dratingmaject.com/06b010c4-8875-4a48-86f7-dacb4c869b1f
18.195.149.11302 0 B URL HTTP/1.1 dratingmaject.com/06b010c4-8875-4a48-86f7-dacb4c869b1f
IP 18.195.149.11:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /06b010c4-8875-4a48-86f7-dacb4c869b1f HTTP/1.1
Host: dratingmaject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Server: nginx
Date: Mon, 05 Sep 2022 19:55:31 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wnne5ev3v2hch3riimdoknds&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61
Pragma: no-cache
Set-Cookie: 06b010c4-8875-4a48-86f7-dacb4c869b1f-v4=dWdFctkVotwc9iXk3cDebsqTRX3g99JGd2A4OKGm9ws; Max-Age=86400; Expires=Tue, 06-Sep-2022 19:55:31 GMT; Domain=dratingmaject.com; Path=/; HttpOnly
cc-v4=WiroNRuvlwSF9%2BWWyoVPQ0ylTP6V7xZjVSFvHNdqO4BzinasdU6tmLMlyd19F%2BmtUzkqaIB3y5a1%2FKERPoVKdMRW880I7kExLxP%2BImhKLKTKzyQH4Woie3zO%2FEIGev5LNnxu9kn1xy37syOefetWrg%3D%3D; Max-Age=31536000; Expires=Tue, 05-Sep-2023 19:55:31 GMT; Domain=dratingmaject.com; Path=/; HttpOnly
firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 05 Sep 2022 19:44:57 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: HhsRo5AGWJIWFJyEY-yY_f_Yxllu8DrjEZahjeiNeUYjzX-ULjD9HA==
Age: 634
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d931e0142ef5ffe9cdb4c4c6bfcb9bc9
d9c4caf525e8926b042a14f38d374cc4033ed768
f610984fb0a75b3a31424faa860cbc8172c7f21804df1dc14fbb685b7c456f29
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F610984FB0A75B3A31424FAA860CBC8172C7F21804DF1DC14FBB685B7C456F29"
Last-Modified: Sat, 03 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5015
Expires: Mon, 05 Sep 2022 21:19:06 GMT
Date: Mon, 05 Sep 2022 19:55:31 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 05 Sep 2022 01:15:19 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: FKPEwKyWj-QCwanXagd0FnywXuTXkutAcFx_p78gW3wKvPnGelehnQ==
age: 67214
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 19:55:31 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Mon, 05 Sep 2022 19:38:16 GMT
Expires: Mon, 05 Sep 2022 20:29:58 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: y9PuQimzy0bvxvBrzVUPFL5ma1_K8ZZJMl7KqOYvLSDWhL1kxt2B2w==
Age: 1036
other.landerhq.com/landingpages/mcafee/logo.png
188.240.52.20200 OK 30 kB URL HTTP/2 other.landerhq.com/landingpages/mcafee/logo.png
IP 188.240.52.20:0
File type PNG image data, 1280 x 257, 8-bit/color RGBA, non-interlaced\012- data
Hash 26740ccd6ca2d5d3542f4b0d540bd30c
13c7ccbb771765399a7aeb351a9c8d79e668c480
9db2bed7f1778805e72f7f079f0b8789eaf039e3d9124145d2e88dab53e22ae2
GET /landingpages/mcafee/logo.png HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/900546643
Cookie: XSRF-TOKEN=eyJpdiI6InU3TnN5c0oremRoa1FVdHF6bmc2blE9PSIsInZhbHVlIjoibjhYRzNxNEhBMnJpdXVrcG53TVo0R3RMRFhxQWRsZWE5N1UrV0hEbGJ0azhWdzBxbHZUNG83aklzYndFdDJPVlN0YUk4aDJ1OUpMaFlFZ3BHMTdWYjNDQlBCV0ZYSTRKVE9VUjE0bFg0NWZhMzJjUGhQZEhybGswZFFZOU1kVTciLCJtYWMiOiJmOTc5Mzg0NzczYmNlNGExYmQ1M2U0ZTA4ZmViYzhhODliZDdiMWM1NWU0NjkyZjIyZDNlNjIwMmUwNzBjMjQyIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6InVuNnBwMXNGeHI5cU05aHU2QWNPckE9PSIsInZhbHVlIjoiU3NzZGZWSEdOUjNFNWVDY3hOOTJtMGtIV3pJMjJJRFFUeXErMlVSQmM5ejk4dEJ3Yi96NGZHM2pUVXVVZGlYS1pzRXJEcjBBWSt1dzAzQzdkUzlaYlJ5RHIxQkJYTkl0YThRdml6K2U4T3I3bUxNZ21TcXZNWGtqNXZvVjlsR1QiLCJtYWMiOiJiZDM2ZDkwYjEzOTE4ZDdjNjEwNDQ2NGU1N2U0MmU0OThkOTY4YzllYThkMmU5NGIyMzY4YWRiNjdmYjVhMjkzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Mon, 05 Sep 2022 19:55:32 GMT
content-type: image/png
content-length: 30211
last-modified: Wed, 31 Aug 2022 12:57:27 GMT
etag: "630f5ab7-7603"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js
151.101.85.229200 OK 14 kB URL HTTP/2 cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js
IP 151.101.85.229:0
File type Unicode text, UTF-8 text, with very long lines (33348)
Hash e7b94e944315bb48c9b9820ad324718d
f77317565b6243287bd3ee74fe96a9632fef559a
4c8e188a605e3090b34c87622bf7038d6699cb06af2f242eb77843ff3966f97a
GET /npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.3.5
x-jsd-version-type: version
etag: W/"8392-Rfi4DUKsZmgOw+7TcNmFhcx8ixc"
content-encoding: gzip
accept-ranges: bytes
date: Mon, 05 Sep 2022 19:55:32 GMT
age: 24723
x-served-by: cache-fra19142-FRA, cache-bma1680-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 14137
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js
151.101.85.229200 OK 3.1 kB URL HTTP/2 cdn.jsdelivr.net/npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js
IP 151.101.85.229:0
File type ASCII text, with very long lines (8836)
Hash b066530dd980f68abf6d92414bc4c7ed
34ad41df121cf682a0471d60e19ca4590fb5314f
b494f22ff0e7d3f34e58eed4232718aec04e61857777fff1bee495f488a52084
GET /npm/@fpjs-incubator/botd-agent@0/dist/botd.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.1.20
x-jsd-version-type: version
etag: W/"2349-ZoOIlhfcFugXpJwXzjjzWO/fFjg"
content-encoding: gzip
accept-ranges: bytes
date: Mon, 05 Sep 2022 19:55:32 GMT
age: 38309
x-served-by: cache-fra19148-FRA, cache-bma1680-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 3067
X-Firefox-Spdy: h2
other.landerhq.com/landingpages/mcafee/360.png
188.240.52.20200 OK 38 kB URL HTTP/2 other.landerhq.com/landingpages/mcafee/360.png
IP 188.240.52.20:0
File type PNG image data, 125 x 168, 8-bit/color RGBA, non-interlaced\012- data
Hash 15f432f9006e7256a9452bdd27835619
7042133d844e198542a7cc1fadcc513059130fe6
010ba660952072e4c859f26dd1f74bc21cc2d7bdbf7c37b90d9e3ed279ad500f
GET /landingpages/mcafee/360.png HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/900546643
Cookie: XSRF-TOKEN=eyJpdiI6InU3TnN5c0oremRoa1FVdHF6bmc2blE9PSIsInZhbHVlIjoibjhYRzNxNEhBMnJpdXVrcG53TVo0R3RMRFhxQWRsZWE5N1UrV0hEbGJ0azhWdzBxbHZUNG83aklzYndFdDJPVlN0YUk4aDJ1OUpMaFlFZ3BHMTdWYjNDQlBCV0ZYSTRKVE9VUjE0bFg0NWZhMzJjUGhQZEhybGswZFFZOU1kVTciLCJtYWMiOiJmOTc5Mzg0NzczYmNlNGExYmQ1M2U0ZTA4ZmViYzhhODliZDdiMWM1NWU0NjkyZjIyZDNlNjIwMmUwNzBjMjQyIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6InVuNnBwMXNGeHI5cU05aHU2QWNPckE9PSIsInZhbHVlIjoiU3NzZGZWSEdOUjNFNWVDY3hOOTJtMGtIV3pJMjJJRFFUeXErMlVSQmM5ejk4dEJ3Yi96NGZHM2pUVXVVZGlYS1pzRXJEcjBBWSt1dzAzQzdkUzlaYlJ5RHIxQkJYTkl0YThRdml6K2U4T3I3bUxNZ21TcXZNWGtqNXZvVjlsR1QiLCJtYWMiOiJiZDM2ZDkwYjEzOTE4ZDdjNjEwNDQ2NGU1N2U0MmU0OThkOTY4YzllYThkMmU5NGIyMzY4YWRiNjdmYjVhMjkzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Mon, 05 Sep 2022 19:55:32 GMT
