content-type: image/png
content-length: 30211
last-modified: Sun, 27 Nov 2022 03:52:41 GMT
etag: "6382df09-7603"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 263fd6d40218c2b0a2945fa12db8b4e5
db616a4c91fea68c1badef3644d17c033a467dd1
9a5d043d20760ae47a125e8585da97dcaf49405321e810c12e93336f55c95a97
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2680
Cache-Control: max-age=170354
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:32:17 GMT
Etag: "638352db-117"
Expires: Tue, 29 Nov 2022 12:51:31 GMT
Last-Modified: Sun, 27 Nov 2022 12:06:51 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 279
other.landerhq.com/landingpages/mcafee/360.png
188.240.52.20200 OK 38 kB URL HTTP/2 other.landerhq.com/landingpages/mcafee/360.png
IP 188.240.52.20:0
File type PNG image data, 125 x 168, 8-bit/color RGBA, non-interlaced\012- data
Hash 15f432f9006e7256a9452bdd27835619
7042133d844e198542a7cc1fadcc513059130fe6
010ba660952072e4c859f26dd1f74bc21cc2d7bdbf7c37b90d9e3ed279ad500f
GET /landingpages/mcafee/360.png HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/936851459
Cookie: XSRF-TOKEN=eyJpdiI6InFyVFhqeWNTOGtrT2RkVEtmMlpBZXc9PSIsInZhbHVlIjoidVRuT1JvaklVN1NGRWs4c1V2MDVxRFBQbG1YZ1lsNk41NWkyRnFxMlVlZzhHWStRa0tRMzRCM2oxOTYrc2cxKzg2S0kwOGQxbFc4ekdSQk91cUV2aTRmSmJrUGJBL0tpS0VxSlk3NnExUzc2bjFXb0sxS0xpbElSOEJWUUNSZVIiLCJtYWMiOiJkNzY5MDU1Njc2YzJhMGIxZWMwNWE2NDJkODgyZWU2OGY5ZjkxMTZiMmFlNzA2MzQ5NzkyNWY5ODBmNmNkNzhiIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6IkgxU1lOVGI1SXB0RGg3ZjJ6KzhTdHc9PSIsInZhbHVlIjoidWd4WForVDFFQ28wTHpVRmNkNnJFbG84UzFmVUZJZ3NsN2M1UDBrdWpXNnBHNWRyTnpNUGk5WGxIWmpFNFdpclpNeTk3amp5MHJqTTduNHNnTjJZYUNzZ2Irc0doTHJ1WVdHcWVGeDhNRmdqNDI5azZNUVl4NVNicWM0OTZodFMiLCJtYWMiOiIzY2Q1ZGQxOGQ1MTRlMWJhYWNiNTNhZjNkYmU1YTQzMzY0ZGViMDRjM2NlMTQxYmUyYWYzYjUzZmI1ZThmYmYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 13:32:17 GMT
content-type: image/png
content-length: 38110
last-modified: Sun, 27 Nov 2022 03:52:50 GMT
etag: "6382df12-94de"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
other.landerhq.com/landingpages/mcafee/os_versions.png
188.240.52.20200 OK 3.1 kB URL HTTP/2 other.landerhq.com/landingpages/mcafee/os_versions.png
IP 188.240.52.20:0
File type PNG image data, 135 x 26, 8-bit/color RGBA, interlaced\012- data
Hash e662ac219b9626c6488250a2b09640c5
45636878adece610ed4d2c44bb177ac53e68adfb
cb28be8a2c6c7ef36afd59c211b5a1f50ad26229c14ae714c39df687c96ab823
GET /landingpages/mcafee/os_versions.png HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/936851459
Cookie: XSRF-TOKEN=eyJpdiI6InFyVFhqeWNTOGtrT2RkVEtmMlpBZXc9PSIsInZhbHVlIjoidVRuT1JvaklVN1NGRWs4c1V2MDVxRFBQbG1YZ1lsNk41NWkyRnFxMlVlZzhHWStRa0tRMzRCM2oxOTYrc2cxKzg2S0kwOGQxbFc4ekdSQk91cUV2aTRmSmJrUGJBL0tpS0VxSlk3NnExUzc2bjFXb0sxS0xpbElSOEJWUUNSZVIiLCJtYWMiOiJkNzY5MDU1Njc2YzJhMGIxZWMwNWE2NDJkODgyZWU2OGY5ZjkxMTZiMmFlNzA2MzQ5NzkyNWY5ODBmNmNkNzhiIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6IkgxU1lOVGI1SXB0RGg3ZjJ6KzhTdHc9PSIsInZhbHVlIjoidWd4WForVDFFQ28wTHpVRmNkNnJFbG84UzFmVUZJZ3NsN2M1UDBrdWpXNnBHNWRyTnpNUGk5WGxIWmpFNFdpclpNeTk3amp5MHJqTTduNHNnTjJZYUNzZ2Irc0doTHJ1WVdHcWVGeDhNRmdqNDI5azZNUVl4NVNicWM0OTZodFMiLCJtYWMiOiIzY2Q1ZGQxOGQ1MTRlMWJhYWNiNTNhZjNkYmU1YTQzMzY0ZGViMDRjM2NlMTQxYmUyYWYzYjUzZmI1ZThmYmYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 13:32:17 GMT
content-type: image/png
content-length: 3073
last-modified: Sun, 27 Nov 2022 03:52:41 GMT
etag: "6382df09-c01"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js
151.101.85.229200 OK 14 kB URL HTTP/2 cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js
IP 151.101.85.229:0
File type Unicode text, UTF-8 text, with very long lines (33322)
Hash aae718b2a0cb61c252946cb2c90eee97
b80eb9c3bde5f4dd455940832989f52d39deafcc
7ac3def7374012c4a78adafd9f76513168890454ad16f053d58060836a582f7f
GET /npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.3.6
x-jsd-version-type: version
etag: W/"8378-YyDrsgfkSqD4ErmTv6bGJ5gw0yk"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 27 Nov 2022 13:32:17 GMT
age: 25221
x-served-by: cache-fra-eddf8230075-FRA, cache-bma1672-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 14187
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js
151.101.85.229200 OK 3.1 kB URL HTTP/2 cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js
IP 151.101.85.229:0
File type ASCII text, with very long lines (8836)
Hash b066530dd980f68abf6d92414bc4c7ed
34ad41df121cf682a0471d60e19ca4590fb5314f
b494f22ff0e7d3f34e58eed4232718aec04e61857777fff1bee495f488a52084
GET /npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.1.20
x-jsd-version-type: version
etag: W/"2349-ZoOIlhfcFugXpJwXzjjzWO/fFjg"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 27 Nov 2022 13:32:17 GMT
age: 39854
x-served-by: cache-fra-eddf8230022-FRA, cache-bma1672-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3067
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.21.226:0
Hash de240504b46d4b2c2f036b5dc716ac26
ec9ab612365b1c063b6974c1183c59aca3d6bbbc
5fcbf6328258b9800e45d956db8db1e49c0d13b4aef8d195c75436974130b706
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 13:32:17 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "70C3B82D1E8AA80C591D624091AC1F7F1B2D4901"
Expires: Mon, 28 Nov 2022 00:00:00 GMT
Last-Modified: Sun, 27 Nov 2022 12:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1527
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770b3aa31bd20afe-OSL
push.services.mozilla.com/
34.215.94.42101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.215.94.42:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: U7H/Z9YRcQChfdIs5deWRg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Ve/l0heGoYUqMNEt01w7h/w4twk=
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 263fd6d40218c2b0a2945fa12db8b4e5
db616a4c91fea68c1badef3644d17c033a467dd1
9a5d043d20760ae47a125e8585da97dcaf49405321e810c12e93336f55c95a97
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2681
Cache-Control: max-age=170354
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:32:18 GMT
Etag: "638352db-117"
Expires: Tue, 29 Nov 2022 12:51:32 GMT
Last-Modified: Sun, 27 Nov 2022 12:06:51 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:32:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 6139394a5a561c124389dcf6b9c10ca7
