other.landerhd.com/900216482
188.240.52.20200 OK 6.9 kB URL HTTP/1.1 other.landerhd.com/900216482
IP 188.240.52.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4905)
Hash 0a652c029715bd0f17e94a09f26b21e1
1e5e76b69fcf2bad567f45088a1e0f5c2c7716fe
c94ca9ff6024badc7e1fc354203f51b4814dcbcf69a0664ca9b2c00f07fd544c
GET /900216482 HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sun, 04 Sep 2022 19:54:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private, must-revalidate
pragma: no-cache
expires: -1
Set-Cookie: XSRF-TOKEN=eyJpdiI6Inc4b0ZmcHFNZHl2Sk5vY29lNW13ZlE9PSIsInZhbHVlIjoiQWt1UkpLcERaWmZDR1ZTUXU4NEhTV2xPKzVWUWNEUGhaaEJPMHlWa3crTE9DbXVmcHUrcEpZRnZRQnhYUzBhb3JQejdjMTlFbk1Va0NrT1VhTHA0TGUwcy9NeEViM2U4MzBhQWkxMU40UXQyUittQWU1VVdCRDNTK0JDTGIzcGMiLCJtYWMiOiI1ZDY3YWFkYjJjZTA0ODgxMGUyMDY4ZmEwNDhmODk4ODQ1NTE0NzY1Yjg4ZjIyMzY0ZDg4YmVhNjEzYzJiNWM0IiwidGFnIjoiIn0%3D; expires=Sun, 04-Sep-2022 21:54:39 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6Imc2RXN3L0JZYVJKWnoxMXprR0pPTFE9PSIsInZhbHVlIjoiUDg2eEp4WVBBK3NJTitvQ3FxQVpvcllBV0FjZXV2UUV4TVRvUWJOcHBvM0FpWmt5UG54VzlUY0JZQUhialJmRFoyNGY4clhLaE5qZFR2SlJjd2dySWRROHhwRnVQVDQ2NFkyMTBUdnVvWGxNNjBCMWlkOVQ1ZktZZVJTZ2t0L28iLCJtYWMiOiIyNjhjYjhhZWJkNzBlNjM3ZDVlYTg0NTAwNTNlZGQyYzI0N2U0Yjg3ZmQ1MTUyNWEzODU0MzQxZThiNzI0MDIwIiwidGFnIjoiIn0%3D; expires=Sun, 04-Sep-2022 21:54:39 GMT; Max-Age=7200; path=/; httponly; samesite=lax
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 04 Sep 2022 19:44:19 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: mqInL09Fqll2CTvbBFq6qr1NSFOhlKC5HRmzMmWGxgQMHxGxhCU27w==
Age: 620
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash d931e0142ef5ffe9cdb4c4c6bfcb9bc9
d9c4caf525e8926b042a14f38d374cc4033ed768
f610984fb0a75b3a31424faa860cbc8172c7f21804df1dc14fbb685b7c456f29
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F610984FB0A75B3A31424FAA860CBC8172C7F21804DF1DC14FBB685B7C456F29"
Last-Modified: Sat, 03 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2532
Expires: Sun, 04 Sep 2022 20:36:51 GMT
Date: Sun, 04 Sep 2022 19:54:39 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 04 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: BY9ltVPaAbzpAH1i97kFz7GWJRbLAJP6fAm1Oqjt8wn-weKbInxtog==
age: 67162
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 19:54:39 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js
151.101.85.229200 OK 3.1 kB URL HTTP/2 cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js
IP 151.101.85.229:0
File type ASCII text, with very long lines (8836)
Hash b066530dd980f68abf6d92414bc4c7ed
34ad41df121cf682a0471d60e19ca4590fb5314f
b494f22ff0e7d3f34e58eed4232718aec04e61857777fff1bee495f488a52084
GET /npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.1.20
x-jsd-version-type: version
etag: W/"2349-ZoOIlhfcFugXpJwXzjjzWO/fFjg"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Sep 2022 19:54:39 GMT
age: 38260
x-served-by: cache-fra19148-FRA, cache-bma1680-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 3067
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js
151.101.85.229200 OK 14 kB URL HTTP/2 cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js
IP 151.101.85.229:0
File type Unicode text, UTF-8 text, with very long lines (33348)
Hash e7b94e944315bb48c9b9820ad324718d
f77317565b6243287bd3ee74fe96a9632fef559a
4c8e188a605e3090b34c87622bf7038d6699cb06af2f242eb77843ff3966f97a
GET /npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.3.5
x-jsd-version-type: version
etag: W/"8392-Rfi4DUKsZmgOw+7TcNmFhcx8ixc"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Sep 2022 19:54:39 GMT
age: 24672
x-served-by: cache-fra19145-FRA, cache-bma1680-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 14137
X-Firefox-Spdy: h2
other.landerhd.com/landingpages/mcafee/360.png
188.240.52.20200 OK 38 kB URL HTTP/2 other.landerhd.com/landingpages/mcafee/360.png
IP 188.240.52.20:0
File type PNG image data, 125 x 168, 8-bit/color RGBA, non-interlaced\012- data
Hash 15f432f9006e7256a9452bdd27835619
7042133d844e198542a7cc1fadcc513059130fe6
010ba660952072e4c859f26dd1f74bc21cc2d7bdbf7c37b90d9e3ed279ad500f
GET /landingpages/mcafee/360.png HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Cookie: XSRF-TOKEN=eyJpdiI6Inc4b0ZmcHFNZHl2Sk5vY29lNW13ZlE9PSIsInZhbHVlIjoiQWt1UkpLcERaWmZDR1ZTUXU4NEhTV2xPKzVWUWNEUGhaaEJPMHlWa3crTE9DbXVmcHUrcEpZRnZRQnhYUzBhb3JQejdjMTlFbk1Va0NrT1VhTHA0TGUwcy9NeEViM2U4MzBhQWkxMU40UXQyUittQWU1VVdCRDNTK0JDTGIzcGMiLCJtYWMiOiI1ZDY3YWFkYjJjZTA0ODgxMGUyMDY4ZmEwNDhmODk4ODQ1NTE0NzY1Yjg4ZjIyMzY0ZDg4YmVhNjEzYzJiNWM0IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Imc2RXN3L0JZYVJKWnoxMXprR0pPTFE9PSIsInZhbHVlIjoiUDg2eEp4WVBBK3NJTitvQ3FxQVpvcllBV0FjZXV2UUV4TVRvUWJOcHBvM0FpWmt5UG54VzlUY0JZQUhialJmRFoyNGY4clhLaE5qZFR2SlJjd2dySWRROHhwRnVQVDQ2NFkyMTBUdnVvWGxNNjBCMWlkOVQ1ZktZZVJTZ2t0L28iLCJtYWMiOiIyNjhjYjhhZWJkNzBlNjM3ZDVlYTg0NTAwNTNlZGQyYzI0N2U0Yjg3ZmQ1MTUyNWEzODU0MzQxZThiNzI0MDIwIiwidGFnIjoiIn0%3D; _ga=GA1.2.243047169.1662314095; _gid=GA1.2.267730060.1662314095; _hjSessionUser_2841648=eyJpZCI6ImYzNTIzZDY5LWU4NDItNWI3OC1iNTk1LTJiMWVlMzliYTI1MSIsImNyZWF0ZWQiOjE2NjIzMTQwOTQ5NDksImV4aXN0aW5nIjpmYWxzZX0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 04 Sep 2022 19:54:39 GMT
content-type: image/png
content-length: 38110
last-modified: Wed, 31 Aug 2022 12:57:28 GMT
etag: "630f5ab8-94de"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.21.226:0
Hash b90e75bddf1530e5023eb1b984c0fb0f
5e8d96aac3496d194c5b469e21ff809f3a92b83b
f2ea7ca5f2b9da9a1d9540bcde9ff933d239e653f19756a07477af5f78495b43
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 19:54:39 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "FF2894701C015CDDE867FF636FD0375BE0ED6D85"
Expires: Mon, 05 Sep 2022 06:00:00 GMT
Last-Modified: Sun, 04 Sep 2022 18:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2613
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7459473cd9d0b4f3-OSL
other.landerhd.com/landingpages/mcafee/logo.png
