r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3d0727e32cd103ddd4b73f28c81758aa
197a7bf43d63723fc532c23c6dced68d5cc36652
d3f75d03561d6a47d19370292e821a86e58381466f0c69386a21175de55882ff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3F75D03561D6A47D19370292E821A86E58381466F0C69386A21175DE55882FF"
Last-Modified: Fri, 11 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10643
Expires: Sun, 13 Nov 2022 16:31:19 GMT
Date: Sun, 13 Nov 2022 13:33:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5076aaa9f4ccd602540286ce0590cb9a
bbf7936a8413a564478971d9e19beb6338cbc869
00e3b967c579b0ccf709b78d497a43d95646b16eb50925fef1e2694c58f290b2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "00E3B967C579B0CCF709B78D497A43D95646B16EB50925FEF1E2694C58F290B2"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4225
Expires: Sun, 13 Nov 2022 14:44:21 GMT
Date: Sun, 13 Nov 2022 13:33:56 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: NB6IHgnhcOuGyDNHhxBsvatCQ+8jHxjLCVQJA0fuixXDnSIrs7nf/Gnspo99BeJdlLJDS0nqj0E=
x-amz-request-id: 07KW0GNK1Q7HFYPT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 13 Nov 2022 13:13:26 GMT
age: 1230
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b1e969be0f3201087da138cbc8b89f10
d0a27f525f2b242b5dafa157f126c2ba880c8809
f7e5f39372b5adcc30c27e727eee1b19e6d13ed1b54fa1ad67235dc8ee08ac51
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5910
Cache-Control: max-age=167755
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:33:56 GMT
Etag: "6370c779-1d7"
Expires: Tue, 15 Nov 2022 12:09:51 GMT
Last-Modified: Sun, 13 Nov 2022 10:31:21 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 13 Nov 2022 12:44:20 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2976
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 13 Nov 2022 13:33:56 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash d6dcd32d23f1840e1ed591b30b098bb6
98defcbcd3ae6d45e12b7ed0a55d7d32da675289
f7a78d0502af553972a836a0deb4a0239a3506fcf962f23f58c73fbb84c2313b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:33:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
c0gt.com/randolph-common.js?matcher
198.211.100.39404 Not Found 315 B URL HTTP/1.1 c0gt.com/randolph-common.js?matcher
IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /randolph-common.js?matcher HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/rbfcu/login.php
HTTP/1.1 404 Not Found
Date: Sun, 13 Nov 2022 13:33:56 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Cache-Control, Retry-After, Content-Length, Expires, ETag, Pragma, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 13 Nov 2022 13:25:00 GMT
cache-control: public,max-age=3600
age: 536
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-5B5PGN
142.250.74.168200 OK 90 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5B5PGN
IP 142.250.74.168:0
File type Unicode text, UTF-8 text, with very long lines (44551)
Hash 8a720ddf584d5b00729a7d172d533fa7
4b8169051148b7f8ceb1158d2c7059c203a2a83b
78eb74c313a71852933ebfc989ee59716ab2bb54ac61d2e4701aa4b009854d05
GET /gtm.js?id=GTM-5B5PGN HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c0gt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 13 Nov 2022 13:33:56 GMT
expires: Sun, 13 Nov 2022 13:33:56 GMT
cache-control: private, max-age=900
last-modified: Sun, 13 Nov 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 89583
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
c0gt.com/randolph-common.js?async
198.211.100.39404 Not Found 315 B URL HTTP/1.1 c0gt.com/randolph-common.js?async
IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /randolph-common.js?async HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/rbfcu/login.php
HTTP/1.1 404 Not Found
Date: Sun, 13 Nov 2022 13:33:56 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
c0gt.com/randolph-common.js?cache
198.211.100.39404 Not Found 315 B URL HTTP/1.1 c0gt.com/randolph-common.js?cache
IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /randolph-common.js?cache HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/rbfcu/login.php
HTTP/1.1 404 Not Found
Date: Sun, 13 Nov 2022 13:33:56 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash d6dcd32d23f1840e1ed591b30b098bb6
98defcbcd3ae6d45e12b7ed0a55d7d32da675289
f7a78d0502af553972a836a0deb4a0239a3506fcf962f23f58c73fbb84c2313b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:33:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
c0gt.com/rbfcu/login.php
198.211.100.39200 OK 346 kB IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (424), with CRLF line terminators
Size 346 kB (346264 bytes)
Hash a47c00a8054b34d4916c1a3e13b5da8d
50c710732efc4ec8f1f06af1355c1a39b71333db
6c6293106597c9330d85d8fed7bcbbc4a36d2786c67616bae955199e04b54201
Analyzer Verdict Alert fortinet Phishing
GET /rbfcu/login.php HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 13 Nov 2022 13:33:56 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
cdn.appdynamics.com/adrum/adrum-latest.js
54.230.111.106200 OK 40 kB URL HTTP/1.1 cdn.appdynamics.com/adrum/adrum-latest.js
IP 54.230.111.106:0
File type ASCII text, with very long lines (644)
Hash cd86db0f552897dc33e8433d0cf9bad2
676df314ca85d1418ffb110f3979c31281da027d
fd30f76d2b4bebd4b4bd680793a8a993b46a15808c0cea0533e629fc2990889f
GET /adrum/adrum-latest.js HTTP/1.1
Host: cdn.appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 04 Nov 2022 06:21:09 GMT
Server: nginx/1.16.1
Last-Modified: Tue, 06 Sep 2022 21:05:13 GMT
ETag: W/"6317b609-1b2d9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Cache-Control: public, max-age=2678400, s-max-age=14400
timing-allow-origin: *
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: eeFmNaswrZyaJpKSxynrhrxyXk5ub1BFGkXrUy5UvWNLuPg4QP2MeA==
Age: 803567
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0a9a357f652868f9317812b8103ba15d
95a90c7a07b591dce7f39c6f9ab27974d1a1ed2a
16fd52c7ee6806455e724f30af8d58630a141a8a3823c48c20b5da3a71f066da
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5538
Cache-Control: max-age=162314
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:33:56 GMT
Etag: "6370b3ac-1d7"
Expires: Tue, 15 Nov 2022 10:39:10 GMT
Last-Modified: Sun, 13 Nov 2022 09:06:52 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7474aa190ac8925376cf97954a58f7bd
11d19916b6fff3688ac99ad6a51780856dddf6b2
8d76c61301a1b2a123ea87787d8363093f23243304c533bcdcfe0ee038aaed94
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2882
Cache-Control: max-age=131611
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:33:56 GMT
Etag: "6370461d-1d7"
Expires: Tue, 15 Nov 2022 02:07:27 GMT
Last-Modified: Sun, 13 Nov 2022 01:19:25 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash bc49d7a510846ce4c52fc2bcf19c591c
42189d9ddeba55c15da20ab02c8ccad4a8ad7ae2
86ce259086857d53f246aa21f8cb5dc2be85435601b687f727d3a5a2e38ec406
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:33:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 09e34f959d3013b2af3518d56b8c53e7
e612f651d8b2c01f88f0e744be414670e5515de1
