r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 5ceaca9fd4ad000cb435820812fc69c8
8168397aaf7b572c89a9c83f46c0b65e4ac509f2
9c4e52e7e17158307d752db0bc3d1fbedae4f305cc301fd73b260f73ab796492
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C4E52E7E17158307D752DB0BC3D1FBEDAE4F305CC301FD73B260F73AB796492"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14012
Expires: Tue, 06 Dec 2022 16:39:12 GMT
Date: Tue, 06 Dec 2022 12:45:40 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f83c5e33ba42e312ee398848bbb711f5
caa1fd23b1fbbe883292ded04404c1cfd861eb09
106d08fba45f1e13f85b4b5abc456594878494238933e54b6a06e21ed8a52bc9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 821
Cache-Control: max-age=165559
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 12:45:40 GMT
Etag: "638f19f6-1d7"
Expires: Thu, 08 Dec 2022 10:44:59 GMT
Last-Modified: Tue, 06 Dec 2022 10:31:18 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 06 Dec 2022 12:20:24 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1516
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6366
Expires: Tue, 06 Dec 2022 14:31:46 GMT
Date: Tue, 06 Dec 2022 12:45:40 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: LW0aVr2NM5nT9xKovsrbdDd+yj8c3RX/9CtFbrYHV/dbbW08h30WLcge8m3J1Vm/uJv4k9xP/ZA=
x-amz-request-id: YGNH6Q6H51TGZR0F
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 06 Dec 2022 11:48:55 GMT
age: 3405
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
cgltreeservices.com/bossss/?entity=1073444
108.167.141.129200 OK 12 kB URL HTTP/1.1 cgltreeservices.com/bossss/?entity=1073444
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6168)
Hash c3efe83741a31102819cb5bfbc70a164
f175bc04b9c902e4ad394955aeaec1a6947672d3
393e784229e9e51ee9a0deabe8213c6407e1cbc146cc35b2c46ee36458c38786
Analyzer Verdict Alert openphish Comcast Corporation
fortinet Phishing
GET /bossss/?entity=1073444 HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:42 GMT
Server: nginx/1.21.6
Content-Type: text/html
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Server-Cache: true
X-Proxy-Cache: HIT
Accept-Ranges: none
Transfer-Encoding: chunked
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 12:45:40 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/data.json
108.167.141.129200 OK 295 B URL HTTP/1.1 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/data.json
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash c4e699111d8c5ee41a03610b94ff02d5
7b4ec667ab9d73b69d752931fa675eca988ac1be
f1aa6a629871c08a077cba94a653cb0c2ace627617e442adccbf6712972bf0df
Analyzer Verdict Alert fortinet Phishing
GET /bossss/Sign%20in%20to%20XFINITY_files/data.json HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:41 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Content-Length: 295
Content-Type: application/json
cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
108.167.141.129200 OK 19 kB URL HTTP/1.1 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (50848), with no line terminators
Hash 049b3d8d779e070847174a63fbdbea8b
750f842ebbf752faf947c87ec57979d25a21b882
b0e765e63a6d5c24e7197c491bae8ea2193d93a2c085b9b72ff5bfa4a5edc0d1
GET /bossss/Sign%20in%20to%20XFINITY_files/styles-light.css HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:41 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: text/css
cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/1203273213x32.js
108.167.141.129200 OK 772 B URL HTTP/1.1 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/1203273213x32.js
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (403)
Hash 7c2c39d578f8a54322d2f1084bf458db
b9da3c835240b6217ced4d7f8d792de9faafea74
8210268d9c4641543fffbd2394c23a7585408a90e94fcc58f84e6ae4b568936d
Analyzer Verdict Alert fortinet Phishing
GET /bossss/Sign%20in%20to%20XFINITY_files/1203273213x32.js HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:41 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 772
Content-Type: application/javascript
cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/11648.js
108.167.141.129200 OK 8.5 kB URL HTTP/1.1 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/11648.js
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- C source, ASCII text, with very long lines (25399)
Hash c540292a1c3d83602949e4f4af9272cd
2695d7e1ae9dd40ab88d9e7a45cc8a8930623e74
867f02cd87490f12f458ec91eb03ba6f23f94c585c26746a2b60937b3fa3bbd3
Analyzer Verdict Alert fortinet Phishing
GET /bossss/Sign%20in%20to%20XFINITY_files/11648.js HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:41 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8455
Content-Type: application/javascript
cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/150582-15.js
108.167.141.129200 OK 1.4 kB URL HTTP/1.1 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/150582-15.js
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- exported SGML document, ASCII text, with very long lines (2808)
Hash 1247a38a9cdacf0e00ed543c62127fe5
940c71c36b5a0f6bee39a4f89555b43f7dd668cd
da8f696dae05fbc2ecf74b9dcb6aadb94d1bcd7192ffe2d4528c825d43a52193
Analyzer Verdict Alert fortinet Phishing
GET /bossss/Sign%20in%20to%20XFINITY_files/150582-15.js HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:41 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1382
Content-Type: application/javascript
cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/150582-10.js
108.167.141.129200 OK 477 B URL HTTP/1.1 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/150582-10.js
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- exported SGML document, ASCII text, with very long lines (728)
Hash daef3004cc94546e9cd07c793db655a6
286c98c28b3e7a628f8a5eb28134c13f58e1f779
a5bb938bc07b3bf08ae755ba4494f285c7684fef6c0dc9349e7d52f2366ad88e
Analyzer Verdict Alert fortinet Phishing
GET /bossss/Sign%20in%20to%20XFINITY_files/150582-10.js HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:41 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 477
Content-Type: application/javascript
cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/1647526060x32.js
108.167.141.129200 OK 556 B URL HTTP/1.1 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/1647526060x32.js
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (433)
Hash fe32fbe869ac4a88f764abd1bc438cf1
b1b4f1a0581746de7a45e1f0663220da83d02af1
ce02fcf5ec2a7c9caa9aeed72f1fbdd4581a4745da89c9dfba7e84137dcd96a6
Analyzer Verdict Alert fortinet Phishing
GET /bossss/Sign%20in%20to%20XFINITY_files/1647526060x32.js HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:41 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 556
Content-Type: application/javascript
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 06 Dec 2022 12:08:58 GMT
cache-control: public,max-age=3600
age: 2203
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/scripts-responsive.js
108.167.141.129200 OK 1.7 kB URL HTTP/1.1 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/scripts-responsive.js
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (3906), with no line terminators
Hash 0b5a2ee34ecb1141a47f9d569ff54893
a7685dbc86190a3d8161bab891ad4489a493e21f
4294186559939218bf8494573b4dce94cc722bb52f54756832bef1423d873a37
Analyzer Verdict Alert fortinet Phishing
GET /bossss/Sign%20in%20to%20XFINITY_files/scripts-responsive.js HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:41 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1698
Content-Type: application/javascript
cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/asc.txt
108.167.141.129200 OK 17 B URL HTTP/1.1 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/asc.txt
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with no line terminators
Hash 92ecce91e58ca501e89410701805ffd2
fbc2f9374e8f5aebbc0a9ebeaeb836dfe2ee8803
af2d3351d5bb6b63e81eb19140f27324fd7b0ba94dc7c39b6154461243e4986e
Analyzer Verdict Alert fortinet Phishing
GET /bossss/Sign%20in%20to%20XFINITY_files/asc.txt HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:42 GMT
Server: nginx/1.21.6
Content-Type: text/plain
Content-Length: 17
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
X-Server-Cache: true
X-Proxy-Cache: HIT
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0f7dcaa590e32cfd1c075255188d5f06
d4bb4954fefdb3b59560b54adf500e806e252e39
195795c2511b31519134f5eb4442d8708918ecaff72f8e821a5473ad7c97c448
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 803
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 12:45:41 GMT