188.240.52.20200 OK 30 kB URL HTTP/2 other.landerhd.com/landingpages/mcafee/logo.png
IP 188.240.52.20:0
File type PNG image data, 1280 x 257, 8-bit/color RGBA, non-interlaced\012- data
Hash 26740ccd6ca2d5d3542f4b0d540bd30c
13c7ccbb771765399a7aeb351a9c8d79e668c480
9db2bed7f1778805e72f7f079f0b8789eaf039e3d9124145d2e88dab53e22ae2
GET /landingpages/mcafee/logo.png HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Cookie: XSRF-TOKEN=eyJpdiI6Inc4b0ZmcHFNZHl2Sk5vY29lNW13ZlE9PSIsInZhbHVlIjoiQWt1UkpLcERaWmZDR1ZTUXU4NEhTV2xPKzVWUWNEUGhaaEJPMHlWa3crTE9DbXVmcHUrcEpZRnZRQnhYUzBhb3JQejdjMTlFbk1Va0NrT1VhTHA0TGUwcy9NeEViM2U4MzBhQWkxMU40UXQyUittQWU1VVdCRDNTK0JDTGIzcGMiLCJtYWMiOiI1ZDY3YWFkYjJjZTA0ODgxMGUyMDY4ZmEwNDhmODk4ODQ1NTE0NzY1Yjg4ZjIyMzY0ZDg4YmVhNjEzYzJiNWM0IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Imc2RXN3L0JZYVJKWnoxMXprR0pPTFE9PSIsInZhbHVlIjoiUDg2eEp4WVBBK3NJTitvQ3FxQVpvcllBV0FjZXV2UUV4TVRvUWJOcHBvM0FpWmt5UG54VzlUY0JZQUhialJmRFoyNGY4clhLaE5qZFR2SlJjd2dySWRROHhwRnVQVDQ2NFkyMTBUdnVvWGxNNjBCMWlkOVQ1ZktZZVJTZ2t0L28iLCJtYWMiOiIyNjhjYjhhZWJkNzBlNjM3ZDVlYTg0NTAwNTNlZGQyYzI0N2U0Yjg3ZmQ1MTUyNWEzODU0MzQxZThiNzI0MDIwIiwidGFnIjoiIn0%3D; _ga=GA1.2.243047169.1662314095; _gid=GA1.2.267730060.1662314095; _hjSessionUser_2841648=eyJpZCI6ImYzNTIzZDY5LWU4NDItNWI3OC1iNTk1LTJiMWVlMzliYTI1MSIsImNyZWF0ZWQiOjE2NjIzMTQwOTQ5NDksImV4aXN0aW5nIjpmYWxzZX0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 04 Sep 2022 19:54:39 GMT
content-type: image/png
content-length: 30211
last-modified: Wed, 31 Aug 2022 12:57:35 GMT
etag: "630f5abf-7603"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
other.landerhd.com/landingpages/mcafee/os_versions.png
188.240.52.20200 OK 3.1 kB URL HTTP/2 other.landerhd.com/landingpages/mcafee/os_versions.png
IP 188.240.52.20:0
File type PNG image data, 135 x 26, 8-bit/color RGBA, interlaced\012- data
Hash e662ac219b9626c6488250a2b09640c5
45636878adece610ed4d2c44bb177ac53e68adfb
cb28be8a2c6c7ef36afd59c211b5a1f50ad26229c14ae714c39df687c96ab823
GET /landingpages/mcafee/os_versions.png HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Cookie: XSRF-TOKEN=eyJpdiI6Inc4b0ZmcHFNZHl2Sk5vY29lNW13ZlE9PSIsInZhbHVlIjoiQWt1UkpLcERaWmZDR1ZTUXU4NEhTV2xPKzVWUWNEUGhaaEJPMHlWa3crTE9DbXVmcHUrcEpZRnZRQnhYUzBhb3JQejdjMTlFbk1Va0NrT1VhTHA0TGUwcy9NeEViM2U4MzBhQWkxMU40UXQyUittQWU1VVdCRDNTK0JDTGIzcGMiLCJtYWMiOiI1ZDY3YWFkYjJjZTA0ODgxMGUyMDY4ZmEwNDhmODk4ODQ1NTE0NzY1Yjg4ZjIyMzY0ZDg4YmVhNjEzYzJiNWM0IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Imc2RXN3L0JZYVJKWnoxMXprR0pPTFE9PSIsInZhbHVlIjoiUDg2eEp4WVBBK3NJTitvQ3FxQVpvcllBV0FjZXV2UUV4TVRvUWJOcHBvM0FpWmt5UG54VzlUY0JZQUhialJmRFoyNGY4clhLaE5qZFR2SlJjd2dySWRROHhwRnVQVDQ2NFkyMTBUdnVvWGxNNjBCMWlkOVQ1ZktZZVJTZ2t0L28iLCJtYWMiOiIyNjhjYjhhZWJkNzBlNjM3ZDVlYTg0NTAwNTNlZGQyYzI0N2U0Yjg3ZmQ1MTUyNWEzODU0MzQxZThiNzI0MDIwIiwidGFnIjoiIn0%3D; _ga=GA1.2.243047169.1662314095; _gid=GA1.2.267730060.1662314095; _hjSessionUser_2841648=eyJpZCI6ImYzNTIzZDY5LWU4NDItNWI3OC1iNTk1LTJiMWVlMzliYTI1MSIsImNyZWF0ZWQiOjE2NjIzMTQwOTQ5NDksImV4aXN0aW5nIjpmYWxzZX0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 04 Sep 2022 19:54:39 GMT
content-type: image/png
content-length: 3073
last-modified: Wed, 31 Aug 2022 12:57:34 GMT
etag: "630f5abe-c01"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff2
172.67.169.247200 OK 74 kB URL HTTP/2 use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff2
IP 172.67.169.247:0
File type Web Open Font Format (Version 2), TrueType, length 74348, version 329.31064\012- data
Hash 462806316fea535a6a57651bc2b000b0
80644191098f863f25be27841c0d92c452cf2327
4f9ee3d8f6e621642979e6a8f7e75c57cb9da34918cc08a38abfe178dbae1dd2
GET /releases/v5.7.2/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Sep 2022 19:54:39 GMT
content-type: font/woff2
content-length: 74348
x-amz-id-2: 1Pwy6ftsigm99ufLIOFmNEuNjDA40nyZUyoDQsKctRbrlKte9L7MtojdEHzOCXKIAohETjzzFI0=
x-amz-request-id: RGQJSG38YVFQT521
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:46:18 GMT
etag: "462806316fea535a6a57651bc2b000b0"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 180016
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RyQKFRUVZoKVUerF6QePPAVTOHtBJ3FpaKZnNVoxCaqC4YO27xzuSzcm9wgz90vNdcKnNFqIfJE%2Bjt%2FXg9%2BoOp%2Fs0x%2FM%2F%2Ft5sJzdIXXRUed5BXisggrGmv%2B%2FYXayzq2%2Ffv2JfE2p"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7459473d192c1bfe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
other.landerhd.com/landingpages/mcafee/bg.jpg
188.240.52.20200 OK 130 kB URL HTTP/2 other.landerhd.com/landingpages/mcafee/bg.jpg
IP 188.240.52.20:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x613, components 3\012- data
Size 130 kB (129948 bytes)
Hash 444f46588f202bb38dceb8191f606f3e
f4eb55005df6be8068bb9c78d7fc0cd70651a1dc
86102483f8cb9a2d5bd4771914f960e1ea0bf6b1866aa1c2b86f75a1018b94ce
GET /landingpages/mcafee/bg.jpg HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Cookie: XSRF-TOKEN=eyJpdiI6Inc4b0ZmcHFNZHl2Sk5vY29lNW13ZlE9PSIsInZhbHVlIjoiQWt1UkpLcERaWmZDR1ZTUXU4NEhTV2xPKzVWUWNEUGhaaEJPMHlWa3crTE9DbXVmcHUrcEpZRnZRQnhYUzBhb3JQejdjMTlFbk1Va0NrT1VhTHA0TGUwcy9NeEViM2U4MzBhQWkxMU40UXQyUittQWU1VVdCRDNTK0JDTGIzcGMiLCJtYWMiOiI1ZDY3YWFkYjJjZTA0ODgxMGUyMDY4ZmEwNDhmODk4ODQ1NTE0NzY1Yjg4ZjIyMzY0ZDg4YmVhNjEzYzJiNWM0IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Imc2RXN3L0JZYVJKWnoxMXprR0pPTFE9PSIsInZhbHVlIjoiUDg2eEp4WVBBK3NJTitvQ3FxQVpvcllBV0FjZXV2UUV4TVRvUWJOcHBvM0FpWmt5UG54VzlUY0JZQUhialJmRFoyNGY4clhLaE5qZFR2SlJjd2dySWRROHhwRnVQVDQ2NFkyMTBUdnVvWGxNNjBCMWlkOVQ1ZktZZVJTZ2t0L28iLCJtYWMiOiIyNjhjYjhhZWJkNzBlNjM3ZDVlYTg0NTAwNTNlZGQyYzI0N2U0Yjg3ZmQ1MTUyNWEzODU0MzQxZThiNzI0MDIwIiwidGFnIjoiIn0%3D; _ga=GA1.2.243047169.1662314095; _gid=GA1.2.267730060.1662314095; _hjSessionUser_2841648=eyJpZCI6ImYzNTIzZDY5LWU4NDItNWI3OC1iNTk1LTJiMWVlMzliYTI1MSIsImNyZWF0ZWQiOjE2NjIzMTQwOTQ5NDksImV4aXN0aW5nIjpmYWxzZX0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 04 Sep 2022 19:54:39 GMT