2f68a0d3b656837c5bfffd9ba092ae984b1d497a
87ebf4aca1fe9ad88a681c60c0d85d8ce9b031c0dca351afc4ca3be1abf14462
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6476
Cache-Control: max-age=163373
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:32:18 GMT
Etag: "638328c3-1d7"
Expires: Tue, 29 Nov 2022 10:55:11 GMT
Last-Modified: Sun, 27 Nov 2022 09:07:15 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1120b48a56e019ac893e77e21e1c604f
fe0182c0bbb9a404b1a354e6790436211ce80bcd
6d0e056c8dc180f44a3a1a66b9fda95d0d19b098bf63630d1ecf819243e95383
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6433
Cache-Control: max-age=98864
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:32:18 GMT
Etag: "63822cf1-1d7"
Expires: Mon, 28 Nov 2022 17:00:02 GMT
Last-Modified: Sat, 26 Nov 2022 15:12:49 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
use.fontawesome.com/releases/v5.7.2/css/all.css
172.64.132.15200 OK 60 kB URL HTTP/2 use.fontawesome.com/releases/v5.7.2/css/all.css
IP 172.64.132.15:0
File type ASCII text, with very long lines (54456), with no line terminators
Hash 56a95456d298ff42a8f37687e55b28bc
2712ab6f3ddf920123204d6e1f5ec917ce5e7743
d6b99e3a5c423fb2bf7e83f8801ba9561c8d5731c152606adeedbe364261e001
GET /releases/v5.7.2/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 13:32:18 GMT
content-type: text/css
x-amz-id-2: 5s6+nP5DxwbA3aVgUja67SuwxzlJbWhtY6fWm55uKHRAQgNAlNN2O74b51ugIvZN8xHD0om3SdE=
x-amz-request-id: 0FNFS0NRNB098Y49
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:57 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2ySfM5GK0CuZkd3vP6sZmBendz2Qj8L%2F9PLXUnp6OhRzf1xHZ6MS06DjA%2BnDAiwbVBKm7mI9SO%2FkoJt9ZCCYpJ5XlKbVxLBmy%2FQtRSW6b4A7ZALQaEt9kGlxdVOOnpCVTZ5sbm9L"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770b3aa2cb5f7321-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
other.landerhq.com/landingpages/mcafee/bg.jpg
188.240.52.20200 OK 130 kB URL HTTP/2 other.landerhq.com/landingpages/mcafee/bg.jpg
IP 188.240.52.20:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x613, components 3\012- data
Size 130 kB (129948 bytes)
Hash 444f46588f202bb38dceb8191f606f3e
f4eb55005df6be8068bb9c78d7fc0cd70651a1dc
86102483f8cb9a2d5bd4771914f960e1ea0bf6b1866aa1c2b86f75a1018b94ce
GET /landingpages/mcafee/bg.jpg HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/936851459
Cookie: XSRF-TOKEN=eyJpdiI6InFyVFhqeWNTOGtrT2RkVEtmMlpBZXc9PSIsInZhbHVlIjoidVRuT1JvaklVN1NGRWs4c1V2MDVxRFBQbG1YZ1lsNk41NWkyRnFxMlVlZzhHWStRa0tRMzRCM2oxOTYrc2cxKzg2S0kwOGQxbFc4ekdSQk91cUV2aTRmSmJrUGJBL0tpS0VxSlk3NnExUzc2bjFXb0sxS0xpbElSOEJWUUNSZVIiLCJtYWMiOiJkNzY5MDU1Njc2YzJhMGIxZWMwNWE2NDJkODgyZWU2OGY5ZjkxMTZiMmFlNzA2MzQ5NzkyNWY5ODBmNmNkNzhiIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6IkgxU1lOVGI1SXB0RGg3ZjJ6KzhTdHc9PSIsInZhbHVlIjoidWd4WForVDFFQ28wTHpVRmNkNnJFbG84UzFmVUZJZ3NsN2M1UDBrdWpXNnBHNWRyTnpNUGk5WGxIWmpFNFdpclpNeTk3amp5MHJqTTduNHNnTjJZYUNzZ2Irc0doTHJ1WVdHcWVGeDhNRmdqNDI5azZNUVl4NVNicWM0OTZodFMiLCJtYWMiOiIzY2Q1ZGQxOGQ1MTRlMWJhYWNiNTNhZjNkYmU1YTQzMzY0ZGViMDRjM2NlMTQxYmUyYWYzYjUzZmI1ZThmYmYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 13:32:18 GMT
content-type: image/jpeg
content-length: 129948
last-modified: Sun, 27 Nov 2022 03:52:41 GMT
etag: "6382df09-1fb9c"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:32:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1120b48a56e019ac893e77e21e1c604f
fe0182c0bbb9a404b1a354e6790436211ce80bcd
6d0e056c8dc180f44a3a1a66b9fda95d0d19b098bf63630d1ecf819243e95383
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6433
Cache-Control: max-age=98864
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:32:18 GMT
Etag: "63822cf1-1d7"
Expires: Mon, 28 Nov 2022 17:00:02 GMT
Last-Modified: Sat, 26 Nov 2022 15:12:49 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash ec490fb1655bc4688d88b1ed8e68b70d
9f75ada2488ea84d2f9267cbf5dc790f090ba088
ab990f382d28bd37e53e4bee48f490232c9ed7c9f1dbf5dc3ab1ccc6d8a7e142
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=140350
Date: Sun, 27 Nov 2022 13:32:18 GMT
Etag: "6382d036-1d7"
Expires: Tue, 29 Nov 2022 04:31:28 GMT
Last-Modified: Sun, 27 Nov 2022 02:49:26 GMT
Server: ECS (dcb/7F15)
X-Cache: Miss from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Wc2AZ2XaaPSojr61Kp7SFFGDsV-yw7yxUKQN2PKLI3DNT7CiZhxTJw==
Age: 6122
use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff2
172.64.132.15200 OK 74 kB URL HTTP/2 use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff2
IP 172.64.132.15:0
File type Web Open Font Format (Version 2), TrueType, length 74348, version 329.31064\012- data
Hash 462806316fea535a6a57651bc2b000b0
80644191098f863f25be27841c0d92c452cf2327
4f9ee3d8f6e621642979e6a8f7e75c57cb9da34918cc08a38abfe178dbae1dd2
GET /releases/v5.7.2/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 13:32:18 GMT
content-type: font/woff2
content-length: 74348
x-amz-id-2: X4gV016SkzlGeFaE2lEvb0M2pOiYB4FowH8XX7PQnFbwirnHo1YdNwgUNQT37rpDLZEM7F4aXeE=
x-amz-request-id: BSXH49DCZ1NJS2F1
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:46:18 GMT
etag: "462806316fea535a6a57651bc2b000b0"
cache-control: max-age=31556926
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xPuyUD8jcTWAusL%2FG6pjyFJKRMqrCsrm%2Be1ZopftTuGE9U4yDlkChk1Yn5wurEi3jpJN38PgsrjJw7fWyKPaF9Mdja4ii1zvJR1ToTEZhQtp6VL9tIz7DsZ7K0pDBKCnwGLczBSv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770b3aa5a8717321-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
botd.fpapi.io/api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20
34.193.232.22200 OK 325 B URL HTTP/2 botd.fpapi.io/api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20
IP 34.193.232.22:0
Hash 4750cfe95ee9bf2180320ab94e69e159
9614f36fc73bf4e4e9e88cb424b42aebca2bb454
dcea95f5bfd2fa6f9597f08696161112bbd9834614e13eae99bfd162500fb8b5
POST /api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20 HTTP/1.1
Host: botd.fpapi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://other.landerhq.com/
Content-Type: text/plain
Origin: https://other.landerhq.com
Content-Length: 21682
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 13:32:18 GMT
content-type: application/octet-stream
content-length: 325
server: nginx
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Origin, Content-Length, Accept-Encoding, Authorization, Auth-Subscriptions, Botd-Password