Last-Modified: Tue, 06 Dec 2022 12:32:18 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/event
108.167.141.129200 OK 191 B URL HTTP/1.1 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/event
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with no line terminators
Hash 2d5d169b7afabb783f8994c576f005cb
d3c1f326303b3cd98f892a5ab28cea82222d058b
384d036f62eab523e123b0e2c033bdee06077fdf041c564ce56f956e6219fb24
Analyzer Verdict Alert fortinet Phishing
GET /bossss/Sign%20in%20to%20XFINITY_files/event HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:43 GMT
Server: nginx/1.21.6
Content-Length: 191
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
X-Server-Cache: true
X-Proxy-Cache: HIT
Accept-Ranges: bytes
cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/moatad_002.js
108.167.141.129200 OK 72 kB URL HTTP/1.1 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/moatad_002.js
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (554)
Hash 72378a0eda9ae895d3b9a85b18998c75
e78c8b727ab8e4cdb38cd1a43e694cc72942da04
f742f5aff25449afd9df0a489303e1d4fd903aba2ec784528d1b68b8bdbdaeb0
Analyzer Verdict Alert fortinet Phishing
GET /bossss/Sign%20in%20to%20XFINITY_files/moatad_002.js HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:41 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: application/javascript
cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/moatad.js
108.167.141.129200 OK 72 kB URL HTTP/1.1 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/moatad.js
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (554)
Hash 72378a0eda9ae895d3b9a85b18998c75
e78c8b727ab8e4cdb38cd1a43e694cc72942da04
f742f5aff25449afd9df0a489303e1d4fd903aba2ec784528d1b68b8bdbdaeb0
Analyzer Verdict Alert fortinet Phishing
GET /bossss/Sign%20in%20to%20XFINITY_files/moatad.js HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:41 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: application/javascript
cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/omniture_visId.js
108.167.141.129200 OK 36 kB URL HTTP/1.1 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/omniture_visId.js
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (707), with CRLF line terminators
Hash 993f685dda3ba38c62260c5c7f690057
9a9673bc1c0f6d516e2e8da1acdd86ebcb89f803
74d0b37d1cccb61abb1678b181b5784501b488f6f65c8b2989a28d108f78c6a0
Analyzer Verdict Alert fortinet Phishing
GET /bossss/Sign%20in%20to%20XFINITY_files/omniture_visId.js HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:41 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: application/javascript
cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/comcastVisIDAthena.js
108.167.141.129200 OK 8.4 kB URL HTTP/1.1 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/comcastVisIDAthena.js
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (815), with CRLF line terminators
Hash 79940589e33f37f68f9a80ce5e13c037
d7572fb9ef61134c9cb335a6db3740468b93b36f
6fff922e860e02fb4bc322b3807ab5e37dd8079072929c2b233c3ae9cdd21d8f
Analyzer Verdict Alert fortinet Phishing
GET /bossss/Sign%20in%20to%20XFINITY_files/comcastVisIDAthena.js HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:41 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8409
Content-Type: application/javascript
cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/rta.js
159 B URL cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/rta.js
IP :0
File type gzip compressed data, from Unix\012- data
Hash a66a008566af0e3807b90760012863c2
e09466fb3c0b0d2b94f6233b54321d179903eb17
3ee657e09030047c5792c02cf0f206708cfd3f33aa98b0ccf28cd9c4b098f610
Analyzer Verdict Alert fortinet Phishing
GET /bossss/Sign%20in%20to%20XFINITY_files/rta.js HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
push.services.mozilla.com/
52.34.4.233101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.34.4.233:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: JXg837Sd31f8sdXcEyzTtA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 3xlbA6peVZN9bCm1Je6MYBFAEHs=
cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/segments.js
108.167.141.129200 OK 39 B URL HTTP/1.1 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/segments.js
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 9c5453ce3943ebf709c68c4358907916
25c057fa107fca0917c7dca9f432cdce93ce2316
c47bb8af6317ddc64116b9fa30f3d2d46ea6b759789556c003a08fd57c0f6e8a
Analyzer Verdict Alert fortinet Phishing
GET /bossss/Sign%20in%20to%20XFINITY_files/segments.js HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:41 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: none
Content-Length: 39
Content-Type: application/javascript
cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/Oscars_SignIn_300x250.jpg
108.167.141.129200 OK 36 kB URL HTTP/1.1 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/Oscars_SignIn_300x250.jpg
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, components 3\012- data
Hash a98fbe346dd7c66a4ca5f1f77aa75e44
ee1c12063d821ba884efe2afedd6cab81c825363
de3e0d54441cd6afe0d7d2afcb95eadf8fec5cb23ecd47a796c3818fe7fb8f4d
GET /bossss/Sign%20in%20to%20XFINITY_files/Oscars_SignIn_300x250.jpg HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:41 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Content-Length: 35514
Content-Type: image/jpeg
cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/event.gif
108.167.141.129200 OK 42 B URL HTTP/1.1 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/event.gif
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /bossss/Sign%20in%20to%20XFINITY_files/event.gif HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:41 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Content-Length: 42
Content-Type: image/gif
cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/u.gif
108.167.141.129200 OK 42 B URL HTTP/1.1 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/u.gif
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /bossss/Sign%20in%20to%20XFINITY_files/u.gif HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:41 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Content-Length: 42
Content-Type: image/gif
cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/seal.png
108.167.141.129200 OK 3.1 kB URL HTTP/1.1 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/seal.png
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 142 x 45, 8-bit/color RGBA, non-interlaced\012- data
Hash be19bc645a5d70db58e4317fb1f7f791
8c38f471f3e6d17af148acaab219db7e3e4a8d23
6ab85bc152133401e0ad5ca069990f4a76413499820d4ba95a0dadb063bcc8b8
GET /bossss/Sign%20in%20to%20XFINITY_files/seal.png HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:41 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Content-Length: 3091
Content-Type: image/png
z.moatads.com/comcastapn56341864860/moatad.js
2.18.173.140200 OK 0 B URL HTTP/2 z.moatads.com/comcastapn56341864860/moatad.js
IP 2.18.173.140:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /comcastapn56341864860/moatad.js HTTP/1.1
Host: z.moatads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cgltreeservices.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: iNOl1G7caF+4F0KjCYi8LROSIJDzen5qwVKxO9qb70np0Ib7E8xnZvs9UYc5c1RxmbTyX0e7zg8=
x-amz-request-id: 011D4RFHBA3563FE
last-modified: Mon, 11 May 2020 15:59:42 GMT
etag: "d41d8cd98f00b204e9800998ecf8427e"
accept-ranges: bytes
content-type: application/x-javascript
server: AmazonS3
content-length: 0
cache-control: max-age=62900
date: Tue, 06 Dec 2022 12:45:42 GMT
X-Firefox-Spdy: h2
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 6a1b976735685cee0e12b8edd836ea44
d0caa3fedecb3adce697d8dcad78fb70f4e0fe9f
630e9c9f04f03c94d1171df47368978fc0ad0153261d9f1fd511894a7ca336c5
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5436
Cache-Control: max-age=99583
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 12:45:42 GMT
Etag: "638e0639-1d7"
Expires: Wed, 07 Dec 2022 16:25:25 GMT
Last-Modified: Mon, 05 Dec 2022 14:54:49 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
us-ads.openx.net/w/1.0/jstag
35.244.159.8200 OK 18 kB URL HTTP/2 us-ads.openx.net/w/1.0/jstag
IP 35.244.159.8:0
File type ASCII text, with very long lines (12594)
Hash 2733e0fae1450a96d12c4a3b10520dda
702952049a36309160c162b1fe08831247c79c6a
08d3c438e2a5026220d4be3ec8bfff6b06816108804180a96469b113e6da0547
GET /w/1.0/jstag HTTP/1.1
Host: us-ads.openx.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cgltreeservices.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