dddd957b77e869966792ad4136361f5db4d6c7dba972634765ffcb81521541cc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4175
Cache-Control: max-age=98674
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:33:56 GMT
Etag: "636fc067-1d7"
Expires: Mon, 14 Nov 2022 16:58:30 GMT
Last-Modified: Sat, 12 Nov 2022 15:48:55 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
c0gt.com/rbfcu/vendor-scripts/additional.js
198.211.100.39404 Not Found 315 B URL HTTP/1.1 c0gt.com/rbfcu/vendor-scripts/additional.js
IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /rbfcu/vendor-scripts/additional.js HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/rbfcu/login.php
HTTP/1.1 404 Not Found
Date: Sun, 13 Nov 2022 13:33:56 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
c0gt.com/rbfcu/images/runtime.9d4ca3b7051e14c1983b.js
198.211.100.39404 Not Found 315 B URL HTTP/1.1 c0gt.com/rbfcu/images/runtime.9d4ca3b7051e14c1983b.js
IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /rbfcu/images/runtime.9d4ca3b7051e14c1983b.js HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/rbfcu/login.php
HTTP/1.1 404 Not Found
Date: Sun, 13 Nov 2022 13:33:56 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
c0gt.com/rbfcu/vendor-scripts/update-browser.js?vers=1
198.211.100.39404 Not Found 315 B URL HTTP/1.1 c0gt.com/rbfcu/vendor-scripts/update-browser.js?vers=1
IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
GET /rbfcu/vendor-scripts/update-browser.js?vers=1 HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/rbfcu/login.php
HTTP/1.1 404 Not Found
Date: Sun, 13 Nov 2022 13:33:56 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
c0gt.com/rbfcu/styles.68bf2cfc87e31757b71b.css
198.211.100.39404 Not Found 315 B URL HTTP/1.1 c0gt.com/rbfcu/styles.68bf2cfc87e31757b71b.css
IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
GET /rbfcu/styles.68bf2cfc87e31757b71b.css HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/rbfcu/login.php
HTTP/1.1 404 Not Found
Date: Sun, 13 Nov 2022 13:33:56 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash bc49d7a510846ce4c52fc2bcf19c591c
42189d9ddeba55c15da20ab02c8ccad4a8ad7ae2
86ce259086857d53f246aa21f8cb5dc2be85435601b687f727d3a5a2e38ec406
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:33:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
maps.googleapis.com/maps-api-v3/api/js/49/6/intl/fr_ALL/common.js
142.250.74.170200 OK 69 kB URL HTTP/2 maps.googleapis.com/maps-api-v3/api/js/49/6/intl/fr_ALL/common.js
IP 142.250.74.170:0
File type ASCII text, with very long lines (550)
Hash c704baaff1fa530a276a9ca0bc36aa08
bbec01a66b1a1e80b98ab9db021066cc00167c86
4c4f0f25e696538829debd79826beac49bb90959b2339f0645fdb7aee6afd627
GET /maps-api-v3/api/js/49/6/intl/fr_ALL/common.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c0gt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 68766
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 13 Nov 2022 13:02:16 GMT
expires: Mon, 13 Nov 2023 13:02:16 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 21 Jun 2022 18:11:35 GMT
content-type: text/javascript
age: 1900
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash bc49d7a510846ce4c52fc2bcf19c591c
42189d9ddeba55c15da20ab02c8ccad4a8ad7ae2
86ce259086857d53f246aa21f8cb5dc2be85435601b687f727d3a5a2e38ec406
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:33:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
maps.googleapis.com/maps/api/js?libraries=places&key=AIzaSyC2AdLpShQk1DnoA0NHjCvvZQUevNDYHlQ
142.250.74.170200 OK 56 kB URL HTTP/2 maps.googleapis.com/maps/api/js?libraries=places&key=AIzaSyC2AdLpShQk1DnoA0NHjCvvZQUevNDYHlQ
IP 142.250.74.170:0
File type ASCII text, with very long lines (2464)
Hash e51ea8be8118908cde1f6470a7d8f377
90b2c96074cd7d3d82e97847ffa272453f60263e
e8fc71d222650eeefd1b376bc672e44e949145e93d56c4034fca86cd005f7130
GET /maps/api/js?libraries=places&key=AIzaSyC2AdLpShQk1DnoA0NHjCvvZQUevNDYHlQ HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c0gt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
date: Sun, 13 Nov 2022 13:33:56 GMT
expires: Sun, 13 Nov 2022 14:03:56 GMT
cache-control: public, max-age=1800
vary: Accept-Language
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-encoding: gzip
server: mafe
content-length: 55543
x-xss-protection: 0
x-frame-options: SAMEORIGIN
server-timing: gfet4t7; dur=22
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash bc49d7a510846ce4c52fc2bcf19c591c
42189d9ddeba55c15da20ab02c8ccad4a8ad7ae2
86ce259086857d53f246aa21f8cb5dc2be85435601b687f727d3a5a2e38ec406
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:33:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash bc49d7a510846ce4c52fc2bcf19c591c
42189d9ddeba55c15da20ab02c8ccad4a8ad7ae2
86ce259086857d53f246aa21f8cb5dc2be85435601b687f727d3a5a2e38ec406
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:33:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
c0gt.com/rbfcu/images/polyfills.8817abd40f028960e8fd.js
198.211.100.39404 Not Found 315 B URL HTTP/1.1 c0gt.com/rbfcu/images/polyfills.8817abd40f028960e8fd.js
IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /rbfcu/images/polyfills.8817abd40f028960e8fd.js HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/rbfcu/login.php
HTTP/1.1 404 Not Found
Date: Sun, 13 Nov 2022 13:33:56 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
c0gt.com/rbfcu/images/scripts.8bd4377bc7fbc2f4bdbc.js
198.211.100.39404 Not Found 315 B URL HTTP/1.1 c0gt.com/rbfcu/images/scripts.8bd4377bc7fbc2f4bdbc.js
IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /rbfcu/images/scripts.8bd4377bc7fbc2f4bdbc.js HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/rbfcu/login.php
HTTP/1.1 404 Not Found
Date: Sun, 13 Nov 2022 13:33:56 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 0b33790131352e4338449c8802f5afb8
701decd98f4cb435d14266a0401e7daa2e85fbf4
ce99fbdcc954cadd06053f3ed2b85964ac232272a01081a1d82d310d0fdd0018
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=150823
Date: Sun, 13 Nov 2022 13:33:56 GMT
Etag: "63709366-1d7"
Expires: Tue, 15 Nov 2022 07:27:39 GMT
Last-Modified: Sun, 13 Nov 2022 06:49:10 GMT
Server: ECS (dcb/7F81)
X-Cache: Miss from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: uKyrEfR0Qdc1zaCx-0__syykxvET_Jovn4HI_6oEjoEM0eTAeEzbSg==
Age: 2309
c0gt.com/rbfcu/images/main.5c0bee6a0a555059e0ae.js
198.211.100.39404 Not Found 315 B URL HTTP/1.1 c0gt.com/rbfcu/images/main.5c0bee6a0a555059e0ae.js
IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /rbfcu/images/main.5c0bee6a0a555059e0ae.js HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/rbfcu/login.php
HTTP/1.1 404 Not Found
Date: Sun, 13 Nov 2022 13:33:56 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
cdn.segmint.net/segmint.min.js
54.230.111.99200 OK 16 kB URL HTTP/1.1 cdn.segmint.net/segmint.min.js
IP 54.230.111.99:0
File type ASCII text, with very long lines (15549), with no line terminators
Hash bb68f3a9974d3f6b01beaa828d97ccbc
c3bf75a47a05369df9ff0cad756e15f143aa4000
7fdb8afc727d7ffe7284ffa9c67f54a419c5c05317cb4d7602651cd703f2f154