content-type: image/png
content-length: 38110
last-modified: Wed, 31 Aug 2022 12:57:28 GMT
etag: "630f5ab8-94de"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
other.landerhq.com/landingpages/mcafee/os_versions.png
188.240.52.20200 OK 3.1 kB URL HTTP/2 other.landerhq.com/landingpages/mcafee/os_versions.png
IP 188.240.52.20:0
File type PNG image data, 135 x 26, 8-bit/color RGBA, interlaced\012- data
Hash e662ac219b9626c6488250a2b09640c5
45636878adece610ed4d2c44bb177ac53e68adfb
cb28be8a2c6c7ef36afd59c211b5a1f50ad26229c14ae714c39df687c96ab823
GET /landingpages/mcafee/os_versions.png HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/900546643
Cookie: XSRF-TOKEN=eyJpdiI6InU3TnN5c0oremRoa1FVdHF6bmc2blE9PSIsInZhbHVlIjoibjhYRzNxNEhBMnJpdXVrcG53TVo0R3RMRFhxQWRsZWE5N1UrV0hEbGJ0azhWdzBxbHZUNG83aklzYndFdDJPVlN0YUk4aDJ1OUpMaFlFZ3BHMTdWYjNDQlBCV0ZYSTRKVE9VUjE0bFg0NWZhMzJjUGhQZEhybGswZFFZOU1kVTciLCJtYWMiOiJmOTc5Mzg0NzczYmNlNGExYmQ1M2U0ZTA4ZmViYzhhODliZDdiMWM1NWU0NjkyZjIyZDNlNjIwMmUwNzBjMjQyIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6InVuNnBwMXNGeHI5cU05aHU2QWNPckE9PSIsInZhbHVlIjoiU3NzZGZWSEdOUjNFNWVDY3hOOTJtMGtIV3pJMjJJRFFUeXErMlVSQmM5ejk4dEJ3Yi96NGZHM2pUVXVVZGlYS1pzRXJEcjBBWSt1dzAzQzdkUzlaYlJ5RHIxQkJYTkl0YThRdml6K2U4T3I3bUxNZ21TcXZNWGtqNXZvVjlsR1QiLCJtYWMiOiJiZDM2ZDkwYjEzOTE4ZDdjNjEwNDQ2NGU1N2U0MmU0OThkOTY4YzllYThkMmU5NGIyMzY4YWRiNjdmYjVhMjkzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Mon, 05 Sep 2022 19:55:32 GMT
content-type: image/png
content-length: 3073
last-modified: Wed, 31 Aug 2022 12:57:34 GMT
etag: "630f5abe-c01"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff2
172.67.169.247200 OK 74 kB URL HTTP/2 use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff2
IP 172.67.169.247:0
File type Web Open Font Format (Version 2), TrueType, length 74348, version 329.31064\012- data
Hash 462806316fea535a6a57651bc2b000b0
80644191098f863f25be27841c0d92c452cf2327
4f9ee3d8f6e621642979e6a8f7e75c57cb9da34918cc08a38abfe178dbae1dd2
GET /releases/v5.7.2/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Sep 2022 19:55:32 GMT
content-type: font/woff2
content-length: 74348
x-amz-id-2: xNQPoEQnhQIQPzGLOxlX/pISNuSrVWGB9lrg955rwcKI9KkCnAGXUiK9tBlSo5oL9WFXjVCiIcc=
x-amz-request-id: AZZFTW5SRB9G3SG9
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:46:18 GMT
etag: "462806316fea535a6a57651bc2b000b0"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 2350727
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vny6BdvDcr0tyKfWpw4gCJbQFEyS0QvhAb01avc93rAuZ%2FLnJH2VgaWucguniq0AnD0TfIEGvviuHsgO%2B1S1qDRdtEKQ3aaEgbyGNzpvp4GqnVqmKB2xVn9qiZMsGBE9xEE6bwfs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 746185e778b50b31-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.21.226:0
Hash 705e5c6c68230db8c4362ed8d6ecde3e
7dff641c29dc631da5c3a794189bd57101c884a3
649960b00905ff8c1309fdd6e4d183aea20f3c5b0a942b3ad806b625512fd3fe
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Sep 2022 19:55:32 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "1FED140A5D31588C1F6011C7B702177E8AC7789B"
Expires: Tue, 06 Sep 2022 06:00:00 GMT
Last-Modified: Mon, 05 Sep 2022 18:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2517
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 746185e78b7e1c0e-OSL
other.landerhq.com/landingpages/mcafee/bg.jpg
188.240.52.20200 OK 130 kB URL HTTP/2 other.landerhq.com/landingpages/mcafee/bg.jpg
IP 188.240.52.20:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x613, components 3\012- data
Size 130 kB (129948 bytes)
Hash 444f46588f202bb38dceb8191f606f3e
f4eb55005df6be8068bb9c78d7fc0cd70651a1dc
86102483f8cb9a2d5bd4771914f960e1ea0bf6b1866aa1c2b86f75a1018b94ce
GET /landingpages/mcafee/bg.jpg HTTP/1.1
Host: other.landerhq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/900546643
Cookie: XSRF-TOKEN=eyJpdiI6InU3TnN5c0oremRoa1FVdHF6bmc2blE9PSIsInZhbHVlIjoibjhYRzNxNEhBMnJpdXVrcG53TVo0R3RMRFhxQWRsZWE5N1UrV0hEbGJ0azhWdzBxbHZUNG83aklzYndFdDJPVlN0YUk4aDJ1OUpMaFlFZ3BHMTdWYjNDQlBCV0ZYSTRKVE9VUjE0bFg0NWZhMzJjUGhQZEhybGswZFFZOU1kVTciLCJtYWMiOiJmOTc5Mzg0NzczYmNlNGExYmQ1M2U0ZTA4ZmViYzhhODliZDdiMWM1NWU0NjkyZjIyZDNlNjIwMmUwNzBjMjQyIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6InVuNnBwMXNGeHI5cU05aHU2QWNPckE9PSIsInZhbHVlIjoiU3NzZGZWSEdOUjNFNWVDY3hOOTJtMGtIV3pJMjJJRFFUeXErMlVSQmM5ejk4dEJ3Yi96NGZHM2pUVXVVZGlYS1pzRXJEcjBBWSt1dzAzQzdkUzlaYlJ5RHIxQkJYTkl0YThRdml6K2U4T3I3bUxNZ21TcXZNWGtqNXZvVjlsR1QiLCJtYWMiOiJiZDM2ZDkwYjEzOTE4ZDdjNjEwNDQ2NGU1N2U0MmU0OThkOTY4YzllYThkMmU5NGIyMzY4YWRiNjdmYjVhMjkzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Mon, 05 Sep 2022 19:55:32 GMT
content-type: image/jpeg
content-length: 129948
last-modified: Wed, 31 Aug 2022 12:57:34 GMT
etag: "630f5abe-1fb9c"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b57a9dd04797bf34612c80361f1dffb3
56573166d8b9cd9b8dae19fd905e4f3293af306b
b03552109f1e7d1e482aa14614ffb1e38fb53ae4951152aab307b927674dad98
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3957
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 19:55:32 GMT
Last-Modified: Mon, 05 Sep 2022 18:49:35 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 89f5bfa4734b4f551bc2ace1f9f9a6d5
47069936ce02b11aa876a530929c6cbfc80a9570
f4138ca7c017abea9b7d03d22eac59fb1ec1394acabda7b504f8fb2d21373699
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5567
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 19:55:32 GMT
Last-Modified: Mon, 05 Sep 2022 18:22:45 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b916c89355739384d9640534f1b6891b
c5340ab2ebd75c6fd48b2d92bb25ef4c3ada0f5d
664190ed543efecdd4ad63752bbb3fd4963f9d065cf60632d9976e2e8e4186f5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4790
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 19:55:32 GMT