content-type: image/jpeg
content-length: 129948
last-modified: Wed, 31 Aug 2022 12:57:34 GMT
etag: "630f5abe-1fb9c"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ee85619a9f461f8178bd01f5bd2e23d3
c0ba4a373bac8be03f54363b78945c7fcbab145f
35e13dc9c99c6439220c794133e4a650a03c41f21b4c06fb3ffb944e20fc2f7c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4636
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 19:54:39 GMT
Last-Modified: Sun, 04 Sep 2022 18:37:24 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 561aa641faf9aacdc3a40ba61667ccf5
99d4b6b3a01c983350459931cecca79b3c4f25cc
bef258348432bda5f64c1f6485fb39775dc8faa7c2d0764ebec2df8cd4bbf254
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4779
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 19:54:39 GMT
Last-Modified: Sun, 04 Sep 2022 18:35:01 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 561aa641faf9aacdc3a40ba61667ccf5
99d4b6b3a01c983350459931cecca79b3c4f25cc
bef258348432bda5f64c1f6485fb39775dc8faa7c2d0764ebec2df8cd4bbf254
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4779
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 19:54:39 GMT
Last-Modified: Sun, 04 Sep 2022 18:35:01 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
www.spotify.com/de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico
35.186.224.25302 Found 581 B URL HTTP/2 www.spotify.com/de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico
IP 35.186.224.25:0
Hash 3216d4674c857404c5f58733826ff9b3
0424d83f7c1bee31da39ea3469826dc5d92aefa2
3550025917ecce29d18738f91c4162c58d4020171e3f66ae72d70006494fc854
GET /de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico HTTP/1.1
Host: www.spotify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 04 Sep 2022 19:54:39 GMT
x-powered-by: Express
set-cookie: sp_usid=5f9259f1-7aca-4184-b00b-672fea0412ea; Max-Age=1800; Domain=spotify.com; Path=/; Secure
sp_m=de; Path=/; Domain=.spotify.com; Max-Age=115516800; Expires=Sun, 03 May 2026 19:54:39 GMT; Secure; HttpOnly; SameSite=Lax
sp_t=754a2f7e-e7d7-4b1a-aa5a-2238cdbb5a23; Path=/; Domain=.spotify.com; Max-Age=31536000; Expires=Mon, 04 Sep 2023 19:54:39 GMT; Secure
sp_new=1; Path=/; Domain=.spotify.com; Max-Age=86400; Expires=Mon, 05 Sep 2022 19:54:39 GMT; Secure
sp_landing=https%3A%2F%2Fwww.spotify.com%2Fde%2Flogin%2F; Path=/; Domain=.spotify.com; Max-Age=86400; Expires=Mon, 05 Sep 2022 19:54:39 GMT; Secure; HttpOnly
location: https://accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE
x-join-the-band: https://www.spotify.com/jobs/
content-security-policy: base-uri 'none'; connect-src https: wss:; form-action https:; frame-ancestors 'self' https://*.spotify.com https://*.spotify.net; object-src 'none'
sp-trace-id: 681f3e46af241fba
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
vary: Accept-Encoding
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-TRL5HN2
142.250.74.72200 OK 46 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-TRL5HN2
IP 142.250.74.72:0
File type ASCII text, with very long lines (3238)
Hash e64c0c12ae9cd8c7ebc7d4444abe50b9
d5af65b866c331b727e36797f3069b57e34aa53f
948b33c6a4dc65615e379d4833a159c3c5ee315dafb63ff696f966ff0ae9d2f3
GET /gtm.js?id=GTM-TRL5HN2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 04 Sep 2022 19:54:39 GMT
expires: Sun, 04 Sep 2022 19:54:39 GMT
cache-control: private, max-age=900
last-modified: Sun, 04 Sep 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46500
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash cc6ea3e01d1d6b8c4b28ff64d3b795a7
017457c6f5a63157102485a956c667aad36d33ef
e6fe903f67363d3e92b929e274f0de7c2f6a15b6df1806198199440ed0fe221e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 19:54:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 04 Sep 2022 19:38:16 GMT
Expires: Sun, 04 Sep 2022 20:06:12 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: oVEhWgBI63OYvHjHdV52U41N1njX8nSUq6CKtnWyAcRtVQQBPV8YZA==
Age: 983
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash f9521f19e0a1cdb4d96ef4744b46ccbd
90b33d2bb95a5f63d976403e89e52ac1264a0ddd
ba190e0dea1a3faca968165ab7591e9c92d3575175eba8b43d2da429d849f3aa
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 04 Sep 2022 19:54:39 GMT
Last-Modified: Sun, 04 Sep 2022 19:48:52 GMT
Server: ECS (nyb/1D34)
X-Cache: Miss from cloudfront
Via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: R2RBuZxuP8FBxttDbquKUb67FJJCl14nAo5DgqK_UE6Xx89WSjHRiA==
Age: 347
botd.fpapi.io/api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20
18.215.75.60200 OK 313 B URL HTTP/2 botd.fpapi.io/api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20
IP 18.215.75.60:0
Hash 23a4ceec6049716bc37910fe9abffe20
2c08ba84b8f596692fec0712f2089589dbd0859e
f7f315f5237802498fec3b33abe44ebd05ebfa5a7947ddce91b3929ffed4cbd3
POST /api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20 HTTP/1.1
Host: botd.fpapi.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://other.landerhd.com/
Content-Type: text/plain
Origin: http://other.landerhd.com
Content-Length: 20848
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Sep 2022 19:54:40 GMT
content-type: application/octet-stream
content-length: 313
server: nginx
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Origin, Content-Length, Accept-Encoding, Authorization, Auth-Subscriptions, Botd-Password
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://other.landerhd.com
x-amzn-trace-id: Root=1-63150280-4e24e7b568302c227333da10
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 77d035f38a45e8a1ec30d5fe9611880b
01cf34de95257da64dac90edf5a86203f1160271
7dc687d6bb1679ba5567e58b4f8c1e78766e7ee36273ba7f62068c595d57f7f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 522
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 19:54:40 GMT
Last-Modified: Sun, 04 Sep 2022 19:45:58 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
other.landerhd.com/landingpages/mcafee/favicon.ico