GET /segmint.min.js HTTP/1.1
Host: cdn.segmint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c0gt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 15549
Connection: keep-alive
Date: Sun, 13 Nov 2022 04:36:27 GMT
Last-Modified: Thu, 03 Mar 2022 11:36:09 GMT
ETag: "bb68f3a9974d3f6b01beaa828d97ccbc"
Cache-Control: max-age:900
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: G1l2UZavvUELz2aSLOlSItY7-v9a6anTNitS5XA--dQwZMTn7MwRgA==
Age: 32251
push.services.mozilla.com/
54.186.209.73101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.186.209.73:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: y88s41IjWs4aRkOB2iEqYQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: V1xEGWIC8suSK996Wm6TTQ/nB14=
rbfcu.org/ResourcePackages/chat/plugin/olb/chat-bundle.js?v=1655999950684
107.162.179.221301 Moved Permanently 23 B URL HTTP/1.1 rbfcu.org/ResourcePackages/chat/plugin/olb/chat-bundle.js?v=1655999950684
IP 107.162.179.221:0
Hash a19aeef3f17fc180df7c905b652a27c0
3402e9d127a3f61ec8bd982778e6d2ae1ecff3ee
1b693620bb3c4ab97c52c6a5dd409b43f12a0f03b2dc31ac4e34759c27b6bc4e
GET /ResourcePackages/chat/plugin/olb/chat-bundle.js?v=1655999950684 HTTP/1.1
Host: rbfcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c0gt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Location: https://www.rbfcu.org/ResourcePackages/chat/plugin/olb/chat-bundle.js?v=1655999950684
Strict-Transport-Security: max-age=31536000
Set-Cookie: PersistanceCookie=!VSn7gZ+wcPhwu4AfAlrt/gAymWxGa9xSny0dy4ky7tCDf18i2TYlWLLwT71aGhxCbEOwVtfZ2ewKuqc=; path=/; Httponly; Secure
Via: 1.1 dca1-bit7011
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 23
Connection: Keep-Alive
rbfcu.org/ResourcePackages/chat/css/olb/chat-bundle.css?v=1655999950685
107.162.179.221301 Moved Permanently 20 B URL HTTP/1.1 rbfcu.org/ResourcePackages/chat/css/olb/chat-bundle.css?v=1655999950685
IP 107.162.179.221:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /ResourcePackages/chat/css/olb/chat-bundle.css?v=1655999950685 HTTP/1.1
Host: rbfcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c0gt.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Location: https://www.rbfcu.org/ResourcePackages/chat/css/olb/chat-bundle.css?v=1655999950685
Strict-Transport-Security: max-age=31536000
Set-Cookie: PersistanceCookie=!Mp84xiCioSF4e3HhrnwYohVdbB9C8xAhruP+hOTqgxijYsYJldamSUOLGbpDHmjQvdUlQDVYk8fy1Fo=; path=/; Httponly; Secure
Via: 1.1 dca1-bit13027
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 20
Connection: Keep-Alive
www.rbfcu.org/tp/trustev.min.js
107.162.179.221200 OK 10 kB URL HTTP/1.1 www.rbfcu.org/tp/trustev.min.js
IP 107.162.179.221:0
File type ASCII text, with very long lines (35386), with no line terminators
Hash bcae06b2c6f605d58163d4d64e28bf38
1df935c19be93c8d7fe2317e3549fc5d4a679052
489bb28550572a95ec05e2a010ee1384923f1f25e39e2c7f78263f22ad3e1bc7
GET /tp/trustev.min.js HTTP/1.1
Host: www.rbfcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c0gt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 476618
Content-MD5: OFhEminLbkyWdOZ2y0OACw==
Content-Type: application/javascript
Date: Sun, 13 Nov 2022 13:33:57 GMT
Etag: "0x8D93D40CF976310"
Last-Modified: Fri, 02 Jul 2021 10:04:41 GMT
X-Cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: a6b4e3c8-401e-005e-4e0e-f3f3da000000
x-ms-version: 2014-02-14
Content-Length: 10524
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
serverID: ECAcc (dac/9C33)
Strict-Transport-Security: max-age=31536000
Set-Cookie: PersistanceCookie=!jNDZjqhFtkLeXMIfAlrt/gAymWxGa+x+/sqAlVj6YqeaQc2gAa87xZxHJ6GnkHKEzuPD+cvo6LDB9LE=; path=/; Httponly; Secure
Via: 1.1 dca1-bit7011
Vary: Accept-Encoding
Content-Encoding: gzip
Connection: Keep-Alive
www.rbfcu.org/ResourcePackages/chat/css/olb/chat-bundle.css?v=1655999950685
107.162.179.221200 OK 244 B URL HTTP/1.1 www.rbfcu.org/ResourcePackages/chat/css/olb/chat-bundle.css?v=1655999950685
IP 107.162.179.221:0
File type ASCII text, with CRLF line terminators
Hash a24fa1c1d5c6efd16b1db0ca174f8e38
c6e3bc30ec1d7f7438b95dc3df19f55148274f6f
35145df64e98e4d82bc8f2c89dac342e21ca59350bfd3a610a34c4a517cc1515
GET /ResourcePackages/chat/css/olb/chat-bundle.css?v=1655999950685 HTTP/1.1
Host: www.rbfcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://c0gt.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Age: 3534
Date: Sun, 13 Nov 2022 12:35:03 GMT
Cache-Control: max-age=2678400
Connection: Keep-Alive
Via: NS-CACHE-10.0: 111, 1.1 dca1-bit7011
ETag: "b045e0f92753d81:0"
Content-Type: text/css
Last-Modified: Mon, 18 Apr 2022 13:26:56 GMT
Accept-Ranges: bytes
SystemID: AU-01
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 929d046b7cbed155022099e982ba0592
18ff58f5b4d98748552d6604bdcba9c57eb8f412
3c70c27c11afeaea96e782a0e7b7ae9c2f3ed35c94673fcd4361cb7406b078a9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C70C27C11AFEAEA96E782A0E7B7AE9C2F3ED35C94673FCD4361CB7406B078A9"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3915
Expires: Sun, 13 Nov 2022 14:39:13 GMT
Date: Sun, 13 Nov 2022 13:33:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 929d046b7cbed155022099e982ba0592
18ff58f5b4d98748552d6604bdcba9c57eb8f412
3c70c27c11afeaea96e782a0e7b7ae9c2f3ed35c94673fcd4361cb7406b078a9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C70C27C11AFEAEA96E782A0E7B7AE9C2F3ED35C94673FCD4361CB7406B078A9"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3915
Expires: Sun, 13 Nov 2022 14:39:13 GMT
Date: Sun, 13 Nov 2022 13:33:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 929d046b7cbed155022099e982ba0592
18ff58f5b4d98748552d6604bdcba9c57eb8f412
3c70c27c11afeaea96e782a0e7b7ae9c2f3ed35c94673fcd4361cb7406b078a9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C70C27C11AFEAEA96E782A0E7B7AE9C2F3ED35C94673FCD4361CB7406B078A9"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3915
Expires: Sun, 13 Nov 2022 14:39:13 GMT
Date: Sun, 13 Nov 2022 13:33:58 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cd5bdc050716bb76afe8090fc81617e7
5109c156b180727767fc03c411190ccc0d3fb5fc
9b13e7838946c6654dda17886c2ca8d42de934acb93f4bddb1008dfa1bd1ea99
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11715
x-amzn-requestid: 20e508bd-6568-4225-9bee-c683a49d44f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhUHkpIAMFfJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-7dc726b94a37fc667e2e6646;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ZLWa-RphwZqiAmeqffmEE8Mmfsfs9ZYz0bmANBEc5Ru1--VKDL4Fsw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Sat, 12 Nov 2022 21:45:55 GMT
age: 56883
etag: "5109c156b180727767fc03c411190ccc0d3fb5fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80441337-327d-4d34-9fe8-53269c39ac18.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80441337-327d-4d34-9fe8-53269c39ac18.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26249508ef18eac51cf62cf6e90339a4
a9922959c532dd26f21bda4f74ee1fa8496e862e
25075ef6337bae8e60412cdca98afbae6aca61d889aadce4cbad4a8522f4c4b1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80441337-327d-4d34-9fe8-53269c39ac18.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7867