Last-Modified: Mon, 05 Sep 2022 18:35:42 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 194d72d26ddeaa8a8a266839eb707300
86427a0db92a3b4bd2690ad361109559c7212992
ab77f42ccfa0c649217777139f0d14a6742039596ee37a045c5fe96e7ca32338
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 19:55:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-TRL5HN2
142.250.74.72200 OK 46 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-TRL5HN2
IP 142.250.74.72:0
File type ASCII text, with very long lines (3238)
Hash cbecb7ee4f75e322a4fd7eada2966668
1a2a09a68606f835ec818fbba2c3616414099105
266652cd974db083af62ad4cb23384b8bc3e302d2102af686c4f65fe0529274d
GET /gtm.js?id=GTM-TRL5HN2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 05 Sep 2022 19:55:32 GMT
expires: Mon, 05 Sep 2022 19:55:32 GMT
cache-control: private, max-age=900
last-modified: Mon, 05 Sep 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46503
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.spotify.com/de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico
35.186.224.25302 Found 581 B URL HTTP/2 www.spotify.com/de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico
IP 35.186.224.25:0
Hash 3dc26631a47284d0a47376ade238151b
d43124647bc46bce02013dce3fe35366bb5a6b0a
3c6b28ba9d7b57d0943aafc13ed70c6d6f2dcc521eb34d4c719da25e7a903191
GET /de/login/?forward_url=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico HTTP/1.1
Host: www.spotify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 05 Sep 2022 19:55:32 GMT
x-powered-by: Express
set-cookie: sp_usid=8de8a520-3c51-41ba-aef0-eb275aac6e45; Max-Age=1800; Domain=spotify.com; Path=/; Secure
sp_m=de; Path=/; Domain=.spotify.com; Max-Age=115516800; Expires=Mon, 04 May 2026 19:55:32 GMT; Secure; HttpOnly; SameSite=Lax
sp_t=2f2e3745-1fd8-483f-ac60-b206aac97e59; Path=/; Domain=.spotify.com; Max-Age=31536000; Expires=Tue, 05 Sep 2023 19:55:32 GMT; Secure
sp_new=1; Path=/; Domain=.spotify.com; Max-Age=86400; Expires=Tue, 06 Sep 2022 19:55:32 GMT; Secure
sp_landing=https%3A%2F%2Fwww.spotify.com%2Fde%2Flogin%2F; Path=/; Domain=.spotify.com; Max-Age=86400; Expires=Tue, 06 Sep 2022 19:55:32 GMT; Secure; HttpOnly
location: https://accounts.spotify.com/login?continue=https%3A%2F%2Fwww.spotify.com%2Ffavicon.ico&_locale=de-DE
x-join-the-band: https://www.spotify.com/jobs/
content-security-policy: base-uri 'none'; connect-src https: wss:; form-action https:; frame-ancestors 'self' https://*.spotify.com https://*.spotify.net; object-src 'none'
sp-trace-id: 116351fa520b8954
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
vary: Accept-Encoding
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 194d72d26ddeaa8a8a266839eb707300
86427a0db92a3b4bd2690ad361109559c7212992
ab77f42ccfa0c649217777139f0d14a6742039596ee37a045c5fe96e7ca32338
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 19:55:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
52.41.246.187101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.41.246.187:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: hSCWjQRDyGdbKxzXKEIgvQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 8SxVY+MizvDeyPzuA9kTgv4Aczg=
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 6adffaaddcc1e5e34d970826f3339348
69b38325a82a68ad1bb82cd518983baaf3e1cf90
1e9408e4a8b8027fe78f791f5383066b141457e1364cf6ef49d4b86ff4185b9c
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=108947
Date: Mon, 05 Sep 2022 19:55:32 GMT
Etag: "6315559d-1d7"
Expires: Wed, 07 Sep 2022 02:11:19 GMT
Last-Modified: Mon, 05 Sep 2022 01:49:17 GMT
Server: ECS (nyb/1D11)
X-Cache: Miss from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: WqzyWSm_0q7UIwEhUbZc77rH_nABSX7Ia9Za8ZcQs2_a1ZYgR44TAQ==
Age: 1322
botd.fpapi.io/api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20
18.235.188.227200 OK 313 B URL HTTP/2 botd.fpapi.io/api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20
IP 18.235.188.227:0
Hash 684d863c068ab82d2543f47601441008
185aceea62d5d4aec473b662eae99ee506aec477
73cf730ce311ab226612a8a01f5f94eb62adebbcf851de6addba47c18041494b
POST /api/v1/detect?token=HtazsqGCe7nkVaIHchA&version=0.1.20 HTTP/1.1
Host: botd.fpapi.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://other.landerhq.com/
Content-Type: text/plain
Origin: https://other.landerhq.com
Content-Length: 21669
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Sep 2022 19:55:32 GMT
content-type: application/octet-stream
content-length: 313
server: nginx
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Origin, Content-Length, Accept-Encoding, Authorization, Auth-Subscriptions, Botd-Password
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://other.landerhq.com
x-amzn-trace-id: Root=1-63165434-58dc2ef81b7fa587676a4857
X-Firefox-Spdy: h2
novidash.com/smartlink-css/63165433f9e00455751e872c?fingerprintid=9e4947f35751465411fd1a4f5c358c78
188.240.52.20200 OK 1.2 kB URL HTTP/2 novidash.com/smartlink-css/63165433f9e00455751e872c?fingerprintid=9e4947f35751465411fd1a4f5c358c78
IP 188.240.52.20:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash ff7441c3264d89023f376e5319dad793
1f0be835d947eb2de35d945ea5b9b92578a8cbd7
93130759a18703dcad5862bc2fd2973edf9ab7e48ba2c0b4cd4fcfaf832df223
Analyzer Verdict Alert fortinet Phishing
POST /smartlink-css/63165433f9e00455751e872c?fingerprintid=9e4947f35751465411fd1a4f5c358c78 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 22285
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.19.10
date: Mon, 05 Sep 2022 19:55:32 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6ImZ0aUlzV0Y2WC9Rb3cxbmVrdTNhdWc9PSIsInZhbHVlIjoid25td213YWE1SkhXWVZBS0lzWG4wVkxsTldEZzR4UEhyeXZrcE1VMDVsM0JGT1RrMGt5eG1RcExQd3l3R2ZrbEg0Zjdtc0pjS1JJd3I1SndhUEZIMjdmL2ZyT1dSRFAvazluY3NKb1hkbThNZzQ1bkJNMEZDc001TmJDZkR4dTgiLCJtYWMiOiJmZjI2OTQzMTc3OTVkNzM3Njk4NDZkYjFjOTA1ZThmYWExODAwMjMxOTk1MWU3OTY4YmMxYTM0OTVlMmZkYjAyIiwidGFnIjoiIn0%3D; expires=Mon, 05-Sep-2022 21:55:32 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IkpFV1BXeSsxTzlaTWprTVZZTnYvQ0E9PSIsInZhbHVlIjoic3hhVGkyOW81c3laWS9RcHJmTVVBWFFwVmp0UHpzelBkekZEb2lJL0xVeHZERWRUS0dHQklUK2hoR09hS1BGRHpMYTkwazIxU1ZMdWFKSXQ2VG5YZHAyaml0T1R1VWplejhwdThlTXZCWk9WaCtXdS9MWUxXTk5OYjZjdzY1dXAiLCJtYWMiOiJkZmJmYWVjYjg4NjlhZmM1NGM2YmNjNGU0ZWRmZTJkYjQ3M2NkNTJiOWUxYWI4MjIwMDI2YzBhYmMzZDkzMmUyIiwidGFnIjoiIn0%3D; expires=Mon, 05-Sep-2022 21:55:32 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 07869ddc8aa688fe8a93876ef1264055