188.240.52.20200 OK 1.2 kB URL HTTP/2 other.landerhd.com/landingpages/mcafee/favicon.ico
IP 188.240.52.20:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash ff7441c3264d89023f376e5319dad793
1f0be835d947eb2de35d945ea5b9b92578a8cbd7
93130759a18703dcad5862bc2fd2973edf9ab7e48ba2c0b4cd4fcfaf832df223
GET /landingpages/mcafee/favicon.ico HTTP/1.1
Host: other.landerhd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Cookie: XSRF-TOKEN=eyJpdiI6Inc4b0ZmcHFNZHl2Sk5vY29lNW13ZlE9PSIsInZhbHVlIjoiQWt1UkpLcERaWmZDR1ZTUXU4NEhTV2xPKzVWUWNEUGhaaEJPMHlWa3crTE9DbXVmcHUrcEpZRnZRQnhYUzBhb3JQejdjMTlFbk1Va0NrT1VhTHA0TGUwcy9NeEViM2U4MzBhQWkxMU40UXQyUittQWU1VVdCRDNTK0JDTGIzcGMiLCJtYWMiOiI1ZDY3YWFkYjJjZTA0ODgxMGUyMDY4ZmEwNDhmODk4ODQ1NTE0NzY1Yjg4ZjIyMzY0ZDg4YmVhNjEzYzJiNWM0IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Imc2RXN3L0JZYVJKWnoxMXprR0pPTFE9PSIsInZhbHVlIjoiUDg2eEp4WVBBK3NJTitvQ3FxQVpvcllBV0FjZXV2UUV4TVRvUWJOcHBvM0FpWmt5UG54VzlUY0JZQUhialJmRFoyNGY4clhLaE5qZFR2SlJjd2dySWRROHhwRnVQVDQ2NFkyMTBUdnVvWGxNNjBCMWlkOVQ1ZktZZVJTZ2t0L28iLCJtYWMiOiIyNjhjYjhhZWJkNzBlNjM3ZDVlYTg0NTAwNTNlZGQyYzI0N2U0Yjg3ZmQ1MTUyNWEzODU0MzQxZThiNzI0MDIwIiwidGFnIjoiIn0%3D; _ga=GA1.2.243047169.1662314095; _gid=GA1.2.267730060.1662314095; _hjSessionUser_2841648=eyJpZCI6ImYzNTIzZDY5LWU4NDItNWI3OC1iNTk1LTJiMWVlMzliYTI1MSIsImNyZWF0ZWQiOjE2NjIzMTQwOTQ5NDksImV4aXN0aW5nIjpmYWxzZX0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 04 Sep 2022 19:54:40 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Wed, 31 Aug 2022 12:57:34 GMT
etag: "630f5abe-47e"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 6429b930abfde63299f0904d2799142e
7a33a6893301f185e5de5e038574da5e56a3fb6d
2e66f86cab83f1b68b77449fea4c92103f1d850f3da21af5295c3ec75889520a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3428
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 19:54:40 GMT
Last-Modified: Sun, 04 Sep 2022 18:57:32 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Sun, 04 Sep 2022 18:41:12 GMT
expires: Sun, 04 Sep 2022 20:41:12 GMT
cache-control: public, max-age=7200
age: 4408
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a3a96c8b66c9fca1fc8f3c35afdd2605
a51e774cd8a298541806756fcf7d9995e378bf63
85abeb3438d14f003f10b69b39c5e0e5cbf2c9de5364c71bb13d9ae5d1a26b25
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 19:54:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e62f2399f9d20bf0924a04214ef012c6
08d5022f493f6b4ce9ae700e21c1339fffd830a1
1005dbc0f5b119a04df922a23953aea57d5e2713092704d57fc910b7a5d88e26
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 19:54:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 394 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Hash b3e5815144e4f97f59eaad6d40270fec
ca7ae99a677db032f527905be14e98897e647edb
236eab17b3e0c09927ad52f15de809ee9edad514cffb5cf561c42b6c9d018297
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 04 Sep 2022 19:54:40 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1375218202%3A1662321280231081&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmV3QllTcOkijVNbNnou4Rb1yoLoI_06-B-aQuNzIYSjbKbL1q0IrjdeWwPzNyGsPonn_xhB
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-L-jtwDqtHGM43paz9_IvEg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 394
server: GSE
set-cookie: __Host-GAPS=1:Puq4GtZo6iK_UBOFmRiksRMopHXa-Q:jYIuLkUTxIY-v6ah;Path=/;Expires=Tue, 03-Sep-2024 19:54:40 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 398 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381)
Hash 9fe2cdb6fcd92eaeaf1558bfb545e69e
fd96544b85a2260c22ccb361c6b77828a76f8d5b
2a260af29b7f58b5805bca3688c4afff4d80ed28156ec13aa266c1f2de94b3f1
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 04 Sep 2022 19:54:40 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S789101659%3A1662321280244144&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmX_J9W_57EQf3YNPL-VrbJq4U9AhYw7K6uMvMtVxl9RNq90rwAbYWJ2HO_lwTHCNK3nXdpW
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-DReUlwFASt72vgweGySGdw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 398
server: GSE
set-cookie: __Host-GAPS=1:vM8oZroQij1hFQbWwrgaeIawvKrrGA:HaQjIgOKgkkPdp_s;Path=/;Expires=Tue, 03-Sep-2024 19:54:40 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
novidash.com/smartlink-css/631502567746675c1267e75f
188.240.52.20200 OK 2 B URL HTTP/2 novidash.com/smartlink-css/631502567746675c1267e75f
IP 188.240.52.20:0
File type ASCII text, with no line terminators
Hash cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Analyzer Verdict Alert fortinet Phishing
POST /smartlink-css/631502567746675c1267e75f HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 352
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 04 Sep 2022 19:54:40 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IlJoK0NpRWlRbFlXdWZpWXR4UmQraEE9PSIsInZhbHVlIjoiZ01Kc01wNlBkaTNUQUhmZ2VJNkJmS2FrcE5nYmJ1NjFTdExGR012MXZpaWhpcEFoTUV3K0JZdWl4VTRNTHp5N2dkT0p2VjYvU0VuMHc0bnNmRm9YNUpxQnZwU04yamJqb3ZqdDY0T3NSRGx1R3NNZnFua2Z6dmVjTUhlYllYUU0iLCJtYWMiOiIzNTFmZWZmM2M3YTIyOTMyMjZjNDlhN2U0MWI1OTFiMWVmYzIxNDI4YWY5YjY3ZmY5MjRjOWM1ZjdiY2MyMmRlIiwidGFnIjoiIn0%3D; expires=Sun, 04-Sep-2022 21:54:40 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6ImhyeEQ0NE9ONkN1NVpLYml4WmRseGc9PSIsInZhbHVlIjoiNy9uanJaZDdrSkNHNDFFeVlJUkU3RHgvWUVvbGNzRXR6OGhYb1FxcDlwbXhub2NNVS94dDVVVmoxeFRtVFZvWTZBQmorOXFRb2I1WE5kWjQvSXMxT05OQjZ5OURjU3hHSG9hYTQycUFncnVmSkFjeG9kTzA4bVpLanUzMnh4TzUiLCJtYWMiOiIxOWI3ZDgyNDgzYjcyM2Y3ZjAzNDhjZjg0M2ZjY2U0NjgyZDc0N2Q0NTJiODU0MmE3MWI2Y2Q4MTQ1YmU5NTg4IiwidGFnIjoiIn0%3D; expires=Sun, 04-Sep-2022 21:54:40 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 420a6ffc72857f7132a9065de7c844a9
dee617384561d0790b72f096336b73ade7950579
c98bdc53f1f22291c4b954e9bd5f6432cfe3d5b24e3680b4ada3fc3a696e79d7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 19:54:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 6429b930abfde63299f0904d2799142e