x-amzn-requestid: e05d4978-6f46-4395-8121-4d969a222328
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bgfLqFWIoAMF01A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6370124a-4033150d0180e56e2965e26e;Sampled=0
x-amzn-remapped-date: Sat, 12 Nov 2022 21:38:18 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: YDkJ7OIcS3FiDPufRTj5VtL5CMxbNN2o2Zq50QQ9UNeDw4uE4j3jrw==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Sat, 12 Nov 2022 21:54:29 GMT
age: 56369
etag: "a9922959c532dd26f21bda4f74ee1fa8496e862e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25a71d85-6d34-4bb8-8293-97875c72aa74.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25a71d85-6d34-4bb8-8293-97875c72aa74.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 221170365ec0ab6bb773472933bccb4e
2f8d80c36b9d52bbca60ddc946176b8bca2f05f5
c1fedf00b8a0defa4fada242cf3e28c90937bf5f1c10145aebb3494c5a0b5066
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25a71d85-6d34-4bb8-8293-97875c72aa74.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9540
x-amzn-requestid: 69c339ec-ac3c-49a4-8029-01d21a7f50b2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: be3itHj1oAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636f6c77-79d478af722a4ecf50a381a9;Sampled=0
x-amzn-remapped-date: Sat, 12 Nov 2022 09:50:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: uxbx0xudJDX6_72_MTyyW6R2FXmdfV_5APgpZhqG-6QIeE_yPdGxSg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 12 Nov 2022 22:05:19 GMT
age: 55719
etag: "2f8d80c36b9d52bbca60ddc946176b8bca2f05f5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2942789-3784-432b-a380-73951d12767a.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2942789-3784-432b-a380-73951d12767a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 93d4c9b75e8e21151056247b8a76e1d5
98eebc284e7a7817cc3397a40defaf7f2cc2f9af
621a65a13db5f93806e90094ca71a82eb586f383950278a0cbed3dba2a8fb9f6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2942789-3784-432b-a380-73951d12767a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8582
x-amzn-requestid: e82ca80b-e945-4c56-a8f8-0c139aae8e86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bgfLqEh8IAMFeSw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6370124a-400c01252ab480d9366a9410;Sampled=0
x-amzn-remapped-date: Sat, 12 Nov 2022 21:38:18 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: XhzX6HVmgnoesOaTa40kRgxZziVaT8odcVPIPfVT9Fa7zj0DoG5XBQ==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Sat, 12 Nov 2022 21:58:03 GMT
age: 56155
etag: "98eebc284e7a7817cc3397a40defaf7f2cc2f9af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f5427e2-3528-4845-9f17-27540185ac8c.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f5427e2-3528-4845-9f17-27540185ac8c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 715c6a18c1af63c346ae193038dd3892
c47f502cac855b004d351eea75c5eb93d98d9b0b
ab59d34f794e8fe8fae82e3a93140e0f887a40cfb24150008a904ca22f1995b8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f5427e2-3528-4845-9f17-27540185ac8c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5366
x-amzn-requestid: 7d1ce6f4-2b63-402c-aa1e-5b13b1fecee6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bEI_FFkEoAMFa2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364bb93-19aa790f7dfd22b37ea89277;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 07:13:23 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: A6bUyiuS9O5z_Kciz_KH8w-pqCSYUkGvsRNzbrDBTfrh90JnFrOlew==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 12 Nov 2022 22:00:03 GMT
age: 56035
etag: "c47f502cac855b004d351eea75c5eb93d98d9b0b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bfc69f5-02e2-48e4-a7f8-345ee02dd656.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bfc69f5-02e2-48e4-a7f8-345ee02dd656.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4f181df0e475c123b46f016d3c0bbaa5
399ce32b1fdcdef9061bddb840663f35e39b919a
ed9ba753f718903cd997c027f58b63f41e32107367b22b03f964d7eecdf9ba16
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bfc69f5-02e2-48e4-a7f8-345ee02dd656.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11187
x-amzn-requestid: 475229e1-bbb5-43a0-8733-1140a99b6b6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bEIaqFFrIAMF7KA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364baaa-4261a60e57ae0c4d7a62e5e9;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 07:09:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8JN1YNJmiZpeJsUVH5sQhYw2rZbvvzxVrt2IgDxHro9z3CfcFeVCGg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Sun, 13 Nov 2022 06:02:58 GMT
age: 27060
etag: "399ce32b1fdcdef9061bddb840663f35e39b919a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.rbfcu.org/ResourcePackages/chat/plugin/olb/chat-bundle.js?v=1655999950684
107.162.179.221200 OK 460 kB URL HTTP/1.1 www.rbfcu.org/ResourcePackages/chat/plugin/olb/chat-bundle.js?v=1655999950684
IP 107.162.179.221:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 460 kB (460231 bytes)
Hash 304d0e0f232b1d1d39df127bccdf129a
a23badb72590f974079a9dbe054f88e1ea6dd793
6afa8e67b70448ea6d8ef67b2895351df5ef9a95e1f23c2ca95cdf3fa276cb54
GET /ResourcePackages/chat/plugin/olb/chat-bundle.js?v=1655999950684 HTTP/1.1
Host: www.rbfcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://c0gt.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2678400
Content-Type: application/javascript
Last-Modified: Wed, 13 Apr 2022 21:19:19 GMT
Accept-Ranges: bytes
ETag: "8aa77b237c4fd81:0"
SystemID: AU-01
Date: Sun, 13 Nov 2022 13:33:57 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Set-Cookie: PersistanceCookie=!3LMHQaEBV06/UK4fAlrt/gAymWxGa+EfhEFZtTEeSnFi2vkcM9JFivCdQ1QLd2YqIbeEl8VYlVpVg+4=; path=/; Httponly; Secure
Via: 1.1 dca1-bit7011
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
c0gt.com/rbfcu/images/rbfcu-logo.svg
198.211.100.39200 OK 5.4 kB URL HTTP/1.1 c0gt.com/rbfcu/images/rbfcu-logo.svg
IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (5383), with no line terminators
Hash 2d436455d162d3e00f0ca92055cef754
5b64a30fd987d469bd818fc8ed6a4ed89b873d02
09092e11153b90955b14c6dcad28c3e2902b035f6b12ac85e24a693e5c97c884
Analyzer Verdict Alert fortinet Phishing
GET /rbfcu/images/rbfcu-logo.svg HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/rbfcu/login.php
HTTP/1.1 200 OK
Date: Sun, 13 Nov 2022 13:33:58 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 22:22:44 GMT
Accept-Ranges: bytes
Content-Length: 5383
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml
c0gt.com/rbfcu/images/EHL-logo-gray.svg
198.211.100.39200 OK 1.6 kB URL HTTP/1.1 c0gt.com/rbfcu/images/EHL-logo-gray.svg
IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (364)
Hash 4c3e76f3539f8138ce127058adda3f16
3d24cf4b8ac04557b1cb49ba5200e06513bc5136
8113eb956366da6d18ed13faa5cc8e9a459c09cdcf41c2619c80828d4ac2b152
Analyzer Verdict Alert fortinet Phishing
GET /rbfcu/images/EHL-logo-gray.svg HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/rbfcu/login.php