636614db9c01c03fcc2d10f5f949b513e1a338c9
ab8f4fcf2e21b2e44d69d6e4a6478a7eb6cf8e451202c7dc2854ef68b8e91b2b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3393
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 19:55:33 GMT
Last-Modified: Mon, 05 Sep 2022 18:59:00 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
use.fontawesome.com/releases/v5.7.2/css/all.css
172.67.169.247200 OK 12 kB URL HTTP/2 use.fontawesome.com/releases/v5.7.2/css/all.css
IP 172.67.169.247:0
File type ASCII text, with very long lines (54456), with no line terminators
Hash 75efb335fa9a7c2fd6680b73d59b11e5
d4e4c76de633163a2186391d92fcdf94b1e4c0af
04e6347a6cb4a2b1e8bcb753127da039e738fdb754a81fbbeb3b27298136a58e
GET /releases/v5.7.2/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Sep 2022 19:55:32 GMT
content-type: text/css
x-amz-id-2: bfSUnLpi1OMKbYYgJ5uOQKGDXBsMHcSkQrcbChx5MHLP5F9eJCnc6ESKC5a3m0+yvGrqg9FZVQo=
x-amz-request-id: RMSSR1DJG7V5JR7M
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:57 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 2350728
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lsTBWsuQd2EATlgKUKKYK7%2BkLYplfk9Rx9a8wy9F11LPvVQiYf73isk2WT8g039BkElDmPxHOn6rW8StYrwFeJAvdUMPlQ7k2KIJpffWr78eUNiJjc5Wk0qjr5dEB6UeDOy5h4U8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 746185e6bfb60b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
216.239.32.178200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 216.239.32.178:0
File type ASCII text, with very long lines (1325)
Hash 56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Mon, 05 Sep 2022 18:29:41 GMT
expires: Mon, 05 Sep 2022 20:29:41 GMT
cache-control: public, max-age=7200
age: 5152
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 25e68f68b7c18642454155d7298bd572
063e5205568cc6e411d43ed5bc4cf0c4f503ffc7
f1c0014f27300523b095e7bce59b78f41a77c474722ecb5444658916017b3dab
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 19:55:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
script.hotjar.com/modules.d5eb3c97b67a0b8958ff.js
143.204.55.46200 OK 66 kB URL HTTP/2 script.hotjar.com/modules.d5eb3c97b67a0b8958ff.js
IP 143.204.55.46:0
File type Unicode text, UTF-8 text, with very long lines (48715)
Hash 5a03435fb2b1019b1b00d7bc5c267f72
6d9116f703cb7fced1cfb7eba229302f4950e4b0
555555e6799149ac64f285eb30f78583dfa52fc0d23dbb75c357897873b8cb97
GET /modules.d5eb3c97b67a0b8958ff.js HTTP/1.1
Host: script.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 65509
date: Fri, 02 Sep 2022 09:50:06 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31536000
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: "5a03435fb2b1019b1b00d7bc5c267f72"
last-modified: Fri, 02 Sep 2022 09:49:47 GMT
strict-transport-security: max-age=86400; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: I6pL507z8ksqoUr2e3zpFrqQ-IIf74UQixM7zr5il16r1r3Khoh7ww==
age: 295527
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 388 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (381)
Hash 9ef78615f6c33911d68f3a721d563420
be709a705710da916cdac163dc4510ed5b616dcf
a1e6a9951906cd0187cbf700b01a6d92a64e2794f21fd63db43760d878e4688e
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 05 Sep 2022 19:55:33 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S621337808%3A1662407733052600&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmWXveQHoHhkIl6k3a62R2eMByzujfo8j8X0X3oLLbn6T52GjF221Xlbtw2jXDgqXHQAOHWo
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-w0VYreYyR_3c_D9Ramig4w' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 388
server: GSE
set-cookie: __Host-GAPS=1:tmG22FXN7PLRG_yl2_GMdl1ulUhXaA:G7CsNLS3SSa7HllX;Path=/;Expires=Wed, 04-Sep-2024 19:55:33 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.237302 Found 391 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (378)
Hash 64c1098ef260a37ac714a669ec000492
4f481b07146eb2e03449b005c33bda9085cd8ad8
5583f812a122e47b4d9e07c2ef2568b9be00371b349e3b18d0ddc222709f1824
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 05 Sep 2022 19:55:33 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1577791921%3A1662407733072047&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmUTlbLKBwQ8GJZbRV0jsIfi0AnpeIL4ESdJNZj75MWdNtptFuzSOjupiPZvu3bWDeDLHB_X
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-nvRNYvMSRfPckqD8o8a5MQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 391
server: GSE
set-cookie: __Host-GAPS=1:shIjDesgzV0gMF6-C5RUdjt7fhwXKA:EODSz6clfVeTWUTg;Path=/;Expires=Wed, 04-Sep-2024 19:55:33 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
vars.hotjar.com/box-1ada912494ba7fc7aca15fcef1c2a7ae.html
143.204.55.105200 OK 1.0 kB URL HTTP/2 vars.hotjar.com/box-1ada912494ba7fc7aca15fcef1c2a7ae.html
IP 143.204.55.105:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2431), with no line terminators
Hash 0b3d3f4206ab84d8861a8cc4b2ddbe66
4561b7c0419b65db5c1314be2143bd1734e88d89
ec42652b198c82469afbe5e6e69312a25425c1fd38d379cf3761b328ecd48e4a
GET /box-1ada912494ba7fc7aca15fcef1c2a7ae.html HTTP/1.1
Host: vars.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1044
date: Wed, 13 Jul 2022 08:33:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "0b3d3f4206ab84d8861a8cc4b2ddbe66"
last-modified: Wed, 13 Jul 2022 08:32:20 GMT
strict-transport-security: max-age=86400; includeSubDomains
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 7P3c2Q0HnSCMRlTbC_Eys9tykYd8esbJbcg5tCRNha-VyiNCXnknQQ==
age: 4706547
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 80f29cbbe260408ee1418a6fbce5a537
96cfe52bcf90cfdba5cba7907d49a91f44adc032
de264b42b7c59bdadf606387adaca04af680705a947096d048f288c3e5be8517