7a33a6893301f185e5de5e038574da5e56a3fb6d
2e66f86cab83f1b68b77449fea4c92103f1d850f3da21af5295c3ec75889520a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3428
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 19:54:40 GMT
Last-Modified: Sun, 04 Sep 2022 18:57:32 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 1931a32d83e4feb5268887bcb07fcc1e
6fb75c21ced29544dd6d7c3b0ef79adf65718a39
d794fae0b82097a2e97af2f21b6c243832081f88036a2a56bbeeabb08790d88d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 19:54:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/v3/signin/identifier?dsh=S-1375218202%3A1662321280231081&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmV3QllTcOkijVNbNnou4Rb1yoLoI_06-B-aQuNzIYSjbKbL1q0IrjdeWwPzNyGsPonn_xhB
216.58.207.237403 Forbidden 805 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-1375218202%3A1662321280231081&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmV3QllTcOkijVNbNnou4Rb1yoLoI_06-B-aQuNzIYSjbKbL1q0IrjdeWwPzNyGsPonn_xhB
IP 216.58.207.237:0
Hash e1a5b1d5c1e036862c2490d2d6beff4e
c43526781355ecca0c8405629ccba4953782c7e5
0e508b72d6e18b080f4c30814dd833cc78c377e92139838cf7bdf3845620cd3d
GET /v3/signin/identifier?dsh=S-1375218202%3A1662321280231081&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmV3QllTcOkijVNbNnou4Rb1yoLoI_06-B-aQuNzIYSjbKbL1q0IrjdeWwPzNyGsPonn_xhB HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 04 Sep 2022 19:54:40 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-52pL6CFyVTz5x5L9SWVZXA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=r6mFwn-Kn1nNwiEo3IkV1KW_meIxigOfOdZm5OQCyXNM5KpJw6vI_C519QbX3h0G78WbUAlNwtiWFsRmxMklogVQiulrkO3lOLIpF-LBGUhBs_iVN5KHjKwG5WMf6XKgTo6mFCC7luFRjdee6JWGLM4s2Yt3wobKTatgeb9q9C8; expires=Mon, 06-Mar-2023 19:54:40 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 1931a32d83e4feb5268887bcb07fcc1e
6fb75c21ced29544dd6d7c3b0ef79adf65718a39
d794fae0b82097a2e97af2f21b6c243832081f88036a2a56bbeeabb08790d88d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 19:54:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
35.164.56.167101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.164.56.167:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 6xXTTFWjnd7mRfJd8JqNog==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: V/6oZ+YcUTTZG9EdwbKytfoCjJo=
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4689
Expires: Sun, 04 Sep 2022 21:12:50 GMT
Date: Sun, 04 Sep 2022 19:54:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4689
Expires: Sun, 04 Sep 2022 21:12:50 GMT
Date: Sun, 04 Sep 2022 19:54:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4689
Expires: Sun, 04 Sep 2022 21:12:50 GMT
Date: Sun, 04 Sep 2022 19:54:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4689
Expires: Sun, 04 Sep 2022 21:12:50 GMT
Date: Sun, 04 Sep 2022 19:54:41 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7142280-0dbd-4c8e-a960-d357c9143af6.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7142280-0dbd-4c8e-a960-d357c9143af6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 10318189f33f071dda64249ab9c8c5bb
e5b5b649a243e5c004d9923d19d4421d1ea96d23
3e775a1990e4d185024faf2fdff7a5eb9063f7ee19784f32fb4f7f10643c8102
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7142280-0dbd-4c8e-a960-d357c9143af6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5652
x-amzn-requestid: 05fffcb2-43c0-4acf-81b2-1b914459e1e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wwHErUIAMFmNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c800-47fe166763992ab271a87aa4;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:32:48 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: uz2NbcE4AmOvFQkhJALSpXCGizilya0TuFcczfEwtV09cGXtgVNlpQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 22:04:35 GMT
etag: "e5b5b649a243e5c004d9923d19d4421d1ea96d23"
content-type: image/jpeg
age: 78606
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd43481e-3c33-4c05-9216-2cc734e840b4.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd43481e-3c33-4c05-9216-2cc734e840b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1bdfdf7e36f78f2f0e4d7ede9fdb76a8
babb88202741bbf2d4fd25e0731a4a7a6fcc28f8
949ea108642789e1014150909060f11d99608f082760d0e868a90282f2768d43
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd43481e-3c33-4c05-9216-2cc734e840b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9690
x-amzn-requestid: 614c99f8-116a-4603-bcde-3fbd5bfa14d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wx1HInIAMFiYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c80b-25c09c3227d72395408782f0;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:32:59 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5_jCLvdAC-XR-ax3RUbbx9275KPwACOPtAMxSbmv-aP-Lra4sC5zvw==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 21:51:26 GMT
age: 79395
etag: "babb88202741bbf2d4fd25e0731a4a7a6fcc28f8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F514b7fbd-ae99-4219-bd03-50e907f92b7b.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F514b7fbd-ae99-4219-bd03-50e907f92b7b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ca50f9c56ff869b0b63ca71b1a9f8170
13b16ca74113dfd52ccf23e6bb39307fc713f984
76b85dd7e018ab4b3d4b2610f90dbca61d0f05d38a3b905fee789af131ae7538
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F514b7fbd-ae99-4219-bd03-50e907f92b7b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14855
x-amzn-requestid: 65cf850b-227a-4318-a00e-d7cd4ef81489
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wjuGtpoAMFvvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c7b1-54bc36741984491b0509d173;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:31:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: M9Y8U9vqVs1ATiPP9jLPybTJ-xwC--5oiRUpj9-imTWfh6_rmtL5Kw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 21:58:42 GMT
age: 78959