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://other.landerhq.com
x-amzn-trace-id: Root=1-638366e2-229514b204d7c464377c2100
X-Firefox-Spdy: h2
other.landerhq.com/landingpages/mcafee/favicon.ico
188.240.52.20200 OK 1.2 kB URL HTTP/2 other.landerhq.com/landingpages/mcafee/favicon.ico
IP 188.240.52.20:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash ff7441c3264d89023f376e5319dad793
1f0be835d947eb2de35d945ea5b9b92578a8cbd7
93130759a18703dcad5862bc2fd2973edf9ab7e48ba2c0b4cd4fcfaf832df223
GET /landingpages/mcafee/favicon.ico HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/936851459
Cookie: XSRF-TOKEN=eyJpdiI6InFyVFhqeWNTOGtrT2RkVEtmMlpBZXc9PSIsInZhbHVlIjoidVRuT1JvaklVN1NGRWs4c1V2MDVxRFBQbG1YZ1lsNk41NWkyRnFxMlVlZzhHWStRa0tRMzRCM2oxOTYrc2cxKzg2S0kwOGQxbFc4ekdSQk91cUV2aTRmSmJrUGJBL0tpS0VxSlk3NnExUzc2bjFXb0sxS0xpbElSOEJWUUNSZVIiLCJtYWMiOiJkNzY5MDU1Njc2YzJhMGIxZWMwNWE2NDJkODgyZWU2OGY5ZjkxMTZiMmFlNzA2MzQ5NzkyNWY5ODBmNmNkNzhiIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6IkgxU1lOVGI1SXB0RGg3ZjJ6KzhTdHc9PSIsInZhbHVlIjoidWd4WForVDFFQ28wTHpVRmNkNnJFbG84UzFmVUZJZ3NsN2M1UDBrdWpXNnBHNWRyTnpNUGk5WGxIWmpFNFdpclpNeTk3amp5MHJqTTduNHNnTjJZYUNzZ2Irc0doTHJ1WVdHcWVGeDhNRmdqNDI5azZNUVl4NVNicWM0OTZodFMiLCJtYWMiOiIzY2Q1ZGQxOGQ1MTRlMWJhYWNiNTNhZjNkYmU1YTQzMzY0ZGViMDRjM2NlMTQxYmUyYWYzYjUzZmI1ZThmYmYyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 13:32:18 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Sun, 27 Nov 2022 03:52:50 GMT
etag: "6382df12-47e"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f79de44e08c43da30a3c6c5291fdc427
1a07b622d844d4793fe4767199f5f33f0f3229e2
d536b31b46e283bf64ff0c3e3bf29c706f1d5c2b63d82bc41c76e15bf4a06fe2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3887
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:32:18 GMT
Last-Modified: Sun, 27 Nov 2022 12:27:31 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 2034c4f478581061d113c3cb87e2f362
e9950a76f355c510f0449153fc23f67a9757bbe6
07e5f139ebbc8e61741506be27710036806f9e369c267e80eb9ec12587feab95
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:32:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 27 Nov 2022 12:41:08 GMT
expires: Sun, 27 Nov 2022 14:41:08 GMT
cache-control: public, max-age=7200
age: 3070
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 2034c4f478581061d113c3cb87e2f362
e9950a76f355c510f0449153fc23f67a9757bbe6
07e5f139ebbc8e61741506be27710036806f9e369c267e80eb9ec12587feab95
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:32:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j98&a=1928150580&t=pageview&_s=1&dl=https%3A%2F%2Fother.landerhq.com%2F936851459&dr=https%3A%2F%2F0ee06.trknovi.com%2F&ul=en-us&de=UTF-8&dt=Mcafee%20360%20Antivirus%20Protection!&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAEABAAAAACAAI~&jid=521382824&gjid=1359837862&cid=884781537.1669555939&tid=UA-165133312-2&_gid=1051202343.1669555939&_r=1>m=2wgb90TRL5HN2&z=1856547316
142.250.74.174200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&a=1928150580&t=pageview&_s=1&dl=https%3A%2F%2Fother.landerhq.com%2F936851459&dr=https%3A%2F%2F0ee06.trknovi.com%2F&ul=en-us&de=UTF-8&dt=Mcafee%20360%20Antivirus%20Protection!&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAEABAAAAACAAI~&jid=521382824&gjid=1359837862&cid=884781537.1669555939&tid=UA-165133312-2&_gid=1051202343.1669555939&_r=1>m=2wgb90TRL5HN2&z=1856547316
IP 142.250.74.174:0
File type ASCII text, with no line terminators
Hash cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
POST /j/collect?v=1&_v=j98&a=1928150580&t=pageview&_s=1&dl=https%3A%2F%2Fother.landerhq.com%2F936851459&dr=https%3A%2F%2F0ee06.trknovi.com%2F&ul=en-us&de=UTF-8&dt=Mcafee%20360%20Antivirus%20Protection!&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAEABAAAAACAAI~&jid=521382824&gjid=1359837862&cid=884781537.1669555939&tid=UA-165133312-2&_gid=1051202343.1669555939&_r=1>m=2wgb90TRL5HN2&z=1856547316 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://other.landerhq.com
date: Sun, 27 Nov 2022 13:32:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
script.hotjar.com/modules.e1bdbadbcc63daea6270.js
143.204.55.68200 OK 69 kB URL HTTP/2 script.hotjar.com/modules.e1bdbadbcc63daea6270.js
IP 143.204.55.68:0
File type Unicode text, UTF-8 text, with very long lines (48714)
Hash 53db6c810ee48127f87a9c79e206fc67
aa53e521ba10b23524afc519c6e6ba8d1eb5147c
f89c4d3c17828a5c54ecc60f5107e2bfe92cb8b4622fb766fda6d1fca1c95fdd
GET /modules.e1bdbadbcc63daea6270.js HTTP/1.1
Host: script.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 68720
date: Thu, 24 Nov 2022 08:09:06 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31536000
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: "53db6c810ee48127f87a9c79e206fc67"
last-modified: Thu, 24 Nov 2022 08:08:08 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: s5zWFxsVHlxWeW8CnhvCSE5SY-9F1iBwVyZOkSzhiUcGNLYXSRHU1A==
age: 278592
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 398 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (385)
Hash 131693caec9e535c6ee90e04344597b1
87a2f8aa6d909f92174559cfdbf93ed2312b9142
f2082272595a174d1cee4ddd93a59938431d51e048e9fd1f9f71f8bce2d75ec7
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 27 Nov 2022 13:32:18 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1727304229%3A1669555938871220&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAsQIu_TiALBCgMYuDKw0168EbN3YvfG-F085tS9tiDLPcQNySjxr4MODqGP656pMysRh2ex0Q
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-U3SF5bKUqR0AwKKjlzhUjg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 398
server: GSE
set-cookie: __Host-GAPS=1:fGQZOxoYbkQjqASm5LNGwSZilJ-_yw:Dhvx2hvucnXEHKHs;Path=/;Expires=Tue, 26-Nov-2024 13:32:18 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 88e42375d2172305f819b892225cf877
674324641f82700172e72fe259ee2241361e2ea1
6dce3754a67df878b536c368657a492a1f908d408fe7fe5ba43c5d24c44434b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:32:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f79de44e08c43da30a3c6c5291fdc427
1a07b622d844d4793fe4767199f5f33f0f3229e2
d536b31b46e283bf64ff0c3e3bf29c706f1d5c2b63d82bc41c76e15bf4a06fe2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3887