server: OXGW/0.0.0
p3p: CP="CUR ADM OUR NOR STA NID"
expires: Tue, 06 Dec 2022 13:45:42 GMT
date: Tue, 06 Dec 2022 12:45:42 GMT
content-type: text/javascript
content-length: 18069
content-encoding: gzip
cache-control: max-age=3600
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Regular.woff2
108.167.141.129404 Not Found 746 B URL HTTP/1.1 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Regular.woff2
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash dbf8ec3db1d4b93b848197591827939c
2e12f671d6101f52060133c32f8d359af756f9b2
63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Regular.woff2 HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 12:45:42 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Content-Length: 746
Vary: Accept-Encoding
Content-Type: text/html
cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.woff2
108.167.141.129404 Not Found 746 B URL HTTP/1.1 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.woff2
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash dbf8ec3db1d4b93b848197591827939c
2e12f671d6101f52060133c32f8d359af756f9b2
63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.woff2 HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 12:45:42 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Content-Length: 746
Vary: Accept-Encoding
Content-Type: text/html
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 6a1b976735685cee0e12b8edd836ea44
d0caa3fedecb3adce697d8dcad78fb70f4e0fe9f
630e9c9f04f03c94d1171df47368978fc0ad0153261d9f1fd511894a7ca336c5
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2134
Cache-Control: max-age=96281
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 12:45:42 GMT
Etag: "638e0639-1d7"
Expires: Wed, 07 Dec 2022 15:30:23 GMT
Last-Modified: Mon, 05 Dec 2022 14:54:49 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
us-ads.openx.net/w/1.0/acj?ai=57cffdf0-6cad-415e-b2cf-da230175065f&o=301290733&callback=OX_301290733&ju=http%3A//cgltreeservices.com/bossss/%3Fentity%3D1073444&jr=&auid=538020939&dims=1280x939&adxy=620%2C69&res=1280x1024x24&plg=pm&ch=UTF-8&tz=0&ws=1280x939&ifr=0&tws=1280x939&vmt=1&sd=1&mt=1
35.244.159.8200 OK 241 B URL HTTP/2 us-ads.openx.net/w/1.0/acj?ai=57cffdf0-6cad-415e-b2cf-da230175065f&o=301290733&callback=OX_301290733&ju=http%3A//cgltreeservices.com/bossss/%3Fentity%3D1073444&jr=&auid=538020939&dims=1280x939&adxy=620%2C69&res=1280x1024x24&plg=pm&ch=UTF-8&tz=0&ws=1280x939&ifr=0&tws=1280x939&vmt=1&sd=1&mt=1
IP 35.244.159.8:0
Hash bc100c2eaeb0f499e0f269b78d634c0f
9a3ecffa3e96a0025a21feb1647c340e0bdc4cc3
b605744a1c23f6cb1b53c24f5e37789afcd562412e65b57ab9c6e31a83f47f5a
GET /w/1.0/acj?ai=57cffdf0-6cad-415e-b2cf-da230175065f&o=301290733&callback=OX_301290733&ju=http%3A//cgltreeservices.com/bossss/%3Fentity%3D1073444&jr=&auid=538020939&dims=1280x939&adxy=620%2C69&res=1280x1024x24&plg=pm&ch=UTF-8&tz=0&ws=1280x939&ifr=0&tws=1280x939&vmt=1&sd=1&mt=1 HTTP/1.1
Host: us-ads.openx.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cgltreeservices.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept, Accept-Encoding
server: OXGW/0.0.0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
expires: Mon, 26 Jul 1997 05:00:00 GMT
date: Tue, 06 Dec 2022 12:45:42 GMT
content-type: application/json
content-length: 241
content-encoding: gzip
cache-control: private, max-age=0, no-cache
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Regular.woff
108.167.141.129404 Not Found 746 B URL HTTP/1.1 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Regular.woff
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash dbf8ec3db1d4b93b848197591827939c
2e12f671d6101f52060133c32f8d359af756f9b2
63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Regular.woff HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 12:45:42 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Content-Length: 746
Vary: Accept-Encoding
Content-Type: text/html
cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.woff
108.167.141.129404 Not Found 746 B URL HTTP/1.1 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.woff
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash dbf8ec3db1d4b93b848197591827939c
2e12f671d6101f52060133c32f8d359af756f9b2
63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.woff HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 12:45:42 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Content-Length: 746
Vary: Accept-Encoding
Content-Type: text/html
optimized-by.rubiconproject.com/a/11648/36314/150582-10.js?&cb=0.03127281249621183&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
35.157.163.64307 Temporary Redirect 0 B URL HTTP/1.1 optimized-by.rubiconproject.com/a/11648/36314/150582-10.js?&cb=0.03127281249621183&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
IP 35.157.163.64:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a/11648/36314/150582-10.js?&cb=0.03127281249621183&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10 HTTP/1.1
Host: optimized-by.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/
HTTP/1.1 307 Temporary Redirect
Date: Tue, 06 Dec 2022 12:45:42 GMT
Content-Length: 0
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Location: http://vast.rubiconproject.com/a/11648/36314/150582-10.js?tk_vps=2&&cb=0.03127281249621183&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
X-Forwarded-For: 91.90.42.154
X-Forwarded-Proto: http
X-Forwarded-Port: 80
Host: optimized-by.rubiconproject.com
X-Amzn-Trace-Id: Root=1-638f3976-7ab0d8e16cef8a1d2fe68ac6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cgltreeservices.com/
cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/all.js
108.167.141.129200 OK 82 kB URL HTTP/1.1 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/all.js
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (18053)
Hash d3c16f63bb394161ab950761946097c7
e2db8104260b5e9574af432bb5162072ccf9e774
af710747fdaf30a7775f1915817fad217a2a1e64ae09ba719da243abf6ee67f4
Analyzer Verdict Alert fortinet Phishing
GET /bossss/Sign%20in%20to%20XFINITY_files/all.js HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:41 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: application/javascript
vast.rubiconproject.com/a/11648/36314/150582-10.js?tk_vps=2&&cb=0.03127281249621183&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
213.19.162.31200 OK 147 B URL HTTP/1.1 vast.rubiconproject.com/a/11648/36314/150582-10.js?tk_vps=2&&cb=0.03127281249621183&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
IP 213.19.162.31:0
Hash 7bdda9f1de292e7e006306b2d85c9cb1
36a60514a49f5f2d58deb949fdf037ed29a067cc
83ea4cc1abe0489b72d792344ff8e08c2749d8bd6933a61ab0bdbd7e07c447ca
GET /a/11648/36314/150582-10.js?tk_vps=2&&cb=0.03127281249621183&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10 HTTP/1.1
Host: vast.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cgltreeservices.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.21.4
Date: Tue, 06 Dec 2022 12:45:42 GMT
Content-Type: text/javascript
Content-Length: 147
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Pragma: no-cache
Vary: Accept-Encoding
Set-Cookie: khaos=LBC7SPF5-1B-4QH1; Domain=.rubiconproject.com; Path=/; Expires=Wed, 06-Dec-2023 12:45:42 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qrBVWljdJMrYe9DtVM30fCgV3PdyjZap6Ssvm2guYrwapt8UDkxNtLxZjgLr2G0q8TggJ3pD4CYmwZlrptl4/mV0A+VO7RH1E0=; Domain=.rubiconproject.com; Path=/; Expires=Wed, 06-Dec-2023 12:45:42 GMT; Max-Age=31536000; SameSite=None; Secure
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
optimized-by.rubiconproject.com/a/11648/36314/150582-10.js?&cb=0.03127281249621183&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
35.157.163.64307 Temporary Redirect 0 B URL HTTP/1.1 optimized-by.rubiconproject.com/a/11648/36314/150582-10.js?&cb=0.03127281249621183&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
IP 35.157.163.64:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a/11648/36314/150582-10.js?&cb=0.03127281249621183&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10 HTTP/1.1
Host: optimized-by.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/
HTTP/1.1 307 Temporary Redirect
Date: Tue, 06 Dec 2022 12:45:42 GMT
Content-Length: 0
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Location: http://vast.rubiconproject.com/a/11648/36314/150582-10.js?tk_vps=2&&cb=0.03127281249621183&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
X-Forwarded-For: 91.90.42.154
X-Forwarded-Proto: http
X-Forwarded-Port: 80
