firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 12 Sep 2022 20:08:19 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Bv8JQ_t4yrSzxTBWxU2ZU1Pxy8kAbvB-tS3fVo0-bbbGOUCX23FnRQ==
Age: 1069
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _JxWk7ujPP84hykWG6dQwT3PDgekWXvMlwI8-H_IW_fhIp_606exzg==
age: 47336
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 76d5eb597558e3dee0d99719d17e71e0
f3a0f3932fa8059f27dc9422d523b938fa9a7d09
d16de6cc9eb0e1297f53dc1137bb764bf5c21a7727be32ad05afebd1fe9501ed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2756
Expires: Mon, 12 Sep 2022 21:12:04 GMT
Date: Mon, 12 Sep 2022 20:26:08 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 20:26:08 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash f8ebba7666d8b2881ecbbbb843ffe176
520642a12fc9aa3a1bb58d68e98d79cbe60f67e7
d28c750435955acbdd130a243df98c8d305663a052052993baf3b0537e46d04b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D28C750435955ACBDD130A243DF98C8D305663A052052993BAF3B0537E46D04B"
Last-Modified: Mon, 12 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 13 Sep 2022 02:26:09 GMT
Date: Mon, 12 Sep 2022 20:26:09 GMT
Connection: keep-alive
lightequine.com/ass/
192.185.114.174200 OK 12 kB IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6168)
Hash c3efe83741a31102819cb5bfbc70a164
f175bc04b9c902e4ad394955aeaec1a6947672d3
393e784229e9e51ee9a0deabe8213c6407e1cbc146cc35b2c46ee36458c38786
Analyzer Verdict Alert openphish Comcast Corporation
fortinet Phishing
GET /ass/ HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 23:59:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 12476
content-type: text/html
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Mon, 12 Sep 2022 19:56:07 GMT
Expires: Mon, 12 Sep 2022 20:36:03 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: YdQLcZlomLyvcbTcbItVnPLRFxQToxacNY5oDAa4ThQiX8B5AYOrnA==
Age: 1802
lightequine.com/ass/Sign%20in%20to%20XFINITY_files/event
192.185.114.174200 OK 191 B URL HTTP/2 lightequine.com/ass/Sign%20in%20to%20XFINITY_files/event
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with no line terminators
Hash 2d5d169b7afabb783f8994c576f005cb
d3c1f326303b3cd98f892a5ab28cea82222d058b
384d036f62eab523e123b0e2c033bdee06077fdf041c564ce56f956e6219fb24
Analyzer Verdict Alert fortinet Phishing
GET /ass/Sign%20in%20to%20XFINITY_files/event HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 23:59:49 GMT
accept-ranges: bytes
content-length: 191
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/ass/Sign%20in%20to%20XFINITY_files/segments.js
192.185.114.174200 OK 39 B URL HTTP/2 lightequine.com/ass/Sign%20in%20to%20XFINITY_files/segments.js
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 9c5453ce3943ebf709c68c4358907916
25c057fa107fca0917c7dca9f432cdce93ce2316
c47bb8af6317ddc64116b9fa30f3d2d46ea6b759789556c003a08fd57c0f6e8a
Analyzer Verdict Alert fortinet Phishing
GET /ass/Sign%20in%20to%20XFINITY_files/segments.js HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 23:59:49 GMT
accept-ranges: bytes
content-length: 39
content-type: application/javascript
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/ass/Sign%20in%20to%20XFINITY_files/comcastVisIDAthena.js
192.185.114.174200 OK 8.4 kB URL HTTP/2 lightequine.com/ass/Sign%20in%20to%20XFINITY_files/comcastVisIDAthena.js
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (815), with CRLF line terminators
Hash 79940589e33f37f68f9a80ce5e13c037
d7572fb9ef61134c9cb335a6db3740468b93b36f
6fff922e860e02fb4bc322b3807ab5e37dd8079072929c2b233c3ae9cdd21d8f
Analyzer Verdict Alert fortinet Phishing
GET /ass/Sign%20in%20to%20XFINITY_files/comcastVisIDAthena.js HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 23:59:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 8409
content-type: application/javascript
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/ass/Sign%20in%20to%20XFINITY_files/rta.js
192.185.114.174200 OK 159 B URL HTTP/2 lightequine.com/ass/Sign%20in%20to%20XFINITY_files/rta.js