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 19:55:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/v3/signin/identifier?dsh=S621337808%3A1662407733052600&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmWXveQHoHhkIl6k3a62R2eMByzujfo8j8X0X3oLLbn6T52GjF221Xlbtw2jXDgqXHQAOHWo
216.58.207.237403 Forbidden 1.3 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S621337808%3A1662407733052600&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmWXveQHoHhkIl6k3a62R2eMByzujfo8j8X0X3oLLbn6T52GjF221Xlbtw2jXDgqXHQAOHWo
IP 216.58.207.237:0
Hash bed2b9cae1046ea17d28b623b852c634
a9cddaeb38a570c6fd178908099007bbf4234b58
4183d57998cd5ea13b7ce7bbb619c47f5a7226324b4cf94e54c2bcfaaa88500b
GET /v3/signin/identifier?dsh=S621337808%3A1662407733052600&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmWXveQHoHhkIl6k3a62R2eMByzujfo8j8X0X3oLLbn6T52GjF221Xlbtw2jXDgqXHQAOHWo HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 05 Sep 2022 19:55:33 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: script-src 'nonce-oj3g7T9B9p7DCx8FYU_roQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=jxOZU7cmUFgxpL7jtOWTnfm2n82K-LAkIoT5Euvoh1Sspm1qBD9a2lKKfM7PN4bdiJMs6Ow0Kwd2viSU8D7RzPtWW2tKBnfZc8ly_79yVryFtGd_7X16i_ZHsm-Gs7co0k-BAGi_dAMVxU4DBFXKb-31v7iyCN204uxTvpw8iXI; expires=Tue, 07-Mar-2023 19:55:33 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 29 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (30229)
Hash 0fe75f1e21269ab88428d06caed704ed
e0d97f1ac27843d694fe2097cfdc34016a771f6d
08317a84784623ad2893ffe27e3f89e4ffc913e3a14bebfbbcae9d62f28a0ce5
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: t/pjGXNlQopE2RxsZzK4lx1aCeud+jiC8koge3aIG0jxF/Ot4pzkKq17VpUdorei7zbzB4jSeBzilGtQ+f7ZMQ==
date: Mon, 05 Sep 2022 19:55:33 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-165133312-2&cid=2043094797.1662407728&jid=1010146336&gjid=205681339&_gid=609669619.1662407728&_u=YEBAAEAAAAAAAC~&z=1590199267
142.251.1.156200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-165133312-2&cid=2043094797.1662407728&jid=1010146336&gjid=205681339&_gid=609669619.1662407728&_u=YEBAAEAAAAAAAC~&z=1590199267
IP 142.251.1.156:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-165133312-2&cid=2043094797.1662407728&jid=1010146336&gjid=205681339&_gid=609669619.1662407728&_u=YEBAAEAAAAAAAC~&z=1590199267 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://other.landerhq.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 05 Sep 2022 19:55:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 1931a32d83e4feb5268887bcb07fcc1e
6fb75c21ced29544dd6d7c3b0ef79adf65718a39
d794fae0b82097a2e97af2f21b6c243832081f88036a2a56bbeeabb08790d88d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 19:55:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 4e95666b1ae16862edb16a18f6071648
d47ded0075d9fa2cb99cefb2807fda16f321f302
efe0943794565acfd6767bc2c1be9f470b7fc77906cf2a2fa916d427b9c32ebb
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 05 Sep 2022 19:55:33 GMT
Last-Modified: Mon, 05 Sep 2022 18:51:42 GMT
Server: ECS (nyb/1D08)
X-Cache: Miss from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: uqM-x1KYsgULTpHBOAS2UfGOIxOjzQdp_Ypt8cp0Tla9eqD-p2JeRA==
Age: 3832
ws41.hotjar.com/api/v2/client/ws
52.210.45.76101 Switching Protocols 0 B URL HTTP/1.1 ws41.hotjar.com/api/v2/client/ws
IP 52.210.45.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v2/client/ws HTTP/1.1
Host: ws41.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://other.landerhq.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 43bKIWDJ/Ng5LZJWolY9dA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Mon, 05 Sep 2022 19:55:33 GMT
Content-Type: application/octet-stream
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: p1uSm/WmeXujkPUfCnPfoap0SjU=
Sec-WebSocket-Extensions: permessage-deflate
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13423
Expires: Mon, 05 Sep 2022 23:39:16 GMT
Date: Mon, 05 Sep 2022 19:55:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13422
Expires: Mon, 05 Sep 2022 23:39:16 GMT
Date: Mon, 05 Sep 2022 19:55:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13422
Expires: Mon, 05 Sep 2022 23:39:16 GMT
Date: Mon, 05 Sep 2022 19:55:34 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7142280-0dbd-4c8e-a960-d357c9143af6.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7142280-0dbd-4c8e-a960-d357c9143af6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 10318189f33f071dda64249ab9c8c5bb
e5b5b649a243e5c004d9923d19d4421d1ea96d23
3e775a1990e4d185024faf2fdff7a5eb9063f7ee19784f32fb4f7f10643c8102
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa7142280-0dbd-4c8e-a960-d357c9143af6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5652
x-amzn-requestid: 05fffcb2-43c0-4acf-81b2-1b914459e1e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wwHErUIAMFmNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c800-47fe166763992ab271a87aa4;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:32:48 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: uz2NbcE4AmOvFQkhJALSpXCGizilya0TuFcczfEwtV09cGXtgVNlpQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 22:08:58 GMT
age: 78396
etag: "e5b5b649a243e5c004d9923d19d4421d1ea96d23"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
in.hotjar.com/api/v2/client/sites/2841648/visit-data?sv=6
54.76.68.44200 OK 8.6 kB URL HTTP/2 in.hotjar.com/api/v2/client/sites/2841648/visit-data?sv=6
IP 54.76.68.44:0
File type JSON data\012- , ASCII text, with no line terminators
Hash aa9e79d5c3199a6ec52bcf13b4eb59c0
5e312b66d7448980d875f2842c727c583978de6d
97267782e9d42c0beaa2bb5f0cc8869d57e4a7d97493b5a61699fef8f57cd67e
POST /api/v2/client/sites/2841648/visit-data?sv=6 HTTP/1.1
Host: in.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=UTF-8
Content-Length: 130
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Sep 2022 19:55:33 GMT
content-type: application/json
vary: Accept-Encoding
cache-control: no-cache, no-store