Host: optimized-by.rubiconproject.com
X-Amzn-Trace-Id: Root=1-638f3976-46b4e4253b12d9293d46460f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cgltreeservices.com/
cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Regular.ttf
108.167.141.129404 Not Found 462 B URL HTTP/1.1 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Regular.ttf
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3b58a4197a90ce28f053f853e9f5201a
1764aa95ccf139706beb229625b9d6d6f154bd5d
e63cc6fceab87ebcfc2e83b5d9354ef92bd45c582ac8202ff6d141f39ec17648
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Regular.ttf HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 12:45:43 GMT
Server: nginx/1.21.6
Content-Type: text/html
Content-Length: 462
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.ttf
108.167.141.129404 Not Found 462 B URL HTTP/1.1 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.ttf
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3b58a4197a90ce28f053f853e9f5201a
1764aa95ccf139706beb229625b9d6d6f154bd5d
e63cc6fceab87ebcfc2e83b5d9354ef92bd45c582ac8202ff6d141f39ec17648
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.ttf HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 12:45:43 GMT
Server: nginx/1.21.6
Content-Type: text/html
Content-Length: 462
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
vast.rubiconproject.com/a/11648/36314/150582-10.js?tk_vps=2&&cb=0.03127281249621183&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
213.19.162.31200 OK 147 B URL HTTP/1.1 vast.rubiconproject.com/a/11648/36314/150582-10.js?tk_vps=2&&cb=0.03127281249621183&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
IP 213.19.162.31:0
Hash 7bdda9f1de292e7e006306b2d85c9cb1
36a60514a49f5f2d58deb949fdf037ed29a067cc
83ea4cc1abe0489b72d792344ff8e08c2749d8bd6933a61ab0bdbd7e07c447ca
GET /a/11648/36314/150582-10.js?tk_vps=2&&cb=0.03127281249621183&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10 HTTP/1.1
Host: vast.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cgltreeservices.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.21.4
Date: Tue, 06 Dec 2022 12:45:42 GMT
Content-Type: text/javascript
Content-Length: 147
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Pragma: no-cache
Vary: Accept-Encoding
Set-Cookie: khaos=LBC7SPHO-15-EEDE; Domain=.rubiconproject.com; Path=/; Expires=Wed, 06-Dec-2023 12:45:42 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qqEcZ47kCoY1u9DtVM30fCgV3PdyjZap6Ssvm2guYrwapt8UDkxNtLxZjgLr2G0q8TggJ3pD4CYmwZlrptl4/mV0A+VO7RH1E0=; Domain=.rubiconproject.com; Path=/; Expires=Wed, 06-Dec-2023 12:45:42 GMT; Max-Age=31536000; SameSite=None; Secure
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ads.rubiconproject.com/ad/11648.js
104.85.187.217200 OK 8.9 kB URL HTTP/2 ads.rubiconproject.com/ad/11648.js
IP 104.85.187.217:0
File type C source, ASCII text, with very long lines (26545)
Hash 5aecf12e8c3cb1d14458bc71c6b8cf0c
b0cedce6e8165041981ba59a9b7277053a37ba89
69dd3510681bc16e17f107ac8f2fa504aa7ce59d75ebf3248b6f85f02a6409aa
GET /ad/11648.js HTTP/1.1
Host: ads.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cgltreeservices.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
x-powered-by: PHP/5.3.3
content-encoding: gzip
content-length: 8946
content-type: text/javascript
cache-control: max-age=2483
expires: Tue, 06 Dec 2022 13:27:05 GMT
date: Tue, 06 Dec 2022 12:45:42 GMT
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b7894571eb7d4837e1dee13aaacac990
486b9d79414f9eb33b76b0b423982b351c6a110f
6d14a5d3df707015be4ca6e368b8cf5dd32aeb408d34aeaf09c3c0f2deedf844
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 640
Cache-Control: max-age=131515
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 12:45:42 GMT
Etag: "638e95b1-1d7"
Expires: Thu, 08 Dec 2022 01:17:37 GMT
Last-Modified: Tue, 06 Dec 2022 01:06:57 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
smarttag.rubiconproject.com/a/11648/36314/150582-15.js?&cb=0.2677308006107252&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15&rp_secure=1
213.19.162.21200 OK 147 B URL HTTP/2 smarttag.rubiconproject.com/a/11648/36314/150582-15.js?&cb=0.2677308006107252&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15&rp_secure=1
IP 213.19.162.21:0
Hash 9441d4459f9bdf15aad152e66fc88643
e97b5816d440de61a5d5a7f47bb921cec240580b
9983e07b9631af361911c4abfcddf64df4a51003d916415dfab1e19c9cd16749
GET /a/11648/36314/150582-15.js?&cb=0.2677308006107252&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15&rp_secure=1 HTTP/1.1
Host: smarttag.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cgltreeservices.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.21.4
date: Tue, 06 Dec 2022 12:45:42 GMT
content-type: text/javascript
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LBC7SPMK-1H-24BO; Domain=.rubiconproject.com; Path=/; Expires=Wed, 06-Dec-2023 12:45:42 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qpJ+zSFdxqpre9DtVM30fCgV3PdyjZap6Ssvm2guYrwapt8UDkxNtLxZjgLr2G0q8TggJ3pD4CYmwZlrptl4/mV0A+VO7RH1E0=; Domain=.rubiconproject.com; Path=/; Expires=Wed, 06-Dec-2023 12:45:42 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 147
X-Firefox-Spdy: h2
optimized-by.rubiconproject.com/a/11648/36314/150582-15.js?&cb=0.13540286314975236&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
35.157.163.64307 Temporary Redirect 0 B URL HTTP/1.1 optimized-by.rubiconproject.com/a/11648/36314/150582-15.js?&cb=0.13540286314975236&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
IP 35.157.163.64:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a/11648/36314/150582-15.js?&cb=0.13540286314975236&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15 HTTP/1.1
Host: optimized-by.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/
HTTP/1.1 307 Temporary Redirect
Date: Tue, 06 Dec 2022 12:45:42 GMT
Content-Length: 0
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Location: http://vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.13540286314975236&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
X-Forwarded-For: 91.90.42.154
X-Forwarded-Proto: http
X-Forwarded-Port: 80
Host: optimized-by.rubiconproject.com
X-Amzn-Trace-Id: Root=1-638f3976-3501828426e54dde4c9d9790
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cgltreeservices.com/
vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.13540286314975236&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
213.19.162.31200 OK 147 B URL HTTP/1.1 vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.13540286314975236&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
IP 213.19.162.31:0
Hash 9441d4459f9bdf15aad152e66fc88643
e97b5816d440de61a5d5a7f47bb921cec240580b
9983e07b9631af361911c4abfcddf64df4a51003d916415dfab1e19c9cd16749
GET /a/11648/36314/150582-15.js?tk_vps=2&&cb=0.13540286314975236&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15 HTTP/1.1
Host: vast.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cgltreeservices.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.21.4
Date: Tue, 06 Dec 2022 12:45:42 GMT
Content-Type: text/javascript
Content-Length: 147
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Pragma: no-cache
Vary: Accept-Encoding
Set-Cookie: khaos=LBC7SPOF-1P-J8AJ; Domain=.rubiconproject.com; Path=/; Expires=Wed, 06-Dec-2023 12:45:42 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qr6PX1auTEnF+9DtVM30fCgV3PdyjZap6Ssvm2guYrwapt8UDkxNtLxZjgLr2G0q8TggJ3pD4CYmwZlrptl4/mV0A+VO7RH1E0=; Domain=.rubiconproject.com; Path=/; Expires=Wed, 06-Dec-2023 12:45:42 GMT; Max-Age=31536000; SameSite=None; Secure
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
optimized-by.rubiconproject.com/a/11648/36314/150582-15.js?&cb=0.13540286314975236&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
35.157.163.64307 Temporary Redirect 0 B URL HTTP/1.1 optimized-by.rubiconproject.com/a/11648/36314/150582-15.js?&cb=0.13540286314975236&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
IP 35.157.163.64:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a/11648/36314/150582-15.js?&cb=0.13540286314975236&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15 HTTP/1.1
Host: optimized-by.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/
HTTP/1.1 307 Temporary Redirect
Date: Tue, 06 Dec 2022 12:45:42 GMT
Content-Length: 0
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Location: http://vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.13540286314975236&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
X-Forwarded-For: 91.90.42.154