etag: "13b16ca74113dfd52ccf23e6bb39307fc713f984"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa54e2726-407f-4a8a-8d19-21de249844f5.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa54e2726-407f-4a8a-8d19-21de249844f5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fc4ceb10dd9fcaab21ae58dcf10c401f
6ce530af682094dc5413db9de02565691fab4da7
84ad58e126cce2ab6b1568ffe89a116bc1de0310bb72d4530eead2fb8191572c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa54e2726-407f-4a8a-8d19-21de249844f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11380
x-amzn-requestid: 61f37e21-33a8-49e6-b384-4ca1fcfbffa5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xz8TLFA3oAMFQjg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63117414-42de5c4128eb9e011d848356;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 03:10:12 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: sywGj-wLtW091vZYhx1AbRAgljYQWe6LuffDjwTDhEebqVzxpQuzEQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 03:48:58 GMT
age: 57943
etag: "6ce530af682094dc5413db9de02565691fab4da7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c475e9b-fa82-4942-8a4a-d6d3f5061558.webp
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c475e9b-fa82-4942-8a4a-d6d3f5061558.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8cdd0826b7d8be62cc2ed532e04e137b
383a0661fa09d9b48745b507389d0505303b6182
f2d04cf1ee9b5a885c246060c1036b21af4ecd3e51e5d05a529dbe0d63f7c2ac
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c475e9b-fa82-4942-8a4a-d6d3f5061558.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10713
x-amzn-requestid: d546a12c-c549-4ad3-80ad-6bad452927d3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5winGzHIAMFTPw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c7aa-2060c6611eb4abb777cc17a8;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:31:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: FRD_E3IP_SmjPQuoVEijMnLszBb5bhc_1PxJXOlmdyufLKzx33joTw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 21:48:07 GMT
age: 79594
etag: "383a0661fa09d9b48745b507389d0505303b6182"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
novidash.com/smartlink-css/631502567746675c1267e75f?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 8.7 kB URL HTTP/2 novidash.com/smartlink-css/631502567746675c1267e75f?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6bb4b1d74f1443bc3328301ab3ae6464
2768253dacaaad6cb498c6b2eb7694208b0ce0a6
07dcc95dab7757402998a5a61b540c965ce95c8bd51a814a09438981693b563a
GET /smartlink-css/631502567746675c1267e75f?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 04 Sep 2022 19:54:41 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IjRsdFdGL1g2dThnbmx5S3IwTCtPOGc9PSIsInZhbHVlIjoidXdrVldZK2I2STBaTDhBeWxMT1ZFYWE2dWg3ZERWRHRLaUUrTkdkbFBjMmxBWENxSFVyV0Fwdlg1Q2FtN0dZZExpcm1namYwTFVKRC9RWVdiK0RzTVE0ZzNFZmgzc0ZpRURmNE1qSmFibXljNmpVTGlFVE51TmZhMHc0WEZ1bjgiLCJtYWMiOiIxNWFiMWIxZDgyNWNiNTEwN2JkNWE2ZDQyMzliMDM0NTRhNjAzOTUxMjZiZTdkMzFiMDRhNzIzODlkYTBhMTQ3IiwidGFnIjoiIn0%3D; expires=Sun, 04-Sep-2022 21:54:41 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6InBOWDFWV2tDT1haM1pXREp1RXJJbmc9PSIsInZhbHVlIjoiYkdXSkJpK1V6c2VvUTY5UE5reXlpd2xBdTlsREtoeEJ3azh6enVCbytGRVNhZDE5TzFodTY5bzhzdkJTRjY5TnJPeEw3ZmRlNFRKS3pFVWxmYzY1YisrR1ljRm9QQVAvcmQ4UTFtSnpWNlZSMHd0RndNUWgyckcwQ1VheG4xM0IiLCJtYWMiOiIyMGQyYTVjODQ0ZTJmZTBkZDkzNTVhNzU1NmM0MzJlOTJiM2I3YThjNWJjZDc4NjNmZjVmYTA4ZGVmODFhNDZhIiwidGFnIjoiIn0%3D; expires=Sun, 04-Sep-2022 21:54:41 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE
35.186.224.25200 OK 0 B URL HTTP/2 accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE
IP 35.186.224.25:0
GET /login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE HTTP/1.1
Host: accounts.spotify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Sep 2022 19:54:39 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
x-frame-options: deny
set-cookie: __Host-device_id=AQDSzXbiCR848iTf2-rzF-l4C6r-R1vLVWhsNBzlKoPrnsLej1A6fKo-aq7cn2wv79O_QTrbnPmEogpZ_FTGFNdYcYYfaMpDWkw;Version=1;Path=/;Max-Age=2147483647;Secure;HttpOnly;SameSite=Lax
__Secure-TPASESSION=AQA7jKJeMrmeL+mz8cUctefxBTlKPhuHdnemZ3DXxUEDzJBQ6LVkvEJmr7dxDWEAJtaRP0tHb7JLNUZ32k8JV5T9HIcl90OIL5k=;Version=1;Domain=accounts.spotify.com;Path=/;Secure;HttpOnly;SameSite=None
sp_sso_csrf_token=013acda71987757aa24dc78684a7b35fb8e8e3541231363632333231323739373436;Version=1;Domain=accounts.spotify.com;Path=/;Secure;SameSite=Lax
sp_tr=false;Version=1;Domain=accounts.spotify.com;Path=/;Secure;SameSite=Lax
__Host-sp_csrf_sid=13b04293bfc8718909edaf626dc649e1d3ef0f99e5ef75303e9ce8a1e15c9e5b; Path=/; HttpOnly; Secure; Expires=2022-09-4 20:54:39.746; Max-Age=3600; SameSite=Lax
content-security-policy: default-src 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.cookielaw.org/scripttemplates/ https://*.onetrust.com https://accounts.scdn.co; img-src 'self' https://i.imgur.com https://d2mv8tnci56s9d.cloudfront.net https://profile-images.scdn.co https://*.scdn.co https://graph.facebook.com https://fbcdn-profile-a.akamaihd.net https://*.fbcdn.net https://platform-lookaside.fbsbx.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net data: https://accounts.scdn.co; font-src 'self' data: https://sp-bootstrap.global.ssl.fastly.net https://fonts.gstatic.com https://*.scdn.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css2; frame-src 'self' https://www.spotify.com https://www.google.com https://app.adjust.com https://itunes.apple.com itms-apps: https://www.google.com/recaptcha/; connect-src 'self' https://*.spotify.com https://www.google-analytics.com https://*.ingest.sentry.io/;