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:32:18 GMT
Last-Modified: Sun, 27 Nov 2022 12:27:31 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
vars.hotjar.com/box-5e66f98b4ee957db209dc6f63e3d59dd.html
143.204.55.105200 OK 1.0 kB URL HTTP/2 vars.hotjar.com/box-5e66f98b4ee957db209dc6f63e3d59dd.html
IP 143.204.55.105:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2368), with no line terminators
Hash e0652b84b7b3b650769c759fc520c3f8
0b55d6e28613350c7f41b88f19e726e6751ad03b
94b4c240f83065223dcacdd3f8b69cb229d0616edc3e2041eef3e270d859fc3d
GET /box-5e66f98b4ee957db209dc6f63e3d59dd.html HTTP/1.1
Host: vars.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1035
date: Wed, 23 Nov 2022 13:10:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "e0652b84b7b3b650769c759fc520c3f8"
last-modified: Wed, 23 Nov 2022 13:09:18 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 4Z1fV_4r4SZfYrJUdX1jzUjzoW3dnYpuQnD1n6uAluEJ1KuYKWhjkQ==
age: 346932
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 1.3 kB IP 142.250.74.35:0
File type gzip compressed data, max compression\012- data
Hash f810dfa5dde6d41e0988272d52ac3e7a
7e8a6e86fdcc82ca7203d71ab2cea9f373500666
b9843f680d5e5b08abe68f628a896b158b97cd944a84b42adbe21dff86f56fa3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:32:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-165133312-2&cid=884781537.1669555939&jid=521382824&gjid=1359837862&_gid=1051202343.1669555939&_u=YEBAAEAAAAAAACAAI~&z=1128476971
142.251.1.155200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-165133312-2&cid=884781537.1669555939&jid=521382824&gjid=1359837862&_gid=1051202343.1669555939&_u=YEBAAEAAAAAAACAAI~&z=1128476971
IP 142.251.1.155:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-165133312-2&cid=884781537.1669555939&jid=521382824&gjid=1359837862&_gid=1051202343.1669555939&_u=YEBAAEAAAAAAACAAI~&z=1128476971 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://other.landerhq.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 27 Nov 2022 13:32:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7167
Expires: Sun, 27 Nov 2022 15:31:46 GMT
Date: Sun, 27 Nov 2022 13:32:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7167
Expires: Sun, 27 Nov 2022 15:31:46 GMT
Date: Sun, 27 Nov 2022 13:32:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7167
Expires: Sun, 27 Nov 2022 15:31:46 GMT
Date: Sun, 27 Nov 2022 13:32:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7167
Expires: Sun, 27 Nov 2022 15:31:46 GMT
Date: Sun, 27 Nov 2022 13:32:19 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa78e81d9-dbc4-4911-9711-219f64026531.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa78e81d9-dbc4-4911-9711-219f64026531.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5e586c141835f4ac8819c55dcb811b4d
a23fd98701ac35cd8740d1f7a832118c770e20c8
4296f391f755a649897a2211f9072c69a0510e43a313674908bb0a771b12650e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa78e81d9-dbc4-4911-9711-219f64026531.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10944
x-amzn-requestid: ed714e4a-0f80-4b2d-ae82-b28d617fe927
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b42xTGpSoAMF9Vw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6379d1a1-1235a4ad16a6bfee50615fbb;Sampled=0
x-amzn-remapped-date: Sun, 20 Nov 2022 07:05:05 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: UzVSiMniBPN9LTEIutLmWn7BZX7d5RWIxtH0H-RpLfIGqdIBTovGMg==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 28fdf6e146f70e7372911f118404fb20.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 22:36:11 GMT
age: 53768
etag: "a23fd98701ac35cd8740d1f7a832118c770e20c8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F661e728e-05a1-40d9-ae81-c058443324b3.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F661e728e-05a1-40d9-ae81-c058443324b3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 892849386662d30042f01ab952a3ec14
3b349ac17a00d68875e64bee110ec85d07cffda2
893797d55f15081d45af7a31af9fefe106ace9ba236e9b113787d07ab416faf9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F661e728e-05a1-40d9-ae81-c058443324b3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9926
x-amzn-requestid: b03f4d3b-b144-4466-ab11-96c8201d75a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b8Je2G_NIAMFZRw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637b22c5-5ef5e11a198cd8202372d8da;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 07:03:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Eeu-CbRcm2Zv8ZVXNO3vhUt2shbKNQZ1YqsxCMk96twd7zL_rceGYg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 22:05:31 GMT
age: 55608
etag: "3b349ac17a00d68875e64bee110ec85d07cffda2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfaef414-0c01-4bb9-800d-29da0ef5607d.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfaef414-0c01-4bb9-800d-29da0ef5607d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e97baa4851785eac92c719abf481c64
c32a57038d3cdbc514c9081c9938eca6a04fb481
adb59e982648082e5421f58899a5331b2747e9d45be33c495fbe3ab8cc872b22
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfaef414-0c01-4bb9-800d-29da0ef5607d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8387
x-amzn-requestid: e4ce369f-7654-4c1a-94c2-70c913eb1a01
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFL0tEcqIAMFXHw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637ec01d-37bd969f4cdfe220096b8c1f;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 00:51:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: __2hrJIdzCKzhuJ_YfbSSfz-WwyIqnPugk7P6SuYSjn6b2wwm0otCw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 20:58:18 GMT
age: 59641
etag: "c32a57038d3cdbc514c9081c9938eca6a04fb481"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2cd887044e91d7ed0f1a8d7119ff7dd0
ae8aa4ce6ddaccba771fe65446926b60fc5628da
bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10199
x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iF1VIAMF09g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CXOqm7bjsSV0aJBTkTI7LsMovjgPeISPt3sZotEc7CjZnUL_y4_OoQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:41 GMT
age: 56438
etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53b989dd-5b05-43e6-807e-30a5611591c1.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53b989dd-5b05-43e6-807e-30a5611591c1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9443750de7962c9e235cbb6dbda24df0