HTTP/1.1 200 OK
Date: Sun, 13 Nov 2022 13:33:58 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 22:22:58 GMT
Accept-Ranges: bytes
Content-Length: 1613
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml
c0gt.com/rbfcu/images/NCUA-logo-gray.svg
198.211.100.39200 OK 105 kB URL HTTP/1.1 c0gt.com/rbfcu/images/NCUA-logo-gray.svg
IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1230)
Size 105 kB (104580 bytes)
Hash 0cea5f835834b0242132d38350ccba3b
15b2b81ab5910276eeec3a96b2089b67110666b4
3dff3ca4b7e7bdeb6a9ee2c92c7141a270ab5f2373304299a99339ef96454759
Analyzer Verdict Alert fortinet Phishing
GET /rbfcu/images/NCUA-logo-gray.svg HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/rbfcu/login.php
HTTP/1.1 200 OK
Date: Sun, 13 Nov 2022 13:33:58 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 22:22:54 GMT
Accept-Ranges: bytes
Content-Length: 104580
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/svg+xml
c0gt.com/randolph-common.js?matcher
198.211.100.39404 Not Found 315 B URL HTTP/1.1 c0gt.com/randolph-common.js?matcher
IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /randolph-common.js?matcher HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/rbfcu/login.php
HTTP/1.1 404 Not Found
Date: Sun, 13 Nov 2022 13:33:59 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
c0gt.com/randolph-common.js?cache
198.211.100.39404 Not Found 315 B URL HTTP/1.1 c0gt.com/randolph-common.js?cache
IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /randolph-common.js?cache HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/rbfcu/login.php
HTTP/1.1 404 Not Found
Date: Sun, 13 Nov 2022 13:33:59 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
c0gt.com/randolph-common.js?async
198.211.100.39404 Not Found 315 B URL HTTP/1.1 c0gt.com/randolph-common.js?async
IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /randolph-common.js?async HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/rbfcu/login.php
HTTP/1.1 404 Not Found
Date: Sun, 13 Nov 2022 13:33:59 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
c0gt.com/rbfcu/vendor-scripts/additional.js
198.211.100.39404 Not Found 315 B URL HTTP/1.1 c0gt.com/rbfcu/vendor-scripts/additional.js
IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /rbfcu/vendor-scripts/additional.js HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/rbfcu/login.php
HTTP/1.1 404 Not Found
Date: Sun, 13 Nov 2022 13:33:59 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
c0gt.com/rbfcu/styles.68bf2cfc87e31757b71b.css
198.211.100.39404 Not Found 315 B URL HTTP/1.1 c0gt.com/rbfcu/styles.68bf2cfc87e31757b71b.css
IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
GET /rbfcu/styles.68bf2cfc87e31757b71b.css HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/rbfcu/login.php
HTTP/1.1 404 Not Found
Date: Sun, 13 Nov 2022 13:33:59 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
c0gt.com/rbfcu/vendor-scripts/update-browser.js?vers=1
198.211.100.39404 Not Found 315 B URL HTTP/1.1 c0gt.com/rbfcu/vendor-scripts/update-browser.js?vers=1
IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
GET /rbfcu/vendor-scripts/update-browser.js?vers=1 HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/rbfcu/login.php
HTTP/1.1 404 Not Found
Date: Sun, 13 Nov 2022 13:33:59 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 3723d23fdcd3f3d34132d56faae4428b
4bf9c6e15b8de24fc7387ce145382f9b3e9cb1c8
4bc047ec725bd4d99c9dd4fa11edc91702f722d16e53b5eef0920cb5dc7e7ca8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:33:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 3723d23fdcd3f3d34132d56faae4428b
4bf9c6e15b8de24fc7387ce145382f9b3e9cb1c8
4bc047ec725bd4d99c9dd4fa11edc91702f722d16e53b5eef0920cb5dc7e7ca8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:33:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
c0gt.com/rbfcu/images/runtime.9d4ca3b7051e14c1983b.js
198.211.100.39404 Not Found 315 B URL HTTP/1.1 c0gt.com/rbfcu/images/runtime.9d4ca3b7051e14c1983b.js
IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /rbfcu/images/runtime.9d4ca3b7051e14c1983b.js HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/rbfcu/login.php
HTTP/1.1 404 Not Found
Date: Sun, 13 Nov 2022 13:33:59 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
c0gt.com/rbfcu/images/main.5c0bee6a0a555059e0ae.js
198.211.100.39404 Not Found 315 B URL HTTP/1.1 c0gt.com/rbfcu/images/main.5c0bee6a0a555059e0ae.js
IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /rbfcu/images/main.5c0bee6a0a555059e0ae.js HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/rbfcu/login.php
HTTP/1.1 404 Not Found
Date: Sun, 13 Nov 2022 13:33:59 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://c0gt.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 09 Nov 2022 19:34:08 GMT
expires: Thu, 09 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 323991
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
c0gt.com/rbfcu/images/polyfills.8817abd40f028960e8fd.js
198.211.100.39404 Not Found 315 B URL HTTP/1.1 c0gt.com/rbfcu/images/polyfills.8817abd40f028960e8fd.js
IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /rbfcu/images/polyfills.8817abd40f028960e8fd.js HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/rbfcu/login.php
HTTP/1.1 404 Not Found
Date: Sun, 13 Nov 2022 13:33:59 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
c0gt.com/rbfcu/images/scripts.8bd4377bc7fbc2f4bdbc.js
198.211.100.39404 Not Found 315 B URL HTTP/1.1 c0gt.com/rbfcu/images/scripts.8bd4377bc7fbc2f4bdbc.js
IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /rbfcu/images/scripts.8bd4377bc7fbc2f4bdbc.js HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/rbfcu/login.php
HTTP/1.1 404 Not Found
Date: Sun, 13 Nov 2022 13:33:59 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://c0gt.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 09 Nov 2022 14:07:32 GMT
expires: Thu, 09 Nov 2023 14:07:32 GMT
cache-control: public, max-age=31536000
age: 343587
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
c0gt.com/rbfcu/images/white-phone-header.4a066fd87a48426d8cf5.svg
198.211.100.39200 OK 1.7 kB URL HTTP/1.1 c0gt.com/rbfcu/images/white-phone-header.4a066fd87a48426d8cf5.svg
IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (845)
Hash 4a066fd87a48426d8cf5d81f2f1e7622
bc25e0aaa78aa736100d278b1a4beb5fa46db78b
2c0b8abef50020a91c0b8f07a8478c65eea5bd77446467b9a44ae1b1d98828b7
Analyzer Verdict Alert fortinet Phishing
GET /rbfcu/images/white-phone-header.4a066fd87a48426d8cf5.svg HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/rbfcu/login.php
HTTP/1.1 200 OK
Date: Sun, 13 Nov 2022 13:33:59 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 22:22:38 GMT
Accept-Ranges: bytes
Content-Length: 1653
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 3723d23fdcd3f3d34132d56faae4428b
4bf9c6e15b8de24fc7387ce145382f9b3e9cb1c8
4bc047ec725bd4d99c9dd4fa11edc91702f722d16e53b5eef0920cb5dc7e7ca8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:33:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.segmint.net/9c5f6414-c968-4bd7-a81b-b661f66a7000.json