X-Forwarded-Proto: http
X-Forwarded-Port: 80
Host: optimized-by.rubiconproject.com
X-Amzn-Trace-Id: Root=1-638f3976-6651467b118f52176a819476
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cgltreeservices.com/
vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.13540286314975236&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
213.19.162.31200 OK 147 B URL HTTP/1.1 vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.13540286314975236&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
IP 213.19.162.31:0
Hash 9441d4459f9bdf15aad152e66fc88643
e97b5816d440de61a5d5a7f47bb921cec240580b
9983e07b9631af361911c4abfcddf64df4a51003d916415dfab1e19c9cd16749
GET /a/11648/36314/150582-15.js?tk_vps=2&&cb=0.13540286314975236&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15 HTTP/1.1
Host: vast.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cgltreeservices.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.21.4
Date: Tue, 06 Dec 2022 12:45:42 GMT
Content-Type: text/javascript
Content-Length: 147
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Pragma: no-cache
Vary: Accept-Encoding
Set-Cookie: khaos=LBC7SPQ2-A-LFB5; Domain=.rubiconproject.com; Path=/; Expires=Wed, 06-Dec-2023 12:45:42 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qpnLi13WCVxe+9DtVM30fCgV3PdyjZap6Ssvm2guYrwapt8UDkxNtLxZjgLr2G0q8TggJ3pD4CYmwZlrptl4/mV0A+VO7RH1E0=; Domain=.rubiconproject.com; Path=/; Expires=Wed, 06-Dec-2023 12:45:42 GMT; Max-Age=31536000; SameSite=None; Secure
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a020f64fea80cefdee3833231b62ed32
934f5206a482c5c02f4ed31717b7de4d7a4d5105
3ba0c6659d7753189961c649bc889e6823a77dd64400e13cd74aca5fc90e2704
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5900
Cache-Control: max-age=111566
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 12:45:42 GMT
Etag: "638e3338-1d7"
Expires: Wed, 07 Dec 2022 19:45:08 GMT
Last-Modified: Mon, 05 Dec 2022 18:06:48 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
pixel.quantserve.com/api/segments.json?a=p-9eJ8k4iSzux46&callback=qc_results&ttl=86400
91.228.74.244200 OK 39 B URL HTTP/2 pixel.quantserve.com/api/segments.json?a=p-9eJ8k4iSzux46&callback=qc_results&ttl=86400
IP 91.228.74.244:0
Hash 9c5453ce3943ebf709c68c4358907916
25c057fa107fca0917c7dca9f432cdce93ce2316
c47bb8af6317ddc64116b9fa30f3d2d46ea6b759789556c003a08fd57c0f6e8a
GET /api/segments.json?a=p-9eJ8k4iSzux46&callback=qc_results&ttl=86400 HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cgltreeservices.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 12:45:43 GMT
content-type: application/x-javascript
content-length: 39
cache-control: private, no-transform, must-revalidate, max-age=86400
expires: Wed, 07 Dec 2022 12:45:43 GMT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
set-cookie: mc=638f3977-0087b-2c5d2-a73f0; expires=Sat, 06-Jan-2024 12:45:43 GMT; path=/; domain=.quantserve.com
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15738
Expires: Tue, 06 Dec 2022 17:08:01 GMT
Date: Tue, 06 Dec 2022 12:45:43 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15738
Expires: Tue, 06 Dec 2022 17:08:01 GMT
Date: Tue, 06 Dec 2022 12:45:43 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15738
Expires: Tue, 06 Dec 2022 17:08:01 GMT
Date: Tue, 06 Dec 2022 12:45:43 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15738
Expires: Tue, 06 Dec 2022 17:08:01 GMT
Date: Tue, 06 Dec 2022 12:45:43 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15738
Expires: Tue, 06 Dec 2022 17:08:01 GMT
Date: Tue, 06 Dec 2022 12:45:43 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8b8df80-ffce-4960-a0e3-83eaf7ee52f3.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8b8df80-ffce-4960-a0e3-83eaf7ee52f3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ebd3528452aecd80e39bbf82d3f71f2c
eaa956309d27052d466f7c4bd75b3bdf8443f251
680066dadbddc2cd7179ad5bdfbf9b2014ea601561e585d18dfcda73512ae84a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8b8df80-ffce-4960-a0e3-83eaf7ee52f3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6352
x-amzn-requestid: cd970b83-2a99-4e38-afed-580d733040a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSuWF1bIAMFcpg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64c2-1ba552306e857bb37424d679;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: P9Yc2Lh9Kw4AEDZyc9R9WExLdUnCitDeuy0NjttQM-EL1cdVndZxFA==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:30:36 GMT
age: 51307
etag: "eaa956309d27052d466f7c4bd75b3bdf8443f251"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a1b8c21-bea6-4053-8dea-90393eea45b7.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a1b8c21-bea6-4053-8dea-90393eea45b7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 30d72693680b3ac91c0eee4d47a26196
cd923a5a3810bfe86be2eca4b97c739d76756d93
69ca9e172f6b0c5bf158022d533701b89282630deaa0ce7df27ed459c9bfe75e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a1b8c21-bea6-4053-8dea-90393eea45b7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8656
x-amzn-requestid: cfc71f7f-d1c6-47c9-8107-864701dbf3c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSwkEHmIAMFUnw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64d0-6705510852d26ae24b3e5ea4;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:24 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zTGiKMan3uG3edx5AsFabNE4eG_dmzrIIOFCWcOxYN0UgSCGTNTtxw==
via: 1.1 c9b161639a9353c2354b895548ea9fca.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:25 GMT
age: 51798
etag: "cd923a5a3810bfe86be2eca4b97c739d76756d93"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b15136d60fd0a5e0f657a4f5c75d540f
36082b7329d473829178f280cb71a83b1531e486
79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:23:09 GMT
age: 51754
etag: "36082b7329d473829178f280cb71a83b1531e486"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8a7b1a4-645c-4164-abf9-5450ef421f97.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8a7b1a4-645c-4164-abf9-5450ef421f97.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fddffc8edfa3ca668c8ac740d34f46c5
63483fc211cfb2808c7f37940a4065b4f4177c59
3c736f085f8f25d68c3dd946d5a546dc6d1f5f6e94a0da17b7fd4662d61a0b50
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8a7b1a4-645c-4164-abf9-5450ef421f97.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8660
x-amzn-requestid: d5cf901f-bd2b-4269-918a-29a0bec09a40
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_uBG9IIAMFxcw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1326-63b4ea925878dab212409f2b;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bywOU4HpwW6ebOdbHiI_ctX46Z-LXrUcRIVacGUtf_tyISXlXjOP4g==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:51:33 GMT
age: 53650
etag: "63483fc211cfb2808c7f37940a4065b4f4177c59"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7f2c354a00ab51d4a41221b6bf191c10
01ceb7233fe05ad8dff3a0a43eef879ea2b83ec4
7d3c8417e1db0db41ceb8b4bf3f506864392dd1ad29319a06a8a6055f6f2ed12
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11352
x-amzn-requestid: 7c3fc7bb-eb1f-46ec-8e92-b6ffc6261848
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSwuF1ToAMFiIA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64d1-7c53152a279f00595b9886bd;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:25 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aYf5d6wAJlPSXVwF5uQXUb1g_65z-v6tInk7IF64bBV-w31d3MKeIQ==
via: 1.1 b6d577696b14c86cbfeb5b3459f38c50.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:23 GMT
age: 51800
etag: "01ceb7233fe05ad8dff3a0a43eef879ea2b83ec4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d735c66-8946-4145-a67f-e17dd48087bc.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d735c66-8946-4145-a67f-e17dd48087bc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 38b97436af942d5eb1111ca7043259a0
0234fe32c84c4711f0619714f3ac6d3db1b717d3
a76a7721355abbaecd5c8cb5218e7e4626dc345eb26e7541c71bf4ceaa7ae5d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d735c66-8946-4145-a67f-e17dd48087bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11175
x-amzn-requestid: 9c93ddca-1247-44af-a364-e617f69ace26
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSzYEnEoAMFa2A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64e2-7d38ea383725901524bc2ca0;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jqWuNfsDgPOsqxlX2HGJdhXm9GnGC-TBafSbSCrztICFgEwcyqc_iA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:22 GMT
age: 51801
etag: "0234fe32c84c4711f0619714f3ac6d3db1b717d3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff2