05de7f68103849bd0cd80a704ef97685d0150800
d84e37f9bfd9888a385364c52cdc0d817aa680ee0a83e579ca1f1083f1131468
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F53b989dd-5b05-43e6-807e-30a5611591c1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12505
x-amzn-requestid: a89c780f-e1a4-451e-842b-656ba43958be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVOeHzfIAMFpGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381358f-3478b6c81d94ec65388bd3da;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:37:19 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mUic7CJjKQ8l7EKhTTSs2LTLaCqnVQUBuxzmfzET4TwSa_LX8na-MA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 20:31:35 GMT
age: 61244
etag: "05de7f68103849bd0cd80a704ef97685d0150800"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iFHoIAMF2-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AVwDLlKoy5pc9NNuR_OakMB0ONGAoO-k2AKwV--b2sjiaqYSKAWlZg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:37 GMT
age: 56442
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 770555aa8a0a52c611bafb289ca8a650
62504cadc49747f328e3c31ad3aa7a740043072c
6317c8530220392b1339be640b8c1181c468ff8e3f3d1d5692b39cb32404216f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 13:32:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 0179baf5ec5e7b83a87754b610733eea
2a8cde6961b030ae16954fcb196a86b4b36fd70b
aed0c506abbc2b33decadb4b2d5ef82e3cff474b48bce5ebe8cce1294435cae1
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 27 Nov 2022 13:32:19 GMT
Last-Modified: Sun, 27 Nov 2022 12:32:16 GMT
Server: ECS (bsa/EB21)
X-Cache: Miss from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Rzi4WPjv4pfyvJrOxWsgzPj9x9AKy-hyeFF5KwjC7MRHXFHkb9OQag==
Age: 3603
ws19.hotjar.com/api/v2/client/ws
54.246.176.35101 Switching Protocols 0 B URL HTTP/1.1 ws19.hotjar.com/api/v2/client/ws
IP 54.246.176.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v2/client/ws HTTP/1.1
Host: ws19.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://other.landerhq.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 7dDdblAB3QoUOqLyBtOtNA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Sun, 27 Nov 2022 13:32:19 GMT
Content-Type: application/octet-stream
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: UPPc+ZCNu/DpjPRlGAAbGmCgkVk=
Sec-WebSocket-Extensions: permessage-deflate
accounts.google.com/v3/signin/identifier?dsh=S755284305%3A1669555938834982&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAtVvPpYebBukoAIR_O4-aV25UUv5mOXD67Mlhve33O0pHbmYAbzAVlas_SWbL5CjAXEQDyP5A
216.58.207.237403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S755284305%3A1669555938834982&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAtVvPpYebBukoAIR_O4-aV25UUv5mOXD67Mlhve33O0pHbmYAbzAVlas_SWbL5CjAXEQDyP5A
IP 216.58.207.237:0
GET /v3/signin/identifier?dsh=S755284305%3A1669555938834982&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAtVvPpYebBukoAIR_O4-aV25UUv5mOXD67Mlhve33O0pHbmYAbzAVlas_SWbL5CjAXEQDyP5A HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 27 Nov 2022 13:32:18 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-83STutGCuAK4ZeId_WgD6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
novidash.com/smartlink-css/638366e1bf0f5c5eaf56c741?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/638366e1bf0f5c5eaf56c741?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
GET /smartlink-css/638366e1bf0f5c5eaf56c741?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 13:32:21 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IkxNM2laZzIvbEhDaHE3RnlMNnJyenc9PSIsInZhbHVlIjoic0JTOVFFWXpDdzlMRHU3YnZFb3AvVmxlUXJiR1VBSHBnb0lxTzNaOGJWMUU3RlRRVTd0QjVwTlJtenlGd21rSU5GMDRIZVowK1RSMStpbmQyYVluTW1Cb3Bxbk8yNDJmTXhOcUlsaXBUR2d6ZWZ6UjhEQmpYK0pTdzlkSWdkdWQiLCJtYWMiOiJhZmJlZGExNTQ3MTRmMDY4YzNiNjJiZGM1OGJkMmUwNTM4M2NlZWRkY2E5ZThhNDM5NWRiYTcyZTQxN2U0Mjg3IiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 15:32:21 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IjBxaGtWcDVBNitFVko2SEVxbERFWEE9PSIsInZhbHVlIjoiQ1JNOXF2Nit1WmJ3a0Z0RU1JU2xVWUhnRUVMTjdCY29KNis4SERRdk8wMi9SZGZPVzA5akw4bjdrUERaSU13dHRIYmZ6STkwMG9VeVBUSVB6Y3k2OTdTS21qeXY5MkxMaFNSRGxiTEs2QkVFNHdqUG1iTGtCZE9vVVpldnhIZ28iLCJtYWMiOiI2MjM2YWYxMjU3ZTBjNjc4NjY5MzMwMGM5YTYzMGFlNTZjOWYzMTNhOGFlYmVkZjYwNmJjN2I1MWUzNTNkODUzIiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 15:32:21 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
novidash.com/landing-interaction/936851459
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/landing-interaction/936851459
IP 188.240.52.20:0
Analyzer Verdict Alert fortinet Phishing
GET /landing-interaction/936851459 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 13:32:25 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6Ijg5QUo2bE9sNDdWQ3VuVEdrYzd1S2c9PSIsInZhbHVlIjoiU3JHcDRUZlVwTTJFRlBWM3BLeXdWa244SE9yUHF3WG9JVndDcm9oZ1FGV3g1eVhmTTFIV244ckV3SjltQUFBU0dBck4vL2lVOTFFdjNpZVhnWUx2dnhlQmV6OWQ2dFNqYlMrL0liQmhnTEN3SEhsMGl5ejdIQzJqUzNndmU3R3ciLCJtYWMiOiI5Zjg4OTAwNmFkY2JkNDZhYjAyOWJkOTE4ZmNmOGFmMTNiYTM0YzNmOGFlN2M1MGY2ODU3MTI0MTVhY2QzZmFhIiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 15:32:25 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IldPc202bjNzd0FQZ0hPbmJuQktxZFE9PSIsInZhbHVlIjoiR1U3TjkvSFVxWFFIRmFXUkxyMm9RaW1XdnZwM2tNRHJTVjg2Zkl4L3FNdTEyOGdjNUVjUW04bFNLdnB4NHZhdjVxUmdFSFZJcFJMU3lmZFljQ05IcEJZTGh0alFGRERmc2czNHNQZi9GdFNpbWc2MEFrYXpURElWYjVGaXVZQnciLCJtYWMiOiJjM2VlN2JmY2MxYTdhYmUwZjI5Y2NlNGEwY2Y4OWUzMzBmYWY4NDhjM2E4NDUzOTg2ODYxYjBjOTYxMjljYmExIiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 15:32:25 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
novidash.com/smartlink-css/638366e1bf0f5c5eaf56c741?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/638366e1bf0f5c5eaf56c741?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