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 (with BOM) text, with no line terminators
Hash a66a008566af0e3807b90760012863c2
e09466fb3c0b0d2b94f6233b54321d179903eb17
3ee657e09030047c5792c02cf0f206708cfd3f33aa98b0ccf28cd9c4b098f610
Analyzer Verdict Alert fortinet Phishing
GET /ass/Sign%20in%20to%20XFINITY_files/rta.js HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 23:59:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 159
content-type: application/javascript
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/ass/Sign%20in%20to%20XFINITY_files/data.json
192.185.114.174200 OK 295 B URL HTTP/2 lightequine.com/ass/Sign%20in%20to%20XFINITY_files/data.json
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash c4e699111d8c5ee41a03610b94ff02d5
7b4ec667ab9d73b69d752931fa675eca988ac1be
f1aa6a629871c08a077cba94a653cb0c2ace627617e442adccbf6712972bf0df
Analyzer Verdict Alert fortinet Phishing
GET /ass/Sign%20in%20to%20XFINITY_files/data.json HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 23:59:49 GMT
accept-ranges: bytes
content-length: 295
content-type: application/json
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/ass/Sign%20in%20to%20XFINITY_files/11648.js
192.185.114.174200 OK 8.5 kB URL HTTP/2 lightequine.com/ass/Sign%20in%20to%20XFINITY_files/11648.js
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- C source, ASCII text, with very long lines (25399)
Hash c540292a1c3d83602949e4f4af9272cd
2695d7e1ae9dd40ab88d9e7a45cc8a8930623e74
867f02cd87490f12f458ec91eb03ba6f23f94c585c26746a2b60937b3fa3bbd3
Analyzer Verdict Alert fortinet Phishing
GET /ass/Sign%20in%20to%20XFINITY_files/11648.js HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 23:59:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 8455
content-type: application/javascript
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/ass/Sign%20in%20to%20XFINITY_files/150582-10.js
192.185.114.174200 OK 477 B URL HTTP/2 lightequine.com/ass/Sign%20in%20to%20XFINITY_files/150582-10.js
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- exported SGML document, ASCII text, with very long lines (728)
Hash daef3004cc94546e9cd07c793db655a6
286c98c28b3e7a628f8a5eb28134c13f58e1f779
a5bb938bc07b3bf08ae755ba4494f285c7684fef6c0dc9349e7d52f2366ad88e
Analyzer Verdict Alert fortinet Phishing
GET /ass/Sign%20in%20to%20XFINITY_files/150582-10.js HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 23:59:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 477
content-type: application/javascript
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/ass/Sign%20in%20to%20XFINITY_files/1203273213x32.js
192.185.114.174200 OK 772 B URL HTTP/2 lightequine.com/ass/Sign%20in%20to%20XFINITY_files/1203273213x32.js
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (403)
Hash 7c2c39d578f8a54322d2f1084bf458db
b9da3c835240b6217ced4d7f8d792de9faafea74
8210268d9c4641543fffbd2394c23a7585408a90e94fcc58f84e6ae4b568936d
Analyzer Verdict Alert fortinet Phishing
GET /ass/Sign%20in%20to%20XFINITY_files/1203273213x32.js HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 23:59:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 772
content-type: application/javascript
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/ass/Sign%20in%20to%20XFINITY_files/asc.txt
192.185.114.174200 OK 17 B URL HTTP/2 lightequine.com/ass/Sign%20in%20to%20XFINITY_files/asc.txt
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with no line terminators
Hash 92ecce91e58ca501e89410701805ffd2
fbc2f9374e8f5aebbc0a9ebeaeb836dfe2ee8803
af2d3351d5bb6b63e81eb19140f27324fd7b0ba94dc7c39b6154461243e4986e
Analyzer Verdict Alert fortinet Phishing
GET /ass/Sign%20in%20to%20XFINITY_files/asc.txt HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 23:59:49 GMT
accept-ranges: bytes
content-length: 17
content-type: text/plain
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/ass/Sign%20in%20to%20XFINITY_files