108.167.141.129404 Not Found 746 B URL HTTP/1.1 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff2
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash dbf8ec3db1d4b93b848197591827939c
2e12f671d6101f52060133c32f8d359af756f9b2
63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff2 HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 12:45:43 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Content-Length: 746
Vary: Accept-Encoding
Content-Type: text/html
serviceo.comcast.net/b/ss/comcastnetdev/1/H.27.5/s01834872481421?AQB=1&ndh=1&t=6%2F11%2F2022%2012%3A45%3A43%202%200&fid=6BE7C42F87EAA628-0FB8B2E1892DE275&ce=UTF-8&ns=comcast&pageName=sign%20in&g=http%3A%2F%2Fcgltreeservices.com%2Fbossss%2F%3Fentity%3D1073444&cc=USD&ch=sign%20in&events=event11&c1=%2Fbossss%2F%2F%3Asign%20in&v1=%2Fbossss%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Fbossss%2F&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&AQE=1
13.36.218.177302 Found 0 B URL HTTP/1.1 serviceo.comcast.net/b/ss/comcastnetdev/1/H.27.5/s01834872481421?AQB=1&ndh=1&t=6%2F11%2F2022%2012%3A45%3A43%202%200&fid=6BE7C42F87EAA628-0FB8B2E1892DE275&ce=UTF-8&ns=comcast&pageName=sign%20in&g=http%3A%2F%2Fcgltreeservices.com%2Fbossss%2F%3Fentity%3D1073444&cc=USD&ch=sign%20in&events=event11&c1=%2Fbossss%2F%2F%3Asign%20in&v1=%2Fbossss%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Fbossss%2F&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&AQE=1
IP 13.36.218.177:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/ss/comcastnetdev/1/H.27.5/s01834872481421?AQB=1&ndh=1&t=6%2F11%2F2022%2012%3A45%3A43%202%200&fid=6BE7C42F87EAA628-0FB8B2E1892DE275&ce=UTF-8&ns=comcast&pageName=sign%20in&g=http%3A%2F%2Fcgltreeservices.com%2Fbossss%2F%3Fentity%3D1073444&cc=USD&ch=sign%20in&events=event11&c1=%2Fbossss%2F%2F%3Asign%20in&v1=%2Fbossss%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Fbossss%2F&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&AQE=1 HTTP/1.1
Host: serviceo.comcast.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/
HTTP/1.1 302 Found
access-control-allow-origin: *
vary: Origin
date: Tue, 06 Dec 2022 12:45:43 GMT
content-type: text/plain;charset=utf-8
expires: Mon, 05 Dec 2022 12:45:43 GMT
last-modified: Wed, 07 Dec 2022 12:45:43 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|31C79CBBF633C240-60000CADACDAFA4E[CE]; Path=/; Domain=comcast.net; Max-Age=63072000; Expires=Thu, 05 Dec 2024 12:45:45 GMT;
location: http://serviceo.comcast.net/b/ss/comcastnetdev/1/H.27.5/s01834872481421?AQB=1&pccr=true&vidn=31C79CBBF633C240-60000CADACDAFA4E&ndh=1&t=6%2F11%2F2022%2012%3A45%3A43%202%200&fid=6BE7C42F87EAA628-0FB8B2E1892DE275&ce=UTF-8&ns=comcast&pageName=sign%20in&g=http%3A%2F%2Fcgltreeservices.com%2Fbossss%2F%3Fentity%3D1073444&cc=USD&ch=sign%20in&events=event11&c1=%2Fbossss%2F%2F%3Asign%20in&v1=%2Fbossss%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Fbossss%2F&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&AQE=1
content-length: 0
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cgltreeservices.com/static/images/fb-logo-29.png
108.167.141.129404 Not Found 462 B URL HTTP/1.1 cgltreeservices.com/static/images/fb-logo-29.png
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3b58a4197a90ce28f053f853e9f5201a
1764aa95ccf139706beb229625b9d6d6f154bd5d
e63cc6fceab87ebcfc2e83b5d9354ef92bd45c582ac8202ff6d141f39ec17648
GET /static/images/fb-logo-29.png HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 12:45:43 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 462
Content-Type: text/html
cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Light.woff2
108.167.141.129404 Not Found 746 B URL HTTP/1.1 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Light.woff2
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash dbf8ec3db1d4b93b848197591827939c
2e12f671d6101f52060133c32f8d359af756f9b2
63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Light.woff2 HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 12:45:43 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Content-Length: 746
Vary: Accept-Encoding
Content-Type: text/html
serviceo.comcast.net/b/ss/comcastnetdev/1/H.27.5/s01834872481421?AQB=1&pccr=true&vidn=31C79CBBF633C240-60000CADACDAFA4E&ndh=1&t=6%2F11%2F2022%2012%3A45%3A43%202%200&fid=6BE7C42F87EAA628-0FB8B2E1892DE275&ce=UTF-8&ns=comcast&pageName=sign%20in&g=http%3A%2F%2Fcgltreeservices.com%2Fbossss%2F%3Fentity%3D1073444&cc=USD&ch=sign%20in&events=event11&c1=%2Fbossss%2F%2F%3Asign%20in&v1=%2Fbossss%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Fbossss%2F&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&AQE=1
13.36.218.177200 OK 43 B URL HTTP/1.1 serviceo.comcast.net/b/ss/comcastnetdev/1/H.27.5/s01834872481421?AQB=1&pccr=true&vidn=31C79CBBF633C240-60000CADACDAFA4E&ndh=1&t=6%2F11%2F2022%2012%3A45%3A43%202%200&fid=6BE7C42F87EAA628-0FB8B2E1892DE275&ce=UTF-8&ns=comcast&pageName=sign%20in&g=http%3A%2F%2Fcgltreeservices.com%2Fbossss%2F%3Fentity%3D1073444&cc=USD&ch=sign%20in&events=event11&c1=%2Fbossss%2F%2F%3Asign%20in&v1=%2Fbossss%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Fbossss%2F&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&AQE=1
IP 13.36.218.177:0
File type GIF image data, version 89a, 2 x 2\012- data
Hash ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
GET /b/ss/comcastnetdev/1/H.27.5/s01834872481421?AQB=1&pccr=true&vidn=31C79CBBF633C240-60000CADACDAFA4E&ndh=1&t=6%2F11%2F2022%2012%3A45%3A43%202%200&fid=6BE7C42F87EAA628-0FB8B2E1892DE275&ce=UTF-8&ns=comcast&pageName=sign%20in&g=http%3A%2F%2Fcgltreeservices.com%2Fbossss%2F%3Fentity%3D1073444&cc=USD&ch=sign%20in&events=event11&c1=%2Fbossss%2F%2F%3Asign%20in&v1=%2Fbossss%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Fbossss%2F&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&AQE=1 HTTP/1.1
Host: serviceo.comcast.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cgltreeservices.com/
Connection: keep-alive
HTTP/1.1 200 OK
access-control-allow-origin: *
date: Tue, 06 Dec 2022 12:45:43 GMT
expires: Mon, 05 Dec 2022 12:45:43 GMT
last-modified: Wed, 07 Dec 2022 12:45:43 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|31C79CBBF2EB813E-60000755ECDEDE48[CE]; Path=/; Domain=comcast.net; Max-Age=63072000; Expires=Thu, 05 Dec 2024 12:45:45 GMT;
etag: 3587007959272226816-4619856858379640391
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Thin.woff2
108.167.141.129404 Not Found 746 B URL HTTP/1.1 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Thin.woff2
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash dbf8ec3db1d4b93b848197591827939c
2e12f671d6101f52060133c32f8d359af756f9b2
63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Thin.woff2 HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 12:45:43 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Content-Length: 746
Vary: Accept-Encoding
Content-Type: text/html
cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/dest5.htm
108.167.141.129200 OK 4.2 kB URL HTTP/1.1 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/dest5.htm
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (581), with CRLF line terminators
Hash bca5675fe990e0cf10ada92892b4469b
fe22bdb21a46264c5d41dd0a032f26cfcd9314bf
ac3af5d86b1b86bed0c272d4bee25d13f4993322fce9906018c299a764365d6b
Analyzer Verdict Alert fortinet Phishing
GET /bossss/Sign%20in%20to%20XFINITY_files/dest5.htm HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
Cookie: OX_sd=1; OX_plg=pm; s_cc=true; s_fid=6BE7C42F87EAA628-0FB8B2E1892DE275; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T; s_sq=%5B%5BB%5D%5D
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:44 GMT
Server: nginx/1.21.6
Content-Type: text/html
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
X-Server-Cache: false
Content-Length: 4199
staticxx.facebook.com/connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42
157.240.200.14301 Moved Permanently 0 B URL HTTP/1.1 staticxx.facebook.com/connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42
IP 157.240.200.14:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42 HTTP/1.1
Host: staticxx.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Location: https://staticxx.facebook.com/connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42
Content-Type: text/plain
Server: proxygen-bolt
Date: Tue, 06 Dec 2022 12:45:43 GMT
Connection: keep-alive
Content-Length: 0
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a179b3b6ab78e29169af8cc2363d6280