GET /smartlink-css/638366e1bf0f5c5eaf56c741?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 13:32:19 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IktaKzlLQ2lYYWEyMHlmTW82a1hsTWc9PSIsInZhbHVlIjoiSUFla0xlUU9JK2xqYVVVU1hPMkk5cmtxanJacHpCYkVwZzRpaEVxMDdpYjI2RDJ1eGUzTW1ONnZLMXZJQzI3WmRiNzFNdUh0NEd5TmxLd291VzlVOGJZQkRlNjBNUVZvYW5qZEo3aGNYWjVIb3JwUHVzSElwNU1aa1BLNlJVWXoiLCJtYWMiOiIxYjZmN2Y4MzU4MGIxYjQ4YTc1NWY0NjMwNTQ0MTEzOWI1YjIxNGFiZTRlZDljMGYzZWJjYTNjNTc4MmIyMWRmIiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 15:32:19 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IkNaY3JRN2ZPOGxNTE11NzdxaHE3WGc9PSIsInZhbHVlIjoiMm1zSUdwekFjUjkyWnhvZk9haEQxRXJxeWFEZHJGNkRHWmNGMW1QYUcweTZLSkd4SStsNE5BU1FJMnFteFJPdGtkR09qdldkdFphT0hDR3NQb0MveFM0V0ZOeFQwekNNZVdjRitoUXJHNWg5NE1ZbXZGb0FaMU9rMGtCbnJ1Q2ciLCJtYWMiOiI3ZTFiZWUwNmYzZDAzZjY2NGU4MDQ0ZDZlZDNjNTczYWFkZGZmNzg3YzMxNGEzNGY4MTJiMjUyNzgyODllZTE0IiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 15:32:19 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
novidash.com/smartlink-css/638366e1bf0f5c5eaf56c741?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/638366e1bf0f5c5eaf56c741?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
GET /smartlink-css/638366e1bf0f5c5eaf56c741?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 13:32:20 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6InZqcVNEVktpS252N2VzUU9MQnZ5MVE9PSIsInZhbHVlIjoiNlVBcG1QZC9WU0s5WFJUR3M1MWtxa0c2Y2lGL2xLa09GbDdiem50WVhsTmhIOFRwV0o1ME9CSkhOWnl3RnZCM1ZlekdWUnJSRTdRTlZMT3ozUm55eGhDMFJLeVhmNW85WGdDS1loZjdFNjgzNXg2cjVMSFNPdHlnd1A1UjNqRGQiLCJtYWMiOiI5MmY1MzkyNjU5ZWEzODQzZmMzNGY1MzY2NWM1ZDc1OGM1YTJhY2VhNTkyMzQzZjE4YTE5Zjc3MTcyODMzNDc4IiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 15:32:20 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6Im9UeWVzVEd4eUZSZHFaMDNURWJmcFE9PSIsInZhbHVlIjoiSCt5c05aV2JvSHhzYkZISDVIV2RmWFlLMy9kQld5OXk5ZnVXanlKZU5uSW1sN2RiTnRSeFhFa3o0aDZFNFRQYUVMa28xYklLcnAyMFNGRnZvNy8wWmJ1VXVyc3pQVzNRTUNhRDEzcW13RHIyS2hmNk01VjRYdjZsZGVpd2ozTlQiLCJtYWMiOiIxM2MwMDViMDkxOGM4NDk0NTgwOTY0M2NiMWE4NDZkNTc3M2NmZDAwMzNhMmVlYzZhMjQwMzM0ODI1ZWUxMzEyIiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 15:32:20 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
0ee06.trknovi.com/smartlink-css/638366e1bf0f5c5eaf56c741
188.240.52.20200 OK 0 B URL HTTP/2 0ee06.trknovi.com/smartlink-css/638366e1bf0f5c5eaf56c741
IP 188.240.52.20:0
GET /smartlink-css/638366e1bf0f5c5eaf56c741 HTTP/1.1
Host: 0ee06.trknovi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=w7libv938hmu15pkim4ghfeo&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61
Cookie: XSRF-TOKEN=eyJpdiI6IkZzazA2OEdDSlc0dEVadWp5OVdmb1E9PSIsInZhbHVlIjoiRDEzSEppUkdPaHJJN0xxVVhYNjhJZ3p0SzdoZWlkdHdIbFZhRlc2U3AxK3NLL3c2MzU1RFp2bnowV1N0aGh1WTAwSWJGOVlBWklJVDVyUjdPTUNrYkRXVmtLaW9DSS9kaVV4UVJiRXc1R0VvYUM1d3VoNFRHQkR5N2xWT25QRkMiLCJtYWMiOiJkNTA0MDYwYTgwMGQ5YjAxYTQ5ZjExYzY0MGUzZDRhM2Q4OWI4ZDMyNWM5NTVjZjg0ZWIwYjgwMjBmNWFjZjlkIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6InRCYWRGZ0RIeW1WUytQMlVxeE1xNWc9PSIsInZhbHVlIjoic1hRM2VVcm82OVBFbUcvV1dZUVF6RG81UGZRbHhGMjVEc0NqdDJ6WkdxTUppSmFFQ0N3QUs1ejVnakQ3VjVzdzNNVDVOejMvRzFyY2JXay9HMDhsem05T0V6bXNZbmxKWW1ZQ3JEbWZWbHordE9VSllLdVByNkJOSEVXL0VMaCsiLCJtYWMiOiJhMzdmMjMxZGNjOTc5ZTI0OWI1YjFmNDNhOGM2OTBiNGRiYTdmMWI2ZWI5MjEwMTM3ZDliMTZjZDNmMGU2NWJjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 13:32:17 GMT
content-type: text/css; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6InZ1aFRqUE1FMk4wdGdkTG9HSTJkaVE9PSIsInZhbHVlIjoiTkpqUkxXQy9GVjNQMWkwQjh4K0paYUFyb2lYMU1ucVM3NEIyNFFlaHo4dkloV1VJWjdsTzRkdERuVThsUk9XVEcwNjhJakhzR2plZ2hIVzFBdlFySjRLcTVRckdscnNkYmVGMk1Qb2p6V3JiRFdvS2FsQ0pFUFkrZE5tU3o1UEsiLCJtYWMiOiJlY2YzMGRlMjM4YTI4YTJhZWIwN2U0Yzg4NGU4ZmM3YzgzNThkMjk4MzJjMzlmNDA1MDU5ZmVmZDUwMWM0ZThhIiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 15:32:17 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6Ik55aGFGSE5HWEJ6ZVdpZXJ3UXVVaWc9PSIsInZhbHVlIjoiN2NmdjNBYStXVWZCK0QwM3gvUWJOK0doQW9ITW5vdlZqbndXcEp5dTdKTGtBaWxsRXlkc1B0Nll4bkI5aTBsMjU3dStHaitTQ1JKQS9FOVlaUEJIR0JNZE9uWXFueWYrRk4vUUx1RktCUjIwUWhycHJpNFlzbkNoMzRWOFVqTkEiLCJtYWMiOiI0OWQ4NmQzNWY4M2JlNTcyZmM1ZWIzOGVlYzJhZDBkMjI0MmYwZGE0ZDZiZjk5NTBkYTNmMTU2OWFlNmQ1ZDkxIiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 15:32:17 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
www.spotify.com/de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico
35.186.224.25302 Found 0 B URL HTTP/2 www.spotify.com/de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico
IP 35.186.224.25:0
GET /de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico HTTP/1.1
Host: www.spotify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 27 Nov 2022 13:32:18 GMT
x-powered-by: Express
set-cookie: sp_usid=f774878c-e98d-4a0b-bcf2-0f35a17a6dfd; Max-Age=1800; Domain=spotify.com; Path=/; Secure
sp_m=de; Path=/; Domain=.spotify.com; Max-Age=115516800; Expires=Sun, 26 Jul 2026 13:32:18 GMT; Secure; HttpOnly; SameSite=Lax
sp_t=7137a8cd-e7f6-4a19-867b-658564841505; Path=/; Domain=.spotify.com; Max-Age=31536000; Expires=Mon, 27 Nov 2023 13:32:18 GMT; Secure
sp_new=1; Path=/; Domain=.spotify.com; Max-Age=86400; Expires=Mon, 28 Nov 2022 13:32:18 GMT; Secure
sp_landing=https%3A%2F%2Fwww.spotify.com%2Fde%2Flogin%2F; Path=/; Domain=.spotify.com; Max-Age=86400; Expires=Mon, 28 Nov 2022 13:32:18 GMT; Secure; HttpOnly
location: https://accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE
x-join-the-band: https://www.spotify.com/jobs/
content-security-policy: base-uri 'none'; connect-src https: wss:; form-action https:; frame-ancestors 'self' https://*.spotify.com https://*.spotify.net; object-src 'none'
sp-trace-id: c9814200cfc14caf
x-envoy-upstream-service-time: 18
server: envoy
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
vary: Accept-Encoding
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
novidash.com/smartlink-css/638366e1bf0f5c5eaf56c741?fingerprintid=9e4947f35751465411fd1a4f5c358c78
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/638366e1bf0f5c5eaf56c741?fingerprintid=9e4947f35751465411fd1a4f5c358c78
IP 188.240.52.20:0
Analyzer Verdict Alert fortinet Phishing
POST /smartlink-css/638366e1bf0f5c5eaf56c741?fingerprintid=9e4947f35751465411fd1a4f5c358c78 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 22285