54.230.111.99200 OK 0 B URL HTTP/1.1 cdn.segmint.net/9c5f6414-c968-4bd7-a81b-b661f66a7000.json
IP 54.230.111.99:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /9c5f6414-c968-4bd7-a81b-b661f66a7000.json HTTP/1.1
Host: cdn.segmint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://c0gt.com/
Origin: http://c0gt.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Length: 0
Connection: keep-alive
Date: Sun, 13 Nov 2022 13:34:01 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: PUT, POST, DELETE, GET
Access-Control-Allow-Headers: content-type
Access-Control-Max-Age: 3000
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: LkkSM9mcY-0Zsqma7VIyYiz0tDKFvsxshhNAP4NblTt1h747QGesrQ==
snap.licdn.com/li.lms-analytics/insight.min.js
23.36.76.121200 OK 4.5 kB URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.min.js
IP 23.36.76.121:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (12826)
Hash 806d185619a4ef5951ab91810117e4ba
f40031c0ea5718f6d9a0a35e8ca60262daedc440
06489a801966cb9e7b467aed4edb63aa10bc2e588d259054ef696ade54e4b19f
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c0gt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 09 Nov 2022 19:27:04 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=73334
date: Sun, 13 Nov 2022 13:34:00 GMT
content-length: 4530
x-cdn: AKAM
X-Firefox-Spdy: h2
cdn.appdynamics.com/adrum-xd.ebf1620b3b847dfbf76f6e109dcacd8e.html
54.230.111.106200 OK 21 kB URL HTTP/2 cdn.appdynamics.com/adrum-xd.ebf1620b3b847dfbf76f6e109dcacd8e.html
IP 54.230.111.106:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1325)
Hash 35e6d393f4a0b19b763e29b83b5b2ee3
1de3084003c05eb4927df4ad7657eda349a336af
393bd60aec49eaa757296e378f03d09c2764c676d4b9272f0edc3582d6c6db4c
GET /adrum-xd.ebf1620b3b847dfbf76f6e109dcacd8e.html HTTP/1.1
Host: cdn.appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c0gt.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
date: Sat, 29 Oct 2022 10:23:02 GMT
server: nginx/1.16.1
last-modified: Fri, 15 Apr 2022 21:40:36 GMT
etag: W/"6259e654-77c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cache-control: public, max-age=2678400, s-max-age=14400
timing-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MUOtn_nN07cGoZOsoGaIISSJxeo5i_TZWs5mnx-Drqhf1SdbX0bzww==
age: 1307457
X-Firefox-Spdy: h2
bat.bing.com/bat.js
13.107.21.200200 OK 11 kB IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (39007), with no line terminators
Hash 22e2e3226eb5ada04929a2e43307eeda
04615fa88f80567974bdeb0f103ca5909746ebd7
41feebdfb0b03cd7fee2eb886adef6f3f1f85d3f14215e9a388d2a50e42efb9b
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/
HTTP/1.1 200 OK
Cache-Control: private,max-age=1800
Content-Length: 11421
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 09 Nov 2022 21:23:50 GMT
Accept-Ranges: bytes
ETag: "077538f81f4d81:0"
Vary: Accept-Encoding
Set-Cookie: MUID=2303421BC0526D7639D65040C1056C5B; domain=.bing.com; expires=Fri, 08-Dec-2023 13:34:00 GMT; path=/; SameSite=None; Secure; Priority=High;
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 2684BF1C8FB948D8B5B46235FA40CA47 Ref B: OSL30EDGE0311 Ref C: 2022-11-13T13:34:00Z
Date: Sun, 13 Nov 2022 13:34:00 GMT
cdn.linkedin.oribi.io/partner/2367698/domain/c0gt.com/token
54.230.111.112200 OK 0 B URL HTTP/2 cdn.linkedin.oribi.io/partner/2367698/domain/c0gt.com/token
IP 54.230.111.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /partner/2367698/domain/c0gt.com/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://c0gt.com/
Origin: http://c0gt.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 0
date: Sat, 12 Nov 2022 16:53:42 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: content-type
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
x-cache: Hit from cloudfront
via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Kec1CtZUEtoAi12WK9VSje_KqcJYzzyaf3GSzrifMv5NWDb2q9xwmg==
age: 74418
X-Firefox-Spdy: h2
cdn.linkedin.oribi.io/partner/2367698/domain/c0gt.com/token
54.230.111.112200 OK 0 B URL HTTP/2 cdn.linkedin.oribi.io/partner/2367698/domain/c0gt.com/token
IP 54.230.111.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /partner/2367698/domain/c0gt.com/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://c0gt.com/
Origin: http://c0gt.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 0
date: Sat, 12 Nov 2022 16:53:42 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: content-type
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
x-cache: Hit from cloudfront
via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: KOmgONSHY7_n1OW6g7ypasje0Kl1EpLOW2jv7xrEp47qoebHPB5-yQ==
age: 74418
X-Firefox-Spdy: h2
c0gt.com/rbfcu/images/favicon/favicon.ico
198.211.100.39404 Not Found 315 B URL HTTP/1.1 c0gt.com/rbfcu/images/favicon/favicon.ico
IP 198.211.100.39:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
GET /rbfcu/images/favicon/favicon.ico HTTP/1.1
Host: c0gt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/rbfcu/login.php
HTTP/1.1 404 Not Found
Date: Sun, 13 Nov 2022 13:34:00 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
www.google-analytics.com/j/collect?v=1&_v=j98&a=2098956231&t=pageview&_s=1&dl=http%3A%2F%2Fc0gt.com%2Frbfcu%2Flogin.php&ul=en-us&de=UTF-8&dt=RBFCU%20-%20Sign%20In&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAEABAAAAACAAI~&jid=1332247997&gjid=1857614703&cid=929090241.1668346439&tid=UA-6286893-1&_gid=1085712032.1668346439&_r=1>m=2wgb905B5PGN&cd4=GTM-5B5PGN%20-%2043&cd5=&cd6=&cd7=c0gt.com%2Frbfcu%2Flogin.php&z=1131142769
142.250.74.174200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&a=2098956231&t=pageview&_s=1&dl=http%3A%2F%2Fc0gt.com%2Frbfcu%2Flogin.php&ul=en-us&de=UTF-8&dt=RBFCU%20-%20Sign%20In&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAEABAAAAACAAI~&jid=1332247997&gjid=1857614703&cid=929090241.1668346439&tid=UA-6286893-1&_gid=1085712032.1668346439&_r=1>m=2wgb905B5PGN&cd4=GTM-5B5PGN%20-%2043&cd5=&cd6=&cd7=c0gt.com%2Frbfcu%2Flogin.php&z=1131142769
IP 142.250.74.174:0
File type ASCII text, with no line terminators
Hash cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
POST /j/collect?v=1&_v=j98&a=2098956231&t=pageview&_s=1&dl=http%3A%2F%2Fc0gt.com%2Frbfcu%2Flogin.php&ul=en-us&de=UTF-8&dt=RBFCU%20-%20Sign%20In&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAEABAAAAACAAI~&jid=1332247997&gjid=1857614703&cid=929090241.1668346439&tid=UA-6286893-1&_gid=1085712032.1668346439&_r=1>m=2wgb905B5PGN&cd4=GTM-5B5PGN%20-%2043&cd5=&cd6=&cd7=c0gt.com%2Frbfcu%2Flogin.php&z=1131142769 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://c0gt.com
Connection: keep-alive
Referer: http://c0gt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: http://c0gt.com
date: Sun, 13 Nov 2022 13:34:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bat.bing.com/action/0?ti=4031169&Ver=2&mid=cb5d9094-569b-4b72-beb1-80cf1285b09d&sid=d419aa60635711edb76111f1ae3f3b66&vid=d419b600635711edb8ef813b85fba8c6&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=RBFCU%20-%20Sign%20In&p=http%3A%2F%2Fc0gt.com%2Frbfcu%2Flogin.php&r=<=4186&evt=pageLoad&sv=1&rn=131006