x-content-security-policy: default-src 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.cookielaw.org/scripttemplates/ https://*.onetrust.com https://accounts.scdn.co; img-src 'self' https://i.imgur.com https://d2mv8tnci56s9d.cloudfront.net https://profile-images.scdn.co https://*.scdn.co https://graph.facebook.com https://fbcdn-profile-a.akamaihd.net https://*.fbcdn.net https://platform-lookaside.fbsbx.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net data: https://accounts.scdn.co; font-src 'self' data: https://sp-bootstrap.global.ssl.fastly.net https://fonts.gstatic.com https://*.scdn.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css2; frame-src 'self' https://www.spotify.com https://www.google.com https://app.adjust.com https://itunes.apple.com itms-apps: https://www.google.com/recaptcha/; connect-src 'self' https://*.spotify.com https://www.google-analytics.com https://*.ingest.sentry.io/;
sp-trace-id: 959dce5e68ad516e
content-encoding: gzip
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.dropbox.com/login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif
162.125.71.18200 OK 0 B URL HTTP/2 www.dropbox.com/login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif
IP 162.125.71.18:0
GET /login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif HTTP/1.1
Host: www.dropbox.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache,no-cache, no-store
content-security-policy: base-uri 'self' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; connect-src https://* ws://127.0.0.1:*/ws ; default-src 'none' ; font-src https://* data: ; form-action 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; img-src https://* data: blob: ; media-src https://* blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' https://www.dropbox.com/static/api/ https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client 'nonce-uvsTNIufV9JAdNXAJm4Z' ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; worker-src https://www.dropbox.com/static/serviceworker/ blob:, report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-uvsTNIufV9JAdNXAJm4Z' 'nonce-tHR0quZ133dkvyfTPR9w'
referrer-policy: strict-origin-when-cross-origin
set-cookie: gvc=MTQ0MTY3MzkwNzMzNjUxMjAwMjM3MTIzOTk3MzMxNTU0NzE3MjU1; expires=Fri, 03 Sep 2027 19:54:39 GMT; HttpOnly; Path=/; SameSite=None; Secure
t=nq4S-UNNUrccXInsT_Gl38dw; Domain=dropbox.com; expires=Wed, 03 Sep 2025 19:54:39 GMT; HttpOnly; Path=/; SameSite=None; Secure
__Host-js_csrf=nq4S-UNNUrccXInsT_Gl38dw; expires=Wed, 03 Sep 2025 19:54:39 GMT; Path=/; SameSite=None; Secure
__Host-ss=CWinL9FgXY; expires=Wed, 03 Sep 2025 19:54:39 GMT; HttpOnly; Path=/; SameSite=Strict; Secure
locale=en; Domain=dropbox.com; expires=Fri, 03 Sep 2027 19:54:39 GMT; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-server-response-time: 132
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8
date: Sun, 04 Sep 2022 19:54:39 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: abce4c4fa1624db1813172eb84879d42
X-Firefox-Spdy: h2
novidash.com/smartlink-css/631502567746675c1267e75f?fingerprintid=9e4947f35751465411fd1a4f5c358c78
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/631502567746675c1267e75f?fingerprintid=9e4947f35751465411fd1a4f5c358c78
IP 188.240.52.20:0
Analyzer Verdict Alert fortinet Phishing
POST /smartlink-css/631502567746675c1267e75f?fingerprintid=9e4947f35751465411fd1a4f5c358c78 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 22283
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 04 Sep 2022 19:54:40 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6ImFwNWxKVi8ybzlvMmFOOWFac05CNnc9PSIsInZhbHVlIjoieDhYUXlGVy9WcDRDdFBsTDV3Z0JIcXJyLzJ6RGkxVWlER2lFaDBJMUVNUUg2ZXEycUc0N3IzVDJvbnJ1S3pRUVdrYkpvWVNGTzRvRTB6ZVNEaXp1UWZTaGJocGRqSFQvditwUFluZzRKZ0JETkFkMDhSTU8yUEVlZTBDWUFmbHkiLCJtYWMiOiJiMmE3MzkzZDI2ZGMxNWMxM2RmZjA1YmRjM2Q3OWM3NThlNzM1ZDA0ZGJhZThiNTQyNWE1ZjA4NDk2OTg1YjEyIiwidGFnIjoiIn0%3D; expires=Sun, 04-Sep-2022 21:54:40 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6InVzRVlrT2FsTUZvTGk5M1pNZzYweHc9PSIsInZhbHVlIjoiOExvaG9VQ09HeXBMbG4yd3llcGd3MERqZ2t0M29zeEpDWDhyM2JOdjc0TzZtV1h6Q1BtdkhVdGs3MER5eE0za3UyVnFFV2dFbzg2Rjk3MjFqMS9WeEVXVXFuQ3Vha3NzdTlPVVcrbVI1d242a0tNTlFzMHVicCt2U0tIbE92ZEEiLCJtYWMiOiI1MWRlMmU1MjNkMDU2YzM4MTI2NGU3NDBkNzllZjRhZjU0ZWJhYjQzZGNjMWE4MzJhYjAzNjlkODZkZTRhYzgzIiwidGFnIjoiIn0%3D; expires=Sun, 04-Sep-2022 21:54:40 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S789101659%3A1662321280244144&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmX_J9W_57EQf3YNPL-VrbJq4U9AhYw7K6uMvMtVxl9RNq90rwAbYWJ2HO_lwTHCNK3nXdpW
216.58.207.237403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S789101659%3A1662321280244144&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmX_J9W_57EQf3YNPL-VrbJq4U9AhYw7K6uMvMtVxl9RNq90rwAbYWJ2HO_lwTHCNK3nXdpW
IP 216.58.207.237:0
GET /v3/signin/identifier?dsh=S789101659%3A1662321280244144&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmX_J9W_57EQf3YNPL-VrbJq4U9AhYw7K6uMvMtVxl9RNq90rwAbYWJ2HO_lwTHCNK3nXdpW HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 04 Sep 2022 19:54:40 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-y3lheHIAopBA2SxNLDlnWg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=IvpXAQ2rRPoeqFOAgDUNCr4ejgoXvqdy6oKcxcY3F-_nr-Mf-d7xhkI3jgZ1MDYP3zq2BDlrhxnt4e_XpJukrUFl9Q0wNBOKu5AK3zwlHK3gqNmHtJhomUgNGCStekKbsudlRslfkACwKONNvKwr3tjorEcC5EFzglInvsp4PFM; expires=Mon, 06-Mar-2023 19:54:40 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.hotjar.com/c/hotjar-2841648.js?sv=6
54.230.111.39200 OK 0 B URL HTTP/2 static.hotjar.com/c/hotjar-2841648.js?sv=6
IP 54.230.111.39:0
GET /c/hotjar-2841648.js?sv=6 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
date: Sun, 04 Sep 2022 19:54:36 GMT
access-control-allow-origin: *
cache-control: max-age=60
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: W/4e22226e49adc05eb6faadaa6a4845bf
strict-transport-security: max-age=86400; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hAQBeAER9DMqOWDK7ywqNHVjk69TR179slxcygvDktzJzxkXETWrGw==
age: 4
X-Firefox-Spdy: h2
novidash.com/smartlink-css/631502567746675c1267e75f?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/631502567746675c1267e75f?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