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 13:32:18 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IkFYYm9aQ3N6Ymh3bnN4Y2dGeDFvRGc9PSIsInZhbHVlIjoicFFlZ2JLYVdVb3hRVTZHMVZiTzRGZTBSMGtHdWJGQml4cDV3Rzh6VTZBQWtiRFdjVEZ4WURUanV0S2FxejRrTXFtY0RqT0d6aWhVRno2elRpU2tnYXNqdGcwK1BDRWs3dmp0cFVvanN2b0xIQ3dFT2YyOUdYc3RsaEkvY2llODQiLCJtYWMiOiJlZDk2YmEyMDk2ZDU0OTIyMmQwYzQwYmMwNmE4YzZiOWU3YjcxMTExYTg0NjliMTQ3ZWFmYWU3ZWIyNDAzYmQ2IiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 15:32:18 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IlhMSjZRVjRFZXlTU25nQUI3N1ZOT0E9PSIsInZhbHVlIjoiMDlHS1FMV1F1WjdvZzR4bWprV3FhQktsaFM4bWtUcG5WSlN1RmlXQkR4UTgvaG51WXN3bzI4RUNDdmFqTHVmNEEwRTgrOENxMEwrWjFUQVFWY1VmUi9lMkNaUWxNVitWK2hVK3hVSnNYZUx0c2Vjbm9uUkF1VjNmWEYrWnBOK1ciLCJtYWMiOiI5YTkyOWI5NzY0MjQ5NTNkZjJmYzhmYTg0ZGJiYmNlZWFhZGIyYTE2ZTU0OWQ5NzFjOGVmZTE0MzE1NTU3YTI5IiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 15:32:18 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
novidash.com/smartlink-css/638366e1bf0f5c5eaf56c741
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/638366e1bf0f5c5eaf56c741
IP 188.240.52.20:0
Analyzer Verdict Alert fortinet Phishing
POST /smartlink-css/638366e1bf0f5c5eaf56c741 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 364
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 13:32:18 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IjVVTWVneTFSY01ZQmxqUG9oaDRqVEE9PSIsInZhbHVlIjoiOW5IdGV2dnJyWjRvaEhYclN2T0dDYUd4MWdpVExLTjl2VEFTdVJ1WlZPaEtMcnArWmFMNzl0bWZJaUE5NXdJYjRzRlQxbVR2NzgvQURLK1NqOE1mdDgvS0cyTzk3a1ZCSnNLc2YyUU5zNVE1L0M5V0RTcG0vQitGSVV5bTJlY0giLCJtYWMiOiIzYmM2MTUxYjk0YmI0M2UyOGRlNWYxZTE5YjBhMmQ3ZWIxMTMzMGY4NjMzMjYwMzRkMmIyMjQ4NDIxNDU3MGUxIiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 15:32:18 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6ImJZUHQ2aVNzSlpUN3NGTW5HUnVsZ1E9PSIsInZhbHVlIjoiNm5WcVI2ekxJem5DNjlldTNSRGRjbjUyTVlxaEhOeWljcWw0ZzZVK2Q5SDhDSmFhUXovTlpJdnhjSXJNTFVmWWt6NmZsMVJyaFk0Mytlc0twY2d3cENQV0Y3UUl0dzBpRk1vbmZGMElVQVQwSUYxYmJxaC8zT3Y1L0llRlBtTHgiLCJtYWMiOiJlNmEwMjNmMGY4NjQzOGFlYjdmMTg1OWVkZjFmMGVjNGNmZjdhOTAwNTY0MDVmNmJmMGQ0NWNkMTIwMmUxMTY3IiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 15:32:18 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
other.landerhq.com/936851459
188.240.52.20200 OK 0 B URL HTTP/2 other.landerhq.com/936851459
IP 188.240.52.20:0
GET /936851459 HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://0ee06.trknovi.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 13:32:17 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6InFyVFhqeWNTOGtrT2RkVEtmMlpBZXc9PSIsInZhbHVlIjoidVRuT1JvaklVN1NGRWs4c1V2MDVxRFBQbG1YZ1lsNk41NWkyRnFxMlVlZzhHWStRa0tRMzRCM2oxOTYrc2cxKzg2S0kwOGQxbFc4ekdSQk91cUV2aTRmSmJrUGJBL0tpS0VxSlk3NnExUzc2bjFXb0sxS0xpbElSOEJWUUNSZVIiLCJtYWMiOiJkNzY5MDU1Njc2YzJhMGIxZWMwNWE2NDJkODgyZWU2OGY5ZjkxMTZiMmFlNzA2MzQ5NzkyNWY5ODBmNmNkNzhiIiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 15:32:17 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IkgxU1lOVGI1SXB0RGg3ZjJ6KzhTdHc9PSIsInZhbHVlIjoidWd4WForVDFFQ28wTHpVRmNkNnJFbG84UzFmVUZJZ3NsN2M1UDBrdWpXNnBHNWRyTnpNUGk5WGxIWmpFNFdpclpNeTk3amp5MHJqTTduNHNnTjJZYUNzZ2Irc0doTHJ1WVdHcWVGeDhNRmdqNDI5azZNUVl4NVNicWM0OTZodFMiLCJtYWMiOiIzY2Q1ZGQxOGQ1MTRlMWJhYWNiNTNhZjNkYmU1YTQzMzY0ZGViMDRjM2NlMTQxYmUyYWYzYjUzZmI1ZThmYmYyIiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 15:32:17 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
novidash.com/smartlink-css/638366e1bf0f5c5eaf56c741?sop=5&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/638366e1bf0f5c5eaf56c741?sop=5&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
GET /smartlink-css/638366e1bf0f5c5eaf56c741?sop=5&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 13:32:23 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6InBPWTZ3dHh1SHJkMmI2RjJmVk01K1E9PSIsInZhbHVlIjoidHNjZ2tWZXhRR0d3WXlPdDlmd0QwRkJqRXdKQU5lTi94enV3V2FzdDlzU2xiWlc0SjFMbFJZajhhMEptdTdLQXBFd2xBZU80VW1oKzIvaEc2MGRON0hza0I5K1QzQnRvMHVDM0lERUxIOCs5WDNCQ2Z0M0RxaDZ3UXFBN1RXazAiLCJtYWMiOiIxMmUxM2I2YWNmNDNiMjBmNTZhOTY5MDVkYTVlNDk1YTMzOTJkNGZlNTQ4MWYwNjhjODJlMzYxYTYxNTliNDY3IiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 15:32:23 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IndmMkRRdWphY1hPek1YZmlRVlcyU0E9PSIsInZhbHVlIjoiRWRVT0F3SlovN3JISDNmdXdFMFl2MUZnYnFISVJ4cW0vblg5ckFxRzJGQmREK3R3ZGpreTI3a1NDRnhwTjhqV1lRNS9iZDRoem9uN3VLS2pkK0Q0Y2FPRlRLeGZaQkpyeTJLRDhyRDlEYzVzeWx0dmR3eVo3b3dSQm1ld0ZodHAiLCJtYWMiOiJmZTI2MTUwMTNjYzhmNzQxYzUyZjBhMzQ4Zjk2NWQyNzI0NDk3ZWYxYzRjYTUyZjc4ZDUyZTJmODg5Y2JhM2E3IiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 15:32:23 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ws19.hotjar.com/api/v2/sites/2841648/recordings/content
54.246.176.35200 OK 0 B URL HTTP/2 ws19.hotjar.com/api/v2/sites/2841648/recordings/content
IP 54.246.176.35:0
POST /api/v2/sites/2841648/recordings/content HTTP/1.1
Host: ws19.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=UTF-8
Content-Length: 22325
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 13:32:19 GMT
content-type: application/json
vary: Accept-Encoding
cache-control: no-cache, no-store
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: br
X-Firefox-Spdy: h2
novidash.com/smartlink-css/638366e1bf0f5c5eaf56c741?sop=6&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/638366e1bf0f5c5eaf56c741?sop=6&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
GET /smartlink-css/638366e1bf0f5c5eaf56c741?sop=6&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 13:32:24 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6ImpMYUg0V1I3LzFUSllHdVBmanY0aEE9PSIsInZhbHVlIjoibVo1UnhPMjZpZ2NiTXlRQVpJcG5WNTlNVHhHa0FoTXY4alByRzZGMmJIZWNINHhwUDRRLzc0V250STg1MldITU9CbzRkM0ZOdzZpT2tlYjBsZkN5aHVkUGtWY0ROMmxyV29wU2ZVQ1FCdVYrL3p4MkNSa0J2NlovMG9MYmF4aDciLCJtYWMiOiJiMmYyMGNkOWM1YjdmZGJhN2Q2MGZlOTIxYjkxNWU5OTgzZGNkNzkxNDQxNWQwNDNlMjNjMzNkMjY4NzYyNWRjIiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 15:32:24 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6Ii9hdXI0V2VPcENXR2RwOGoyR3NBSEE9PSIsInZhbHVlIjoialMxZzM0K3lLaU12bDVVNlBzTDRPcWV3T0Q2SHNWNGF5SG04STE5b05MckwxL3hyS0J4bWJKTTdNRUdUTGo2OFNEb1FoQXdKOGxOYUkzR00rVlNRTno1MFFRL0JZbW9OSTJZK0ZNQkpKYW15aFJES3JVWWxGSmJOdThML21oSG0iLCJtYWMiOiIxNWUzMDhlZmUxNGUyN2MxZjM1ZDdkNjg1N2RlMDE3ODNlNTkyYzk5MzNjZGE1OWI1MTc1NTRmN2MyMDk0MjM0IiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 15:32:24 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=w7libv938hmu15pkim4ghfeo&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61