13.107.21.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=4031169&Ver=2&mid=cb5d9094-569b-4b72-beb1-80cf1285b09d&sid=d419aa60635711edb76111f1ae3f3b66&vid=d419b600635711edb8ef813b85fba8c6&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=RBFCU%20-%20Sign%20In&p=http%3A%2F%2Fc0gt.com%2Frbfcu%2Flogin.php&r=<=4186&evt=pageLoad&sv=1&rn=131006
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=4031169&Ver=2&mid=cb5d9094-569b-4b72-beb1-80cf1285b09d&sid=d419aa60635711edb76111f1ae3f3b66&vid=d419b600635711edb8ef813b85fba8c6&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=RBFCU%20-%20Sign%20In&p=http%3A%2F%2Fc0gt.com%2Frbfcu%2Flogin.php&r=<=4186&evt=pageLoad&sv=1&rn=131006 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c0gt.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=167245E84006651301D257B3415164E3; domain=.bing.com; expires=Fri, 08-Dec-2023 13:34:00 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A831CFC987C343229520E9E1374EE605 Ref B: OSL30EDGE0420 Ref C: 2022-11-13T13:34:00Z
date: Sun, 13 Nov 2022 13:34:00 GMT
X-Firefox-Spdy: h2
bat.bing.com/p/action/4031169.js
13.107.21.200204 No Content 0 B URL HTTP/2 bat.bing.com/p/action/4031169.js
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/4031169.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c0gt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=198ADE8F32FC60003CF8CCD433AB61FB; domain=.bing.com; expires=Fri, 08-Dec-2023 13:34:00 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 09EE3381B27F43898ADA8A750CF77E8E Ref B: OSL30EDGE0420 Ref C: 2022-11-13T13:34:00Z
date: Sun, 13 Nov 2022 13:34:00 GMT
X-Firefox-Spdy: h2
cdn.segmint.net/9c5f6414-c968-4bd7-a81b-b661f66a7000.json
54.230.111.99200 OK 161 B URL HTTP/1.1 cdn.segmint.net/9c5f6414-c968-4bd7-a81b-b661f66a7000.json
IP 54.230.111.99:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 8c239da2fb85196f49a8f207ae300041
2069a8a7b5b4d15a0a067274f5d39a124f31dc47
0aa159eea82ebc0d001771c5962ad5e577d5f73a5c0e728d5cbfd19eebfb5219
GET /9c5f6414-c968-4bd7-a81b-b661f66a7000.json HTTP/1.1
Host: cdn.segmint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: http://c0gt.com
Connection: keep-alive
Referer: http://c0gt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 161
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: PUT, POST, DELETE, GET
Access-Control-Max-Age: 3000
Last-Modified: Wed, 11 Mar 2020 20:19:54 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Sun, 13 Nov 2022 13:34:01 GMT
Cache-Control: max-age=900
ETag: "8c239da2fb85196f49a8f207ae300041"
X-Cache: RefreshHit from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: yiI5ZK82vBIT1htUGiMcemlYXeQ5mtvkUSKKsj73lZOKL2r3eHLD9g==
px.ads.linkedin.com/collect?v=2&fmt=js&pid=2367698&time=1668346438963&url=http%3A%2F%2Fc0gt.com%2Frbfcu%2Flogin.php
13.107.42.14302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=2367698&time=1668346438963&url=http%3A%2F%2Fc0gt.com%2Frbfcu%2Flogin.php
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=2367698&time=1668346438963&url=http%3A%2F%2Fc0gt.com%2Frbfcu%2Flogin.php HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c0gt.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2367698%26time%3D1668346438963%26url%3Dhttp%253A%252F%252Fc0gt.com%252Frbfcu%252Flogin.php%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQJ5uh7whNo-_AAAAYRxMmrrwDKyXj-yC5I8lAcQi-wpBg2hnieuU6cQ7I8Px1tjbZ4jorure17_xQ; Max-Age=2592000; Expires=Tue, 13 Dec 2022 13:34:00 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQJHDBPpojoVuwAAAYRxMmrrDI_1pCQBjM7M6pDNlidxz2h4vtqP5sOdxC9GPdBAdzbXnWhi6BMFUQHocN3nIA; Max-Age=2592000; Expires=Tue, 13 Dec 2022 13:34:00 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&92c24ada-9c4f-4a63-82bf-f3aa7c999f3d"; domain=.linkedin.com; Path=/; Secure; Expires=Mon, 13-Nov-2023 13:34:00 GMT; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2416:u=1:x=1:i=1668346440:t=1668432840:v=2:sig=AQGTSxbQT4MkyCrrtEZEdeWdtvFe1KUy"; Expires=Mon, 14 Nov 2022 13:34:00 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXtWizxiBzgsHD9PDxXkw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: EAE4019F35E649D88C06396B57269800 Ref B: OSL30EDGE0220 Ref C: 2022-11-13T13:34:00Z
date: Sun, 13 Nov 2022 13:34:00 GMT
content-length: 0
X-Firefox-Spdy: h2
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2367698%26time%3D1668346438963%26url%3Dhttp%253A%252F%252Fc0gt.com%252Frbfcu%252Flogin.php%26liSync%3Dtrue
13.107.42.14302 Found 0 B URL HTTP/2 www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2367698%26time%3D1668346438963%26url%3Dhttp%253A%252F%252Fc0gt.com%252Frbfcu%252Flogin.php%26liSync%3Dtrue
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2367698%26time%3D1668346438963%26url%3Dhttp%253A%252F%252Fc0gt.com%252Frbfcu%252Flogin.php%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://c0gt.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2367698&time=1668346438963&url=http%3A%2F%2Fc0gt.com%2Frbfcu%2Flogin.php&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&bfef23da-1092-4ffc-834c-cfd9b6c8c50f"; Domain=.linkedin.com; Expires=Mon, 13-Nov-2023 13:34:00 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&20221113133400d6818f8e-9397-47a4-8135-6522fa27b896AQFtnuZCcoDfxkA3l6aRqIvf18mx4TXR"; Domain=.www.linkedin.com; Expires=Mon, 13-Nov-2023 13:34:00 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NjgzNDY0NDA7MjswMjHaQtjDB+PLPt5G40g+XMyzQwthpiqTVgbDpeAmIoxwkw==; Domain=.linkedin.com; Expires=Fri, 12 May 2023 13:34:00 GMT; Path=/; Secure; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2430:u=1:x=1:i=1668346440:t=1668432840:v=2:sig=AQELrfCPYxUKlly9-BDbpAR669CL_aH8"; Expires=Mon, 14 Nov 2022 13:34:00 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/status linkedin.sc.omtrdc.net/b/ss/ *.qualtrics.com *.adyen.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self' teams.microsoft.com client.learningapp.microsoft.com; report-uri /security/csp?e=p&f=t
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXtWizzxY4h58tTmQi6+w==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 19E10C2A046A46DE86E551798A5D04A4 Ref B: OSL30EDGE0220 Ref C: 2022-11-13T13:34:00Z
date: Sun, 13 Nov 2022 13:34:00 GMT
content-length: 0
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=2367698&time=1668346438963&url=http%3A%2F%2Fc0gt.com%2Frbfcu%2Flogin.php&liSync=true
13.107.42.14200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=2367698&time=1668346438963&url=http%3A%2F%2Fc0gt.com%2Frbfcu%2Flogin.php&liSync=true
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=2367698&time=1668346438963&url=http%3A%2F%2Fc0gt.com%2Frbfcu%2Flogin.php&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://c0gt.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&088cd530-9e62-4f4e-8c77-9e1e80523a66"; domain=.linkedin.com; Path=/; Secure; Expires=Mon, 13-Nov-2023 13:34:00 GMT; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2416:u=1:x=1:i=1668346440:t=1668432840:v=2:sig=AQGTSxbQT4MkyCrrtEZEdeWdtvFe1KUy"; Expires=Mon, 14 Nov 2022 13:34:00 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXtWiz2H4pUGQkhOjuMuA==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 02C7AB63C070486E8C467B4FEF4D562B Ref B: OSL30EDGE0220 Ref C: 2022-11-13T13:34:00Z