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F514b7fbd-ae99-4219-bd03-50e907f92b7b.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F514b7fbd-ae99-4219-bd03-50e907f92b7b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ca50f9c56ff869b0b63ca71b1a9f8170
13b16ca74113dfd52ccf23e6bb39307fc713f984
76b85dd7e018ab4b3d4b2610f90dbca61d0f05d38a3b905fee789af131ae7538
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F514b7fbd-ae99-4219-bd03-50e907f92b7b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14855
x-amzn-requestid: 65cf850b-227a-4318-a00e-d7cd4ef81489
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wjuGtpoAMFvvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c7b1-54bc36741984491b0509d173;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:31:29 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: tR9oeUGtH0NFZdnZj93V6HysPnKOTJhhiEOTNwYdq-4xIzeBZblrhA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 21:58:46 GMT
age: 79008
etag: "13b16ca74113dfd52ccf23e6bb39307fc713f984"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c81f3df885bdee8cac46ea9495e6b63b
fc766bca874a352a4acb569577d4cf6527f4f074
e21473f88c613ca33ba6bbe1e0cab338274a06744cdcb088f14873c972445b36
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4426
x-amzn-requestid: b5b68557-e46d-41cd-9b11-d996aabc0de7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzfYTHHFIAMFjFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631145ce-1d3504367cf6ef724a345564;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 23:52:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XY2liZJvZjSSNT0u90GlCn3HGPxVaYO4xztkeALLJOTRRwruDELcvg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 21:48:06 GMT
age: 79648
etag: "fc766bca874a352a4acb569577d4cf6527f4f074"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69b1e092-41e6-4f1e-b330-193f7dd11afc.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69b1e092-41e6-4f1e-b330-193f7dd11afc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 290f6551c5ac539ea60810b135750f17
3633391a8dd87ef10fcb0d04d7b309738affc4a7
d94d133faaf232cf15b5c3f38f5b45d87d70bce0668d607b5c66a8d3f836540f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69b1e092-41e6-4f1e-b330-193f7dd11afc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7830
x-amzn-requestid: c56af3b5-2c48-4243-b220-d56a9be47990
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X9Ey3H4JoAMFiMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63151b45-23ec24d867e3e5906fffa1a6;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VgP7BDBmd5A5bAmRgO88geep419uZ0TQop4jEmRkx-q9rX4PUJZOCQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 22:16:55 GMT
age: 77919
etag: "3633391a8dd87ef10fcb0d04d7b309738affc4a7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
novidash.com/smartlink-css/63165433f9e00455751e872c?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 5.4 kB URL HTTP/2 novidash.com/smartlink-css/63165433f9e00455751e872c?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c4b2d6a516e93799b54fe2bbd6630f86
b5a7380f294876dd308c7fde294f36a425c1be01
7463878d8967ff31d7ce20d5a4408c23ad59123032a990c21a47df0881edcb86
GET /smartlink-css/63165433f9e00455751e872c?sop=1&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Mon, 05 Sep 2022 19:55:33 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6ImR2RXdwaGZnK0lqNGxpaTZGWkJyVXc9PSIsInZhbHVlIjoiMG9iL0hrek9WVGlaVGxQaVBIODhwWXFmaEI1OWVxSHNtNXpNNDdLMXhReDQ0SXkvUElUWlZ4YzRVeEhWVi94akFzZWZ1eUFZV3VJNEwzYjIxQzBqNWduUFV0ZmZDRVRyL2l5d2lyNXRpN1EzdURNZ2YzQStQN09Za2IvM2xGeWMiLCJtYWMiOiI1Njk3ZDMwNDZiYjAwYmM5NTYwM2RkNGQ2NTI1YjI0YjQ2ZDZkNGM1MTEyZDdlZTZiZmUzNzYyMjMzODVjMTU3IiwidGFnIjoiIn0%3D; expires=Mon, 05-Sep-2022 21:55:33 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6Indhd3VuNjJYUitlVC9DMExDdzBkY1E9PSIsInZhbHVlIjoiUnArdU9LSDJ5RHVrVEVRV2ZLSVBNZ2FGWkd3RnowQndZaHY4c0ZnTnN6Mnd4a0EwcUhUQVRmWGlzeW1hZHF1Tm8wNFgxWGg0N3BGNUJxdUpxUUw0ZjhYVUJNM2ozUlZpeG1YTzJoQU5iNzZHTVRGQjU3NUZwbENLbDh6Z0lZQUwiLCJtYWMiOiI2MDczZTVkYWRmMDRlYWY2NWJmMmI1NWJhMDRmOTRkMGQzMWZlNzk5Y2FhYTc2MTYzMDhjODVmMWUzMmNlNTdiIiwidGFnIjoiIn0%3D; expires=Mon, 05-Sep-2022 21:55:33 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
www.dropbox.com/login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif
162.125.71.18200 OK 0 B URL HTTP/2 www.dropbox.com/login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif
IP 162.125.71.18:0
GET /login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_spacer-vflN3BYt2.gif HTTP/1.1
Host: www.dropbox.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache,no-cache, no-store
content-security-policy: base-uri 'self' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; connect-src https://* ws://127.0.0.1:*/ws ; default-src 'none' ; font-src https://* data: ; form-action 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; img-src https://* data: blob: ; media-src https://* blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' https://www.dropbox.com/static/api/ https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client 'nonce-NQlIYN3udQZUXOhLmgRO' ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; worker-src https://www.dropbox.com/static/serviceworker/ blob:, report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-NQlIYN3udQZUXOhLmgRO' 'nonce-6Vbrd7ooQ5Cg9tM+SoSY'
referrer-policy: strict-origin-when-cross-origin
set-cookie: gvc=MTY2NDg3MzM1MTM0MjA2NDg2NTExOTcyMTQ2NzA1NTkzNzkwMjY2; expires=Sat, 04 Sep 2027 19:55:32 GMT; HttpOnly; Path=/; SameSite=None; Secure
t=DBFuoJpujt87GZujqkLdnNfy; Domain=dropbox.com; expires=Thu, 04 Sep 2025 19:55:32 GMT; HttpOnly; Path=/; SameSite=None; Secure
__Host-js_csrf=DBFuoJpujt87GZujqkLdnNfy; expires=Thu, 04 Sep 2025 19:55:32 GMT; Path=/; SameSite=None; Secure
__Host-ss=AZxvPOl2Pg; expires=Thu, 04 Sep 2025 19:55:32 GMT; HttpOnly; Path=/; SameSite=Strict; Secure
locale=en; Domain=dropbox.com; expires=Sat, 04 Sep 2027 19:55:32 GMT; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-server-response-time: 153
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8
date: Mon, 05 Sep 2022 19:55:32 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 5740e40ddc1e4c5680ee6caddcb117a4