188.240.52.20200 OK 0 B URL HTTP/2 0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=w7libv938hmu15pkim4ghfeo&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61
IP 188.240.52.20:0
GET /smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=w7libv938hmu15pkim4ghfeo&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61 HTTP/1.1
Host: 0ee06.trknovi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 27 Nov 2022 13:32:17 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IkZzazA2OEdDSlc0dEVadWp5OVdmb1E9PSIsInZhbHVlIjoiRDEzSEppUkdPaHJJN0xxVVhYNjhJZ3p0SzdoZWlkdHdIbFZhRlc2U3AxK3NLL3c2MzU1RFp2bnowV1N0aGh1WTAwSWJGOVlBWklJVDVyUjdPTUNrYkRXVmtLaW9DSS9kaVV4UVJiRXc1R0VvYUM1d3VoNFRHQkR5N2xWT25QRkMiLCJtYWMiOiJkNTA0MDYwYTgwMGQ5YjAxYTQ5ZjExYzY0MGUzZDRhM2Q4OWI4ZDMyNWM5NTVjZjg0ZWIwYjgwMjBmNWFjZjlkIiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 15:32:17 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6InRCYWRGZ0RIeW1WUytQMlVxeE1xNWc9PSIsInZhbHVlIjoic1hRM2VVcm82OVBFbUcvV1dZUVF6RG81UGZRbHhGMjVEc0NqdDJ6WkdxTUppSmFFQ0N3QUs1ejVnakQ3VjVzdzNNVDVOejMvRzFyY2JXay9HMDhsem05T0V6bXNZbmxKWW1ZQ3JEbWZWbHordE9VSllLdVByNkJOSEVXL0VMaCsiLCJtYWMiOiJhMzdmMjMxZGNjOTc5ZTI0OWI1YjFmNDNhOGM2OTBiNGRiYTdmMWI2ZWI5MjEwMTM3ZDliMTZjZDNmMGU2NWJjIiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 15:32:17 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
0ee06.trknovi.com/smartlink?mongo_id=638366e1bf0f5c5eaf56c741&mongo_grouped_id=638366e1bf0f5c5eaf56c742&redirect_url=https%3A%2F%2Fother.landerhq.com%2F936851459&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMjgwLCJvdXRlckhlaWdodCI6MTAyNCwidnciOjEyODAsInZoIjo5MzksImNvbG9yRGVwdGgiOjI0LCJkZXZpY2VNZW1vcnkiOjAsImhhcmR3YXJlQ29uY3VycmVuY3kiOjE2LCJzdGFuZGFsb25lIjowLCJ0aW1lem9uZSI6IlVUQyIsImxhbmd1YWdlIjoiZW4tVVMiLCJsYW5ndWFnZXMiOlsiZW4tVVMiLCJlbiJdLCJwbGF0Zm9ybSI6IkxpbnV4IHg4Nl82NCIsInRvdWNoIjowLCJpZnJhbWUiOjAsImV2YWwiOjM3LCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMCIsIm92ZXJyaWRlIjoxLCJkdXJhdGlvbiI6MzB9&js=1
188.240.52.20302 Found 0 B URL HTTP/2 0ee06.trknovi.com/smartlink?mongo_id=638366e1bf0f5c5eaf56c741&mongo_grouped_id=638366e1bf0f5c5eaf56c742&redirect_url=https%3A%2F%2Fother.landerhq.com%2F936851459&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMjgwLCJvdXRlckhlaWdodCI6MTAyNCwidnciOjEyODAsInZoIjo5MzksImNvbG9yRGVwdGgiOjI0LCJkZXZpY2VNZW1vcnkiOjAsImhhcmR3YXJlQ29uY3VycmVuY3kiOjE2LCJzdGFuZGFsb25lIjowLCJ0aW1lem9uZSI6IlVUQyIsImxhbmd1YWdlIjoiZW4tVVMiLCJsYW5ndWFnZXMiOlsiZW4tVVMiLCJlbiJdLCJwbGF0Zm9ybSI6IkxpbnV4IHg4Nl82NCIsInRvdWNoIjowLCJpZnJhbWUiOjAsImV2YWwiOjM3LCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMCIsIm92ZXJyaWRlIjoxLCJkdXJhdGlvbiI6MzB9&js=1
IP 188.240.52.20:0
GET /smartlink?mongo_id=638366e1bf0f5c5eaf56c741&mongo_grouped_id=638366e1bf0f5c5eaf56c742&redirect_url=https%3A%2F%2Fother.landerhq.com%2F936851459&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMjgwLCJvdXRlckhlaWdodCI6MTAyNCwidnciOjEyODAsInZoIjo5MzksImNvbG9yRGVwdGgiOjI0LCJkZXZpY2VNZW1vcnkiOjAsImhhcmR3YXJlQ29uY3VycmVuY3kiOjE2LCJzdGFuZGFsb25lIjowLCJ0aW1lem9uZSI6IlVUQyIsImxhbmd1YWdlIjoiZW4tVVMiLCJsYW5ndWFnZXMiOlsiZW4tVVMiLCJlbiJdLCJwbGF0Zm9ybSI6IkxpbnV4IHg4Nl82NCIsInRvdWNoIjowLCJpZnJhbWUiOjAsImV2YWwiOjM3LCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMCIsIm92ZXJyaWRlIjoxLCJkdXJhdGlvbiI6MzB9&js=1 HTTP/1.1
Host: 0ee06.trknovi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=w7libv938hmu15pkim4ghfeo&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61
Cookie: XSRF-TOKEN=eyJpdiI6InZ1aFRqUE1FMk4wdGdkTG9HSTJkaVE9PSIsInZhbHVlIjoiTkpqUkxXQy9GVjNQMWkwQjh4K0paYUFyb2lYMU1ucVM3NEIyNFFlaHo4dkloV1VJWjdsTzRkdERuVThsUk9XVEcwNjhJakhzR2plZ2hIVzFBdlFySjRLcTVRckdscnNkYmVGMk1Qb2p6V3JiRFdvS2FsQ0pFUFkrZE5tU3o1UEsiLCJtYWMiOiJlY2YzMGRlMjM4YTI4YTJhZWIwN2U0Yzg4NGU4ZmM3YzgzNThkMjk4MzJjMzlmNDA1MDU5ZmVmZDUwMWM0ZThhIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Ik55aGFGSE5HWEJ6ZVdpZXJ3UXVVaWc9PSIsInZhbHVlIjoiN2NmdjNBYStXVWZCK0QwM3gvUWJOK0doQW9ITW5vdlZqbndXcEp5dTdKTGtBaWxsRXlkc1B0Nll4bkI5aTBsMjU3dStHaitTQ1JKQS9FOVlaUEJIR0JNZE9uWXFueWYrRk4vUUx1RktCUjIwUWhycHJpNFlzbkNoMzRWOFVqTkEiLCJtYWMiOiI0OWQ4NmQzNWY4M2JlNTcyZmM1ZWIzOGVlYzJhZDBkMjI0MmYwZGE0ZDZiZjk5NTBkYTNmMTU2OWFlNmQ1ZDkxIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: nginx/1.19.10
date: Sun, 27 Nov 2022 13:32:17 GMT
content-type: text/html; charset=UTF-8
location: https://other.landerhq.com/936851459
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6IkErMDBHYVgxNVJ5cml5SWlaZDB1TWc9PSIsInZhbHVlIjoiTGJzQ0JXU0szOS8vSEJxQVZBbDYvdzY2MENkeVpuaVJ3YktPTWFMRm8xdXZ6c1NyVVpGdmxtWXlERlkxTS9WM0orV2w1Wk5wOUZkYnF1VVo1cFFXWnVUaFMwMTI5cHE4NXNLVkoyRWtCdlMwRytKUFpFaGhDR0VySlRwdCtlK3QiLCJtYWMiOiI4M2NkNTA1NWRmMzQyMWU5ZTcxYzRlODNiYTRlNzllZDYwODZjYWRmZmJhYTYyYmRkM2I3YzY3YjM5NjA0ZTdjIiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 15:32:17 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IjU3V2NjdXJvdGJEV0N3ZnlOczc2NlE9PSIsInZhbHVlIjoicTlZZjI5MVJibnpzMkVpdXVyTDdJTUFWQ3dmS1pCOFcyMHYwbDAwdCsxMGJrM3kyc01BTTA5ZXVkcVFWQ1BsV0JRU3FlMHIyVDBqVnl3N3g1RkRLdnA0dXBlUW1ZZCtIRGs4cnhOdjFiK0tFQWE5NjRGMWg4WHVOVkc5TFovdzYiLCJtYWMiOiI4OTQ4MmJhYTgyYmQ5N2U1YTFjODBhMGYxZjQ1YzViNzU1OTE3YWY4YTZmMjExN2FkMGVjZGQ0MDlmMWRjOTI4IiwidGFnIjoiIn0%3D; expires=Sun, 27-Nov-2022 15:32:17 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
static.hotjar.com/c/hotjar-2841648.js?sv=6
143.204.55.37200 OK 0 B URL HTTP/2 static.hotjar.com/c/hotjar-2841648.js?sv=6
IP 143.204.55.37:0
GET /c/hotjar-2841648.js?sv=6 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
date: Sun, 27 Nov 2022 13:32:18 GMT
cache-control: max-age=60
etag: W/4b44b6b2c4208cfe2aeca12470c253c6
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: A1q0ePyfNynV45jRub_5ZkA9hGAlVlmDscIhBUMXqwyLE_CYtu0pLQ==
X-Firefox-Spdy: h2
in.hotjar.com/api/v2/client/sites/2841648/visit-data?sv=6
52.30.44.244200 OK 0 B URL HTTP/2 in.hotjar.com/api/v2/client/sites/2841648/visit-data?sv=6
IP 52.30.44.244:0
POST /api/v2/client/sites/2841648/visit-data?sv=6 HTTP/1.1
Host: in.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=UTF-8
Content-Length: 112
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 13:32:19 GMT
content-type: application/json
vary: Accept-Encoding
cache-control: no-cache, no-store
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: br
X-Firefox-Spdy: h2