501cd2871c5b70c56852c6cd0c87f383504ca933
ceecf34d673dd0d910e3622aa0fa8d84fea748592acc796286c4ec5e76fbc170
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3884
Cache-Control: max-age=95878
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 12:45:43 GMT
Etag: "638dfdd1-1d7"
Expires: Wed, 07 Dec 2022 15:23:41 GMT
Last-Modified: Mon, 05 Dec 2022 14:18:57 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff
108.167.141.129404 Not Found 746 B URL HTTP/1.1 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash dbf8ec3db1d4b93b848197591827939c
2e12f671d6101f52060133c32f8d359af756f9b2
63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm; s_cc=true; s_fid=6BE7C42F87EAA628-0FB8B2E1892DE275; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T; s_sq=%5B%5BB%5D%5D
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 12:45:43 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Content-Length: 746
Vary: Accept-Encoding
Content-Type: text/html
cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Light.woff
108.167.141.129404 Not Found 746 B URL HTTP/1.1 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Light.woff
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash dbf8ec3db1d4b93b848197591827939c
2e12f671d6101f52060133c32f8d359af756f9b2
63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Light.woff HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm; s_cc=true; s_fid=6BE7C42F87EAA628-0FB8B2E1892DE275; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T; s_sq=%5B%5BB%5D%5D
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 12:45:43 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Content-Length: 746
Vary: Accept-Encoding
Content-Type: text/html
staticxx.facebook.com/connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42
157.240.200.14404 Not Found 9 B URL HTTP/2 staticxx.facebook.com/connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42
IP 157.240.200.14:0
File type ASCII text, with no line terminators
Hash 9d1ead73e678fa2f51a70a933b0bf017
d205cbd6783332a212c5ae92d73c77178c2d2f28
0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5
GET /connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42 HTTP/1.1
Host: staticxx.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cgltreeservices.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: tzR2geJ5gJhECWY9yR7taC3akolSWdkMjs+NfVJSqe7juHdQD+M6BiGwHGmuKypCETTk4nJ4ji1ry/b8GG2DNw==
content-length: 9
x-fb-trip-id: 1679558926
date: Tue, 06 Dec 2022 12:45:43 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Thin.woff
108.167.141.129404 Not Found 746 B URL HTTP/1.1 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Thin.woff
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash dbf8ec3db1d4b93b848197591827939c
2e12f671d6101f52060133c32f8d359af756f9b2
63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Thin.woff HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm; s_cc=true; s_fid=6BE7C42F87EAA628-0FB8B2E1892DE275; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T; s_sq=%5B%5BB%5D%5D
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 12:45:43 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Content-Length: 746
Vary: Accept-Encoding
Content-Type: text/html
cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/ao6eUeuGXQq.htm
108.167.141.129200 OK 17 kB URL HTTP/1.1 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/ao6eUeuGXQq.htm
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6078), with CRLF line terminators
Hash 9922458cb6254769b56591dbc1dc09fe
9e5e45878fd2024b41bc47dcb59a096fb65bc65d
686657c40c7df232e408c1bb2ee85b6d7bdb256581ecd22686d23bd178befc9a
Analyzer Verdict Alert fortinet Phishing
GET /bossss/Sign%20in%20to%20XFINITY_files/ao6eUeuGXQq.htm HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
Cookie: OX_sd=1; OX_plg=pm
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:44 GMT
Server: nginx/1.21.6
Content-Type: text/html
Content-Length: 16871
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
X-Server-Cache: false
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a179b3b6ab78e29169af8cc2363d6280
501cd2871c5b70c56852c6cd0c87f383504ca933
ceecf34d673dd0d910e3622aa0fa8d84fea748592acc796286c4ec5e76fbc170
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3884
Cache-Control: max-age=95878
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 12:45:43 GMT
Etag: "638dfdd1-1d7"
Expires: Wed, 07 Dec 2022 15:23:41 GMT
Last-Modified: Mon, 05 Dec 2022 14:18:57 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
staticxx.facebook.com/connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42
157.240.200.14404 Not Found 9 B URL HTTP/2 staticxx.facebook.com/connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42
IP 157.240.200.14:0
File type ASCII text, with no line terminators
Hash 9d1ead73e678fa2f51a70a933b0bf017
d205cbd6783332a212c5ae92d73c77178c2d2f28
0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5
GET /connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42 HTTP/1.1
Host: staticxx.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cgltreeservices.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: kVpr15El0XL5LcaUQ5sva7SKSO/OZBvlCImsdpqKBYqPGwbTXkMYVwhnnI/0SKqMKQa3LHJ28d2nXmfqGVkG8w==
content-length: 9
x-fb-trip-id: 1679558926
date: Tue, 06 Dec 2022 12:45:43 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Medium.ttf
108.167.141.129404 Not Found 462 B URL HTTP/1.1 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Medium.ttf
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3b58a4197a90ce28f053f853e9f5201a
1764aa95ccf139706beb229625b9d6d6f154bd5d
e63cc6fceab87ebcfc2e83b5d9354ef92bd45c582ac8202ff6d141f39ec17648
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Medium.ttf HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm; s_cc=true; s_fid=6BE7C42F87EAA628-0FB8B2E1892DE275; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T; s_sq=%5B%5BB%5D%5D
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 12:45:45 GMT
Server: nginx/1.21.6
Content-Type: text/html
Content-Length: 462
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Light.ttf
108.167.141.129404 Not Found 462 B URL HTTP/1.1 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Light.ttf
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3b58a4197a90ce28f053f853e9f5201a
1764aa95ccf139706beb229625b9d6d6f154bd5d
e63cc6fceab87ebcfc2e83b5d9354ef92bd45c582ac8202ff6d141f39ec17648
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Light.ttf HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm; s_cc=true; s_fid=6BE7C42F87EAA628-0FB8B2E1892DE275; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T; s_sq=%5B%5BB%5D%5D
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 12:45:45 GMT
Server: nginx/1.21.6
Content-Type: text/html
Content-Length: 462
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Thin.ttf
108.167.141.129404 Not Found 462 B URL HTTP/1.1 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Thin.ttf
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3b58a4197a90ce28f053f853e9f5201a
1764aa95ccf139706beb229625b9d6d6f154bd5d
e63cc6fceab87ebcfc2e83b5d9354ef92bd45c582ac8202ff6d141f39ec17648
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Thin.ttf HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm; s_cc=true; s_fid=6BE7C42F87EAA628-0FB8B2E1892DE275; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T; s_sq=%5B%5BB%5D%5D
HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 12:45:45 GMT
Server: nginx/1.21.6
Content-Type: text/html
Content-Length: 462
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
secure-assets.rubiconproject.com/static/psa/blank/1x1.png
104.85.187.217200 OK 155 B URL HTTP/2 secure-assets.rubiconproject.com/static/psa/blank/1x1.png
IP 104.85.187.217:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 0fed6b76619acefb38a43867d5fbbd65
b4881fe00376089907ce39fb43398fe2b9d55b8a
172f8ce100094feaee2d292f56c5a847b0a89852a43e79ef7743d28d06dec7d7
GET /static/psa/blank/1x1.png HTTP/1.1
Host: secure-assets.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cgltreeservices.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Tue, 01 Oct 2019 16:53:58 GMT
accept-ranges: bytes
content-type: image/png
content-encoding: gzip
content-length: 155
unused62: 8096267
date: Tue, 06 Dec 2022 12:45:43 GMT
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: *
X-Firefox-Spdy: h2
connect.facebook.net/en_US/all.js
157.240.200.14301 Moved Permanently 0 B URL HTTP/1.1 connect.facebook.net/en_US/all.js