X-Firefox-Spdy: h2
novidash.com/smartlink-css/63165433f9e00455751e872c
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/63165433f9e00455751e872c
IP 188.240.52.20:0
Analyzer Verdict Alert fortinet Phishing
POST /smartlink-css/63165433f9e00455751e872c HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 352
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Mon, 05 Sep 2022 19:55:33 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IjFYRzBwOXpsTlZ5cTUzdXFEQXlJTmc9PSIsInZhbHVlIjoia0FkZkdIVEtiUjhzQytpTVM5eUVSemJ5YjFVUWZ1TEZuUlo2QzlUTmlvNE9BQkFDZ284ZExXZWxMUzhRdXVmUWdmeS91TFBZOGE3RDhyak4vRnlnZTlrTmRKL0g1K3dOY0x6ZEw5Q2V3V1ozaElnMWUxYVFSc0RFd0xWeDVoMXkiLCJtYWMiOiI1YmFjYTJiNzY4YWQ1ZGRjNTZmY2JkMzJmYWYzZDJhZjZlYjgxOTBjYjhlNDgwYzQwOGEyMzBhNjdhYWIyZTJlIiwidGFnIjoiIn0%3D; expires=Mon, 05-Sep-2022 21:55:33 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6InNsdG4wRmZ4WnNjR0xveEtraVhIamc9PSIsInZhbHVlIjoiM2t5SUkyUXlKMU9CU2lNQmdVVmdzZlZZdVRxN0EycHBhbjNCdFl3QmlUNGFjaytGb3JSQUdmZ29XRW9OZXNjM21wYVlhMWRkQUVxQ1E4OTh6NU5LODM3SXRtUVp1UFRHYTY0SStkOTFSS280cTBXMFNYK0x4UXlDc0VIdVFocnQiLCJtYWMiOiJjNjhkMzE0MDVhZmM1ZTZjYjIwYzBmYzY3ZmMwMTQ5MDVkODJiNDhiNjg5OGU5YTM3MDRkMDRmYTc0NDk3ZmVlIiwidGFnIjoiIn0%3D; expires=Mon, 05-Sep-2022 21:55:33 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
static.hotjar.com/c/hotjar-2841648.js?sv=6
54.230.111.39200 OK 0 B URL HTTP/2 static.hotjar.com/c/hotjar-2841648.js?sv=6
IP 54.230.111.39:0
GET /c/hotjar-2841648.js?sv=6 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
date: Mon, 05 Sep 2022 19:54:54 GMT
access-control-allow-origin: *
cache-control: max-age=60
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: W/451aafc09424c5ccf8b9e83ead4ff26e
strict-transport-security: max-age=604800; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: kOTej1oswC1HZO2akBtH9ZmMqd--chXaQzcdVfAd9ARuxlqFLIw6PQ==
age: 38
X-Firefox-Spdy: h2
novidash.com/smartlink-css/63165433f9e00455751e872c?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
188.240.52.20200 OK 0 B URL HTTP/2 novidash.com/smartlink-css/63165433f9e00455751e872c?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0
IP 188.240.52.20:0
GET /smartlink-css/63165433f9e00455751e872c?sop=2&mouse_movements=0&mouse_distance=0&mouse_clicks=0&mouse_active=0&mouse_speed=0 HTTP/1.1
Host: novidash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://other.landerhq.com
Connection: keep-alive
Referer: https://other.landerhq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Mon, 05 Sep 2022 19:55:34 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6InZPMk56dkRwTXZRbEFkUENkcTAwNVE9PSIsInZhbHVlIjoicEVraHByZXRpM2JHcENacHhZdFJlWUYwd08vZzhMd2RNNkx4MU84RDBkZllXNXIrUDl6ekhhSStWNzlsR1VuWm1HV2w4QjFUQ25KQ1ljd3FmM25nMCt2K2xBWUw2eHlWMEp3OEhlMWdhOGh6QUg0ZklYZFJvZ05JUXNRM0dodXciLCJtYWMiOiJjYTVlNTk2MzdjOWZhOTMxNjc2NjU1NDYyMDE3YjBmMWRlNjI2NDFjMWQ4MmNmNWY5NjZlOWZkZGM0ZTU4NTMzIiwidGFnIjoiIn0%3D; expires=Mon, 05-Sep-2022 21:55:34 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IlUrUm9XaTd6M1BGUG9UUGtleDhBWXc9PSIsInZhbHVlIjoiMW5KYVhvMVVPMUlwbGE5ZjYyNzM1T05BejU1RjR0SHd0bUEyUCtYN2dzc1BHTjNDNEdtREpOLytVbkRxbmIzZkRNTS9HMkM4RXpCbGx1bzZnWUxPbUNkUTBkaFdFa3BlbGhvME9LTWxuZkR5cFdmc0xka1VIbis5RHQ3bnZoY1kiLCJtYWMiOiJhYTQyOTYwOWM2ZjFiMzU1NmNjNDZiYzZjYmM2NmVkOTE2YzA1NTAyOGI5MjE4NTFmNDk3ZTM3Yjg3ZjJkOTNjIiwidGFnIjoiIn0%3D; expires=Mon, 05-Sep-2022 21:55:34 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S1577791921%3A1662407733072047&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmUTlbLKBwQ8GJZbRV0jsIfi0AnpeIL4ESdJNZj75MWdNtptFuzSOjupiPZvu3bWDeDLHB_X
216.58.207.237403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S1577791921%3A1662407733072047&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmUTlbLKBwQ8GJZbRV0jsIfi0AnpeIL4ESdJNZj75MWdNtptFuzSOjupiPZvu3bWDeDLHB_X
IP 216.58.207.237:0
GET /v3/signin/identifier?dsh=S1577791921%3A1662407733072047&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AQN2RmUTlbLKBwQ8GJZbRV0jsIfi0AnpeIL4ESdJNZj75MWdNtptFuzSOjupiPZvu3bWDeDLHB_X HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 05 Sep 2022 19:55:33 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-EVk4h172m207FXDoZD6nsg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=h8ZKZrcMneMJwSzbx8DKtlno-_4RluHA1cYNgsIcetoNjBq9DvfJmJIswlD62bo7iEmxf-vfbHTBMT5uplZtTP3GRyJ4DKPJ_cd7H4AB_aZWMiUA3Rmejh1S03UPBvqQHti4USPKLx9o86YrXOfaLTzStFvPAjLOiOBmRZZPHF4; expires=Tue, 07-Mar-2023 19:55:33 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wnne5ev3v2hch3riimdoknds&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61
188.240.52.20200 OK 0 B URL HTTP/2 0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wnne5ev3v2hch3riimdoknds&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61
IP 188.240.52.20:0
GET /smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wnne5ev3v2hch3riimdoknds&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61 HTTP/1.1
Host: 0ee06.trknovi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx/1.19.10
date: Mon, 05 Sep 2022 19:55:31 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6InhPbzNKUjAxWVV2ZGxqdk5TbFRyd2c9PSIsInZhbHVlIjoialZ1MU5GM3VQSTNzVlB3b0VTeWxna214bkZwWXFhN0hoc3dhV1hnTzdTNVNxU2xCaURYMmdmYjU2akpzQkVKUFpnWEFhT0hsL29RZFZmOUIxSjYxRSt6dTIwdGg0TFR1aHgzODNXalIxS0l4dC9xWXh6ZTVvU3ZoN0dvaVdPK1IiLCJtYWMiOiIzNDEwMTMyMmMyZTZjYzcxMTA1MTFhMjAzNmFiZGYwMTQxZGMzMGY3YWQyNDM5ZGQ3ZjdmZGYyNTFhZjkxZTgwIiwidGFnIjoiIn0%3D; expires=Mon, 05-Sep-2022 21:55:31 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6Ik9MdDNFVmQyWjdFQnpQdUNOZnBVVmc9PSIsInZhbHVlIjoiSTMvMHRaK0FUMGJackRnV3dNVVVBZXhQeVl4WGhxVzI5ZU1rc0NaUWZCQ2hqNjYzZWFiTVhkSVczb0lQd082TXB4Z2ZLbHAwbjg4QkhXLzVQdG11S0x6N1hKZDFYNVRqcHhGWjhpREcyUkU2ZUhKelJEUWEyMDVWRmFtRXprVHMiLCJtYWMiOiJiYTQ1MGIwZmZiNDZkNWU0ZmU0MDBkZWUxZTBjNDIwYThlNTdmMTVhZDUxMmVlZGIxMDZmZmEzZTNkMjhlNjViIiwidGFnIjoiIn0%3D; expires=Mon, 05-Sep-2022 21:55:31 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
0ee06.trknovi.com/smartlink-css/63165433f9e00455751e872c