date: Sun, 13 Nov 2022 13:34:00 GMT
content-length: 0
X-Firefox-Spdy: h2
cdn.appdynamics.com/adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js
54.230.111.106200 OK 20 kB URL HTTP/1.1 cdn.appdynamics.com/adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js
IP 54.230.111.106:0
File type ASCII text, with very long lines (574)
Hash cca1b9c013b93bd73bf4f55b122ba8db
ed011720d910a5b69db06ebaabcd95d013255752
d5ef573c9770681c3a75ec78445d0c785ca6659a0cf25f145ddfbae414b0b77a
GET /adrum-ext.c74f9315ac2eb17a0d3c4975c3deb222.js HTTP/1.1
Host: cdn.appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c0gt.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.16.1
Last-Modified: Tue, 06 Sep 2022 21:05:12 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
timing-allow-origin: *
Content-Encoding: gzip
Date: Wed, 09 Nov 2022 18:27:39 GMT
Cache-Control: public, max-age=2678400, s-max-age=14400
ETag: W/"6317b608-d132"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: JVtAVdmRj15Y9f51Pq4v0QS5lQ4m6dJJkjhL_vHs8IjEj1U0PoRMvg==
Age: 327981
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 0df79cbc834bd5e53cf14431365341dc
00e5191435de6d5804d36e8db45d1858dfc67e62
6a4d0997ea345b437ad5f53d41699920f946ba31bbc2b01e005516485328d033
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:34:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-6286893-1&cid=929090241.1668346439&jid=1332247997&gjid=1857614703&_gid=1085712032.1668346439&_u=YEBAAEAAAAAAACAAI~&z=2116346216
142.251.1.156200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-6286893-1&cid=929090241.1668346439&jid=1332247997&gjid=1857614703&_gid=1085712032.1668346439&_u=YEBAAEAAAAAAACAAI~&z=2116346216
IP 142.251.1.156:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-6286893-1&cid=929090241.1668346439&jid=1332247997&gjid=1857614703&_gid=1085712032.1668346439&_u=YEBAAEAAAAAAACAAI~&z=2116346216 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://c0gt.com
Connection: keep-alive
Referer: http://c0gt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://c0gt.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 13 Nov 2022 13:34:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 0df79cbc834bd5e53cf14431365341dc
00e5191435de6d5804d36e8db45d1858dfc67e62
6a4d0997ea345b437ad5f53d41699920f946ba31bbc2b01e005516485328d033
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 13 Nov 2022 13:34:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.appdynamics.com/adrum-ext.ebf1620b3b847dfbf76f6e109dcacd8e.js
54.230.111.106200 OK 0 B URL HTTP/2 cdn.appdynamics.com/adrum-ext.ebf1620b3b847dfbf76f6e109dcacd8e.js
IP 54.230.111.106:0
GET /adrum-ext.ebf1620b3b847dfbf76f6e109dcacd8e.js HTTP/1.1
Host: cdn.appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c0gt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Wed, 09 Nov 2022 03:15:57 GMT
server: nginx/1.16.1
last-modified: Fri, 15 Apr 2022 21:40:35 GMT
etag: W/"6259e653-ce76"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cache-control: public, max-age=2678400, s-max-age=14400
timing-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: fKBdKVZL6h0oPgFv58Gf1rBUD9W8ua-qqt64mHQN7XCqR8YsHuYAXQ==
age: 382679
X-Firefox-Spdy: h2
maps.googleapis.com/maps-api-v3/api/js/49/6/intl/fr_ALL/util.js
142.250.74.170200 OK 0 B URL HTTP/2 maps.googleapis.com/maps-api-v3/api/js/49/6/intl/fr_ALL/util.js
IP 142.250.74.170:0
GET /maps-api-v3/api/js/49/6/intl/fr_ALL/util.js HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c0gt.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 58491
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 13 Nov 2022 13:02:16 GMT
expires: Mon, 13 Nov 2023 13:02:16 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 21 Jun 2022 18:11:35 GMT
content-type: text/javascript
age: 1900
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400,600,700
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,600,700
IP 142.250.74.10:0
GET /css?family=Open+Sans:300,400,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c0gt.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 13 Nov 2022 13:33:56 GMT
date: Sun, 13 Nov 2022 13:33:56 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lato|Open+Sans|Roboto:300,300i,400,400i,500,500i,700,700i,900,900i&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Lato|Open+Sans|Roboto:300,300i,400,400i,500,500i,700,700i,900,900i&display=swap
IP 142.250.74.10:0
GET /css?family=Lato|Open+Sans|Roboto:300,300i,400,400i,500,500i,700,700i,900,900i&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c0gt.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 13 Nov 2022 13:33:56 GMT
date: Sun, 13 Nov 2022 13:33:56 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/icon?family=Material+Icons
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/icon?family=Material+Icons
IP 142.250.74.10:0
GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c0gt.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 13 Nov 2022 13:33:56 GMT
date: Sun, 13 Nov 2022 13:33:56 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,500
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,500
IP 142.250.74.10:0
GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://c0gt.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 13 Nov 2022 13:33:56 GMT
date: Sun, 13 Nov 2022 13:33:56 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.linkedin.oribi.io/partner/2367698/domain/c0gt.com/token
54.230.111.112200 OK 0 B URL HTTP/2 cdn.linkedin.oribi.io/partner/2367698/domain/c0gt.com/token
IP 54.230.111.112:0
GET /partner/2367698/domain/c0gt.com/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: *
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: http://c0gt.com
Connection: keep-alive
Referer: http://c0gt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
date: Sun, 13 Nov 2022 13:02:20 GMT
access-control-allow-origin: *
cache-control: public, max-age=10153
content-encoding: gzip
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5v_UCpiXDc4YEMqJxBWbreMzFql6UWLqlQH6Dj6JZIQXU610A-LW1w==
age: 1900
X-Firefox-Spdy: h2
cdn.linkedin.oribi.io/partner/2367698/domain/c0gt.com/token
54.230.111.112200 OK 0 B URL HTTP/2 cdn.linkedin.oribi.io/partner/2367698/domain/c0gt.com/token
IP 54.230.111.112:0
GET /partner/2367698/domain/c0gt.com/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: *
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: http://c0gt.com
Connection: keep-alive
Referer: http://c0gt.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
date: Sun, 13 Nov 2022 13:02:20 GMT
access-control-allow-origin: *
cache-control: public, max-age=10153
content-encoding: gzip
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: phdSyrhM8NLP9Zej9UrzhWH6qVg8KIYDLFUCQt97jR6Q3MDmg7BJuw==
age: 1900
X-Firefox-Spdy: h2