IP 157.240.200.14:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /en_US/all.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/
HTTP/1.1 301 Moved Permanently
Location: https://connect.facebook.net/en_US/all.js
Content-Type: text/plain
Server: proxygen-bolt
Date: Tue, 06 Dec 2022 12:45:43 GMT
Connection: keep-alive
Content-Length: 0
rtax.criteo.com/delivery/rta/rta.js?netId=2528&cookieName=crtg_comcast&rnd=479698000&varName=crtg_content
178.250.2.157204 No Content 0 B URL HTTP/1.1 rtax.criteo.com/delivery/rta/rta.js?netId=2528&cookieName=crtg_comcast&rnd=479698000&varName=crtg_content
IP 178.250.2.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /delivery/rta/rta.js?netId=2528&cookieName=crtg_comcast&rnd=479698000&varName=crtg_content HTTP/1.1
Host: rtax.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/
HTTP/1.1 204 No Content
server: nginx/1.20.1
date: Tue, 06 Dec 2022 12:45:43 GMT
strict-transport-security: max-age=31536000; preload;
dpm.demdex.net/id?d_visid_ver=1.5.6&d_rtbd=json&d_ver=2&d_orgid=723C39F756ABCD0B7F000101%40AdobeOrg&d_nsid=0&d_cb=s_c_il%5B0%5D._setMarketingCloudFields
52.19.242.51200 OK 691 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=1.5.6&d_rtbd=json&d_ver=2&d_orgid=723C39F756ABCD0B7F000101%40AdobeOrg&d_nsid=0&d_cb=s_c_il%5B0%5D._setMarketingCloudFields
IP 52.19.242.51:0
File type ASCII text, with very long lines (1652), with no line terminators
Hash eb924aa92d6ed13adf6184fd3517d8d5
f8f03eb5cac0bf26edf16fd781e49dfa8237a884
1b011e93747c48b2aefbd9e9418d480f6a0fa8bd899488c1edcd26fe6d681e00
GET /id?d_visid_ver=1.5.6&d_rtbd=json&d_ver=2&d_orgid=723C39F756ABCD0B7F000101%40AdobeOrg&d_nsid=0&d_cb=s_c_il%5B0%5D._setMarketingCloudFields HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/javascript;charset=utf-8
DCS: dcs-prod-irl1-1-v045-04fb65ba6.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=67035713861381161163832262454246651284; Max-Age=15552000; Expires=Sun, 04 Jun 2023 12:45:43 GMT; Path=/; Domain=.demdex.net
X-TID: HJLPWfpVSgA=
Content-Length: 691
Connection: keep-alive
comcastathena.demdex.net/event?d_mid=67410887615165979293865241103609321257&d_nsid=1&d_ld=_ts%3D1670330743180&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_1_1670330743180&c_pageName=sign%20in&c_channel=sign%20in&c_events=event11&c_prop1=%2Fbossss%2F%2F%3Asign%20in&c_eVar1=%2Fbossss%2F%2F%3Asign%20in&c_prop4=sign%20in&c_prop7=my-xfinity&c_eVar7=my-xfinity&c_prop23=large&c_prop31=comcast&c_eVar31=sign%20in&c_prop32=cim&c_eVar32=cim&c_prop33=comcast%20net&c_eVar33=comcast%20net&c_prop34=comcast%20net%3Asign%20in&c_prop35=authentication&c_eVar35=authentication&c_prop36=site%3Ahome&c_eVar36=site%3Ahome&c_eVar41=large&c_prop44=anonymous%3Asign%20in&c_eVar47=anonymous&c_hier1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&c_hier2=%2Fbossss%2F
52.50.220.58200 OK 150 B URL HTTP/1.1 comcastathena.demdex.net/event?d_mid=67410887615165979293865241103609321257&d_nsid=1&d_ld=_ts%3D1670330743180&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_1_1670330743180&c_pageName=sign%20in&c_channel=sign%20in&c_events=event11&c_prop1=%2Fbossss%2F%2F%3Asign%20in&c_eVar1=%2Fbossss%2F%2F%3Asign%20in&c_prop4=sign%20in&c_prop7=my-xfinity&c_eVar7=my-xfinity&c_prop23=large&c_prop31=comcast&c_eVar31=sign%20in&c_prop32=cim&c_eVar32=cim&c_prop33=comcast%20net&c_eVar33=comcast%20net&c_prop34=comcast%20net%3Asign%20in&c_prop35=authentication&c_eVar35=authentication&c_prop36=site%3Ahome&c_eVar36=site%3Ahome&c_eVar41=large&c_prop44=anonymous%3Asign%20in&c_eVar47=anonymous&c_hier1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&c_hier2=%2Fbossss%2F
IP 52.50.220.58:0
File type ASCII text, with no line terminators
Hash 1eaf5424205a092f283c9fc214a65796
4d7c104d8d3c78cfeff9cbb7dc3e21573ab679f5
2950f33e876c58de0e80d95bf22e71926a7ba267b3d3725746b9306357f39086
GET /event?d_mid=67410887615165979293865241103609321257&d_nsid=1&d_ld=_ts%3D1670330743180&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_1_1670330743180&c_pageName=sign%20in&c_channel=sign%20in&c_events=event11&c_prop1=%2Fbossss%2F%2F%3Asign%20in&c_eVar1=%2Fbossss%2F%2F%3Asign%20in&c_prop4=sign%20in&c_prop7=my-xfinity&c_eVar7=my-xfinity&c_prop23=large&c_prop31=comcast&c_eVar31=sign%20in&c_prop32=cim&c_eVar32=cim&c_prop33=comcast%20net&c_eVar33=comcast%20net&c_prop34=comcast%20net%3Asign%20in&c_prop35=authentication&c_eVar35=authentication&c_prop36=site%3Ahome&c_eVar36=site%3Ahome&c_eVar41=large&c_prop44=anonymous%3Asign%20in&c_eVar47=anonymous&c_hier1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&c_hier2=%2Fbossss%2F HTTP/1.1
Host: comcastathena.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/javascript;charset=utf-8
DCS: dcs-prod-irl1-1-v045-02fc48b13.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=67035713861381161163832262454246651284; Max-Age=15552000; Expires=Sun, 04 Jun 2023 12:45:44 GMT; Path=/; Domain=.demdex.net
X-TID: KhKUd7tWSqQ=
Content-Length: 150
Connection: keep-alive
fast.comcastathena.demdex.net/dest5.html?d_nsid=undefined
23.33.119.10200 OK 2.8 kB URL HTTP/1.1 fast.comcastathena.demdex.net/dest5.html?d_nsid=undefined
IP 23.33.119.10:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash b8a1b21bd0651935d53a7bff0c2479d6
31527c952669b6d1d06c537eb50c9043f576e607
80888fb8b92d01d8dd990af664d273f6364b2917741b09911096099ce4eef1bd
GET /dest5.html?d_nsid=undefined HTTP/1.1
Host: fast.comcastathena.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/html
ETag: "2c9c2ee145ee280b85a217ad7045fae5:1580750826.437238"
Last-Modified: Mon, 03 Feb 2020 17:27:06 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=21600
Date: Tue, 06 Dec 2022 12:45:44 GMT
Content-Length: 2785
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
ocsp.comodoca.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash a7b496adbd3ad3cc22d50af273146305
3948927f98e2938fb38eb761eb834d20b848d048
7027399aeffa4204f19fd7744f3bdab382613096c0845adc60282b62801c064e
POST / HTTP/1.1
Host: ocsp.comodoca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:44 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 10:07:33 GMT
Expires: Mon, 12 Dec 2022 10:07:32 GMT
Etag: "3948927f98e2938fb38eb761eb834d20b848d048"
Cache-Control: max-age=602281,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77551ece7bd4fabc-OSL
login.comcast.net/static/images/global/favicon.ico
76.96.69.84200 OK 1.2 kB URL HTTP/1.1 login.comcast.net/static/images/global/favicon.ico
IP 76.96.69.84:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 8591b1e1977be23073d13751a5f203d0
3f549eff3cf641803992d8748202bf0775f4765e
a0307845ad0d4579ae6e7283a02b81403767295ab37cc0b144ac9d60772ebf97
GET /static/images/global/favicon.ico HTTP/1.1
Host: login.comcast.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cgltreeservices.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:44 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Last-Modified: Tue, 11 Jan 2022 16:05:32 GMT
Accept-Ranges: bytes
Content-Length: 1150
Keep-Alive: timeout=5, max=486
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon
www.facebook.com/impression.php/f26007447ef36be/?api_key=161991040493541&lid=115&payload=%7B%22source%22%3A%22jssdk%22%7D
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/impression.php/f26007447ef36be/?api_key=161991040493541&lid=115&payload=%7B%22source%22%3A%22jssdk%22%7D
IP 31.13.72.36:0
GET /impression.php/f26007447ef36be/?api_key=161991040493541&lid=115&payload=%7B%22source%22%3A%22jssdk%22%7D HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cgltreeservices.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
content-type: image/gif
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":3600,"failure_fraction":0.01}
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":3600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}],"group":"network-errors"}
strict-transport-security: max-age=15552000; preload
x-fb-debug: 6zGmi2jzidWhGLKkBRobegceT6SZNgLIDioi8zfONkVNTSumy2jxYbKxylcQAGtAp04mgdPnbUAZOgB70nqjZw==
date: Tue, 06 Dec 2022 12:45:43 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/jquery-1.js
108.167.141.129200 OK 0 B URL HTTP/1.1 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/jquery-1.js
IP 108.167.141.129:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /bossss/Sign%20in%20to%20XFINITY_files/jquery-1.js HTTP/1.1
Host: cgltreeservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 12:45:41 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: application/javascript