GET /smartlink-css/631502567746675c1267e75f?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 04 Sep 2022 19:54:40 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IkNVTVR2eWZsMkl1b0Q3MUhKSk9yR1E9PSIsInZhbHVlIjoicEoxNWhxUkRFMzBhQ0ROQXNDNlpCaGtqWmtwM1laN0dpZXFEZzJSR0ZPQXNXdG4rdm9HdTh1ZVljV1ozODdoeklVaVdVUndlYUVLZTNYSDRnOXFUMlgzZWRLNWZqL3ZhZnJyd2h0T1YrQWk4UW90Z040TksrcHZMbW8zN1dCNzkiLCJtYWMiOiI1NTA3Mjg4MGQ1YTA4YzgzMzk3OGQwNjA4NWU3M2VhZDZmZTJiNmJhZDk5NzQ4MWVkY2U4MzJjOTg4MTRiNWVkIiwidGFnIjoiIn0%3D; expires=Sun, 04-Sep-2022 21:54:40 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IkpyRUs0TTBURU1DNWJZOThrdWN3L0E9PSIsInZhbHVlIjoiZEVqVE83ZDBTTUc2N2E1ektHcElqL3JRTGFRNnR3S1BxYkRnc0NEcEFpWVkwWUk0RlQ5amcrZUluMFdYcjgwVnQ1amRnTTEyalh1d29JVWEweGxYenpIajFiVDFzK0k3cUdTYmYvS1B6V0kxbVhCa0c2SW14UWxtWXUvOXVBZGQiLCJtYWMiOiJlZTIzY2MwMzk4ZGEwMTJhMDYwZWRmNmZiYmUyNDI2YjFlMGE2NTJjZTgxNjY2OTQ5YTY5OGRlZTgyM2YwODk3IiwidGFnIjoiIn0%3D; expires=Sun, 04-Sep-2022 21:54:40 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.2/css/all.css
172.67.169.247200 OK 0 B URL HTTP/2 use.fontawesome.com/releases/v5.7.2/css/all.css
IP 172.67.169.247:0
GET /releases/v5.7.2/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Sep 2022 19:54:39 GMT
content-type: text/css
x-amz-id-2: VNs44EdYnVsR7yRkFRjjQMe9GbPcPI45GyTdcLNnrqSnbnNerDEK4nE5reF8rADlg7WjK7/sXMQ=
x-amz-request-id: RGMN37YZWRRP0XC1
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:57 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 212298
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tAIyNl%2FnRC2Pvr7eMFSeq%2BHauf76ceu4ipqHWkC16M%2BUluBhloB2o0sKaE6zPQHzBPR3N3xdW5ERpY6gvdCf7pJ%2BcazZ8gYzpz6DNWhUYMkvtaG4g2nh0O4XGdDXrvlHkCx7ErUt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7459473c28181bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":3600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}],"group":"network-errors"}
nel: {"report_to":"network-errors","max_age":3600,"failure_fraction":0.01}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: sMNlnQ2qw4pusowtHa7+TFf5c/iXYiBTxBqibgHhwCWpYpGrqjgTEgTXepLml3iKSnfWxRHNH5+J+5KPtmiPCQ==
date: Sun, 04 Sep 2022 19:54:40 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
novidash.com/smartlink-css/631502567746675c1267e75f?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/631502567746675c1267e75f?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
GET /smartlink-css/631502567746675c1267e75f?sop=3&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 04 Sep 2022 19:54:42 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6Im5heDZvOTE4K1BTaDVyU1IyK3kySnc9PSIsInZhbHVlIjoiQ1o2VkxXeG01VlZDbm1Fa2tQSVhqdEp2alIrc1FBVldTY24xQ0ZDYkJWWTRyRWFLMjd6Nm9vV1B6ZTFNaFFINkFHT21wanNMeTBsZzBENVBTa0JmVUNyWUdqQkdWOGV5S1h6QVJRL2NkNkZlWXc1ODRHZGZuNUs1VVNlMnVtR3oiLCJtYWMiOiJkYzE2MGM1Mjc5NWY2YTlhZGQ4Yjk5OGQyNzYzZTM0ZjY3YjQwODY2YmQyOGM1YWU3YmE2MTBlY2U5ZGExNTJkIiwidGFnIjoiIn0%3D; expires=Sun, 04-Sep-2022 21:54:42 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6Inl6ZVZuK3lUUDVCM2l4SmFsU0k2Nnc9PSIsInZhbHVlIjoiamVpdllVWHc0QkJ5SFpkd0hjYlBsdkJ2ai9zcEUvSzVnN3ZiMmVUOGVlQTJUdUx1Y3dmZnkxNHg3bGxTY29qV1JlTkNlRVBXNkRLSmVlK2FCdHJXNWh3RGF1QzJGT2hrWHcvSllHWHRObFVHWFBPaVFvc3d1dVhqVzJCL2EvY2IiLCJtYWMiOiI3N2NmMjFkZDU4OWM3NDUxZmFlMjVlNDg0ODU2NWZmOGM2NGYxODY5NTExOTJmNDEwMmI0ZTUyZjY3YjEwOGViIiwidGFnIjoiIn0%3D; expires=Sun, 04-Sep-2022 21:54:42 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
novidash.com/smartlink-css/631502567746675c1267e75f?sop=7&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/631502567746675c1267e75f?sop=7&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
GET /smartlink-css/631502567746675c1267e75f?sop=7&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 04 Sep 2022 19:54:46 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IkU5bitqNXgzT0VWcUtxSTQvS1FKVEE9PSIsInZhbHVlIjoienZFSkYyUGNZTG1CdllzbUlZMVlSc3ViL2pMQU82K1ZsaFNEQk56OGdod1QyVUpZLzdRaU9nT2pGZVFDYTYwbE0zSy9MMWdGc2diam1sanVuQUFsQ1Y0bGhDVjgxOVZWRjVJSVNDV1JYbzNVVEh1clZUQ25pS25KT05KVTRZK0MiLCJtYWMiOiIzNjllMmIwY2FlMmNmNTAxZDA3MDZkZTc5MzBhZDhhMzVlOGQ0NGRjNDczNWU3N2ExNTIxZmEzNDZiNmNiNjk5IiwidGFnIjoiIn0%3D; expires=Sun, 04-Sep-2022 21:54:46 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6Inp4VEZKRDNURnBkWExXdWtFVUNWYXc9PSIsInZhbHVlIjoibHh2VUppWGNmNnE4VkY3NUpmaGt5d2ozVHNQNlgydGNSTHFhRm1zM3Q2aU5XVUQxUVl6YmVuWlptU245NUFtMjA4RWxrQmxuUldoMUNTWUdqSkhiWXpBZG15cmNqc2hzZlVQVm02VktaS1BpanU1dUVURUlyQktCcUNJT244Y2giLCJtYWMiOiIyZDhhMzZkNWM0YTY4YzFjYzU3YWY2MDQ5ZDlmM2FhNjJjZWM1YzFjZDQ5ZGJjMzIxZWZiMjk5NGQ2NDVlMjY5IiwidGFnIjoiIn0%3D; expires=Sun, 04-Sep-2022 21:54:46 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
novidash.com/landing-interaction/900216482
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/landing-interaction/900216482
IP 188.240.52.20:0
Analyzer Verdict Alert fortinet Phishing
GET /landing-interaction/900216482 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://other.landerhd.com
Connection: keep-alive
Referer: http://other.landerhd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Sun, 04 Sep 2022 19:54:48 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IkJEWVMrbXE1WjA4VXJJZFFZQWFLY2c9PSIsInZhbHVlIjoiUStuUDZnbmJpMGNpYW5QMFFjamEwOERJT0Z6amE2ZkhEek5NQmRZOEFzTFZkOXZCazdOaEZIT3Fod09yV0VReUM5MHdxMGpJQXJST0JTRUpzcVZnYXJ0Z04yM213UWJwVHNmaHNvS0VRZGlJUytwYXF3bGt1VVY1LzVCV3R3MkQiLCJtYWMiOiIxNTU4MjhmMTQ4MDI3MTFhZTYyNTU0NjA5ZGVmMjliNGUzNTczMjlhODUwNWFiZjY4M2FiZGY4MzgzYjllYzNiIiwidGFnIjoiIn0%3D; expires=Sun, 04-Sep-2022 21:54:48 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IlZDOWZXVTV5c1E3MFFYYkxlZklaQ1E9PSIsInZhbHVlIjoiWG1lUlloU1JsN0g3NTk2Q0tqWEhRb1NaWXorUyt1b0NoMWZrZndvSDVGM0xzbTNFaW4rdjJVbHV6SEIrZVZtMHNTdmt0QUwvaTRjWVlKa1YyMUFUQk5pWHB1TGZmdGFhdDBZV1NjTldJWnVxS3ArRGlSRld3a3JhWFMxQWx1OFYiLCJtYWMiOiI0OWE5OWQ1YzJiZWY5M2EzZjI5NzIwNTU2NzZlZDc2Yzk1YWE2Y2UzYTBhNThlZDdlYmVkYzc2N2ZjZjAwNmI5IiwidGFnIjoiIn0%3D; expires=Sun, 04-Sep-2022 21:54:48 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2