188.240.52.20200 OK 0 B URL HTTP/2 0ee06.trknovi.com/smartlink-css/63165433f9e00455751e872c
IP 188.240.52.20:0
GET /smartlink-css/63165433f9e00455751e872c HTTP/1.1
Host: 0ee06.trknovi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0ee06.trknovi.com/smartlink?track=eyJ1c2VyX2lkIjoxMzc5LCJjcmVhdGl2ZV9pZCI6IjI5MDcyMCIsImxhbmRlcl9pZCI6IjEyNSJ9&click_id=wnne5ev3v2hch3riimdoknds&subid=9dd1b15d-f028-4d41-b731-bec13c85ae61
Cookie: XSRF-TOKEN=eyJpdiI6InhPbzNKUjAxWVV2ZGxqdk5TbFRyd2c9PSIsInZhbHVlIjoialZ1MU5GM3VQSTNzVlB3b0VTeWxna214bkZwWXFhN0hoc3dhV1hnTzdTNVNxU2xCaURYMmdmYjU2akpzQkVKUFpnWEFhT0hsL29RZFZmOUIxSjYxRSt6dTIwdGg0TFR1aHgzODNXalIxS0l4dC9xWXh6ZTVvU3ZoN0dvaVdPK1IiLCJtYWMiOiIzNDEwMTMyMmMyZTZjYzcxMTA1MTFhMjAzNmFiZGYwMTQxZGMzMGY3YWQyNDM5ZGQ3ZjdmZGYyNTFhZjkxZTgwIiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6Ik9MdDNFVmQyWjdFQnpQdUNOZnBVVmc9PSIsInZhbHVlIjoiSTMvMHRaK0FUMGJackRnV3dNVVVBZXhQeVl4WGhxVzI5ZU1rc0NaUWZCQ2hqNjYzZWFiTVhkSVczb0lQd082TXB4Z2ZLbHAwbjg4QkhXLzVQdG11S0x6N1hKZDFYNVRqcHhGWjhpREcyUkU2ZUhKelJEUWEyMDVWRmFtRXprVHMiLCJtYWMiOiJiYTQ1MGIwZmZiNDZkNWU0ZmU0MDBkZWUxZTBjNDIwYThlNTdmMTVhZDUxMmVlZGIxMDZmZmEzZTNkMjhlNjViIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.19.10
date: Mon, 05 Sep 2022 19:55:31 GMT
content-type: text/css; charset=UTF-8
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6ImZBc29IWWd1L3N0aVdIYXArSmhIYVE9PSIsInZhbHVlIjoiMVlTbDI2eFdYYmtIQ0hZRWZvMVZZQm1pYzltczZKeWNMcndoVC9TZ201Q1VsNzA5S1dLR2NSUEFFeFNDSjErdjlMbEI4MEZmT0NxZlBWbXhLYldTNmQ4b0tneEFaMGNLQW5iYlVHRURJeVh2UTczMzFlVjJFRTdWVVJLYTRrUEUiLCJtYWMiOiI3N2UwZjA3ZDdlMjQ0ZjgxODQ5ZjZhYWIxOTZkNjkxMzQwYTMxZGE1MDYxZmJkYTRiNDU0YzBmYWE4ODdhOWI2IiwidGFnIjoiIn0%3D; expires=Mon, 05-Sep-2022 21:55:31 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IjRhcUhTdzlNN1pjdFRQaFVPYkJQTUE9PSIsInZhbHVlIjoiaWRhY0d1bDB2QXpvU29tQ2tjTVVqa1VsMHdjdldlMHVUc0pIbllPVU02TGdCRHI1cm5IdXJoekkxV29WVU9rRFZGeDgvZDljdnJaemYzNVZWVldHSE1ZUUo3MlJlUU4yNm4xQ1FNQkR1YXRlckJ5TkQ4cUV5cXQzQzFZYmd2RTEiLCJtYWMiOiJlNDQ2N2Q3YmI0MTk5MjlkYTU3YzYwZTViMDAyMTJhOTUzYjI3MmM4MzYzZWNiYTk5MDQ1OWE1Y2ViNDY0MmFlIiwidGFnIjoiIn0%3D; expires=Mon, 05-Sep-2022 21:55:31 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
0ee06.trknovi.com/smartlink?mongo_id=63165433f9e00455751e872c&mongo_grouped_id=63165433f9e00455751e872d&redirect_url=https%3A%2F%2Fother.landerhq.com%2F900546643&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMTUyLCJvdXRlckhlaWdodCI6OTAxLCJjb2xvckRlcHRoIjoyNCwiZGV2aWNlTWVtb3J5IjowLCJoYXJkd2FyZUNvbmN1cnJlbmN5IjoxNiwic3RhbmRhbG9uZSI6MCwidGltZXpvbmUiOiJVVEMiLCJsYW5ndWFnZSI6ImVuLVVTIiwibGFuZ3VhZ2VzIjpbImVuLVVTIiwiZW4iXSwicGxhdGZvcm0iOiJMaW51eCB4ODZfNjQiLCJ0b3VjaCI6MCwiaWZyYW1lIjowLCJldmFsIjozNywidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJvdmVycmlkZSI6MSwiZHVyYXRpb24iOjMxfQ==&js=1
188.240.52.20302 Found 0 B URL HTTP/2 0ee06.trknovi.com/smartlink?mongo_id=63165433f9e00455751e872c&mongo_grouped_id=63165433f9e00455751e872d&redirect_url=https%3A%2F%2Fother.landerhq.com%2F900546643&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMTUyLCJvdXRlckhlaWdodCI6OTAxLCJjb2xvckRlcHRoIjoyNCwiZGV2aWNlTWVtb3J5IjowLCJoYXJkd2FyZUNvbmN1cnJlbmN5IjoxNiwic3RhbmRhbG9uZSI6MCwidGltZXpvbmUiOiJVVEMiLCJsYW5ndWFnZSI6ImVuLVVTIiwibGFuZ3VhZ2VzIjpbImVuLVVTIiwiZW4iXSwicGxhdGZvcm0iOiJMaW51eCB4ODZfNjQiLCJ0b3VjaCI6MCwiaWZyYW1lIjowLCJldmFsIjozNywidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJvdmVycmlkZSI6MSwiZHVyYXRpb24iOjMxfQ==&js=1
IP 188.240.52.20:0
GET /smartlink?mongo_id=63165433f9e00455751e872c&mongo_grouped_id=63165433f9e00455751e872d&redirect_url=https%3A%2F%2Fother.landerhq.com%2F900546643&fingerprint=eyJ3ZWJkcml2ZXIiOjAsImhlYWRsZXNzIjowLCJjaHJvbWUiOjAsIm9uTGluZSI6MSwiY29va2llRW5hYmxlZCI6MSwicGx1Z2lucyI6MCwibWltZVR5cGVzIjowLCJzY3JlZW5XaWR0aCI6MTI4MCwic2NyZWVuSGVpZ2h0IjoxMDI0LCJvdXRlcldpZHRoIjoxMTUyLCJvdXRlckhlaWdodCI6OTAxLCJjb2xvckRlcHRoIjoyNCwiZGV2aWNlTWVtb3J5IjowLCJoYXJkd2FyZUNvbmN1cnJlbmN5IjoxNiwic3RhbmRhbG9uZSI6MCwidGltZXpvbmUiOiJVVEMiLCJsYW5ndWFnZSI6ImVuLVVTIiwibGFuZ3VhZ2VzIjpbImVuLVVTIiwiZW4iXSwicGxhdGZvcm0iOiJMaW51eCB4ODZfNjQiLCJ0b3VjaCI6MCwiaWZyYW1lIjowLCJldmFsIjozNywidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJvdmVycmlkZSI6MSwiZHVyYXRpb24iOjMxfQ==&js=1 HTTP/1.1
Host: 0ee06.trknovi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImZBc29IWWd1L3N0aVdIYXArSmhIYVE9PSIsInZhbHVlIjoiMVlTbDI2eFdYYmtIQ0hZRWZvMVZZQm1pYzltczZKeWNMcndoVC9TZ201Q1VsNzA5S1dLR2NSUEFFeFNDSjErdjlMbEI4MEZmT0NxZlBWbXhLYldTNmQ4b0tneEFaMGNLQW5iYlVHRURJeVh2UTczMzFlVjJFRTdWVVJLYTRrUEUiLCJtYWMiOiI3N2UwZjA3ZDdlMjQ0ZjgxODQ5ZjZhYWIxOTZkNjkxMzQwYTMxZGE1MDYxZmJkYTRiNDU0YzBmYWE4ODdhOWI2IiwidGFnIjoiIn0%3D; novidash_session=eyJpdiI6IjRhcUhTdzlNN1pjdFRQaFVPYkJQTUE9PSIsInZhbHVlIjoiaWRhY0d1bDB2QXpvU29tQ2tjTVVqa1VsMHdjdldlMHVUc0pIbllPVU02TGdCRHI1cm5IdXJoekkxV29WVU9rRFZGeDgvZDljdnJaemYzNVZWVldHSE1ZUUo3MlJlUU4yNm4xQ1FNQkR1YXRlckJ5TkQ4cUV5cXQzQzFZYmd2RTEiLCJtYWMiOiJlNDQ2N2Q3YmI0MTk5MjlkYTU3YzYwZTViMDAyMTJhOTUzYjI3MmM4MzYzZWNiYTk5MDQ1OWE1Y2ViNDY0MmFlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: nginx/1.19.10
date: Mon, 05 Sep 2022 19:55:31 GMT
content-type: text/html; charset=UTF-8
location: https://other.landerhq.com/900546643
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
set-cookie: XSRF-TOKEN=eyJpdiI6Ik5vMVAzcGUwOXlWTDM2R204bVluQnc9PSIsInZhbHVlIjoiTmtVK01IeFpNZ2pnT1Y2OGxwa0djQStpZ1IzZ0hPOVNKTkIxVEl1ZTk5bDgya0Q4OXlrbS92QzBLMEtKb2kvL3RDMlRQMWYvUGNTenJrSjFJZmZDNXRqUTc3bG56SnhUNHhwR2F2NThrZDZiQzFkY2lCRmtmMXczdW9FcVl6ZlIiLCJtYWMiOiJkNmI1YzVjMjFjZjRkODk4YjAyODY5ZDFiYTA3ZTBkZjNkZDc5MTAyZGUwZGYxZDA4Njg1OGQzNDVjZTEyMjYzIiwidGFnIjoiIn0%3D; expires=Mon, 05-Sep-2022 21:55:31 GMT; Max-Age=7200; path=/; samesite=lax
novidash_session=eyJpdiI6IkxISk50TzRQVnY0VDZ3aVBLcS9HeHc9PSIsInZhbHVlIjoib3JXYlFqczVuS0UrNVNSVXpWSkN6STd0bmQzNXhnNzhUbjVab2tsWmh2c1l1dHB1TUYwVUNFYnlZajBCRjJHeXQyQUl2Y2pyZHl2UVBNY1lyVTYrTzlLV0FLdlZsSnBoQWdlYmJCOEVUVjkrRE14dFc0dXdiMUVvY1ZKMXd5TUwiLCJtYWMiOiI1MGFiYmE3YzNmY2Y3Y2E2NzVhODY3NjVhOTNiZmRkMmU4ZmI0YThiM2UyMmM0ZjgxMTY3YWU5OTFlZTZkNWIwIiwidGFnIjoiIn0%3D; expires=Mon, 05-Sep-2022 21:55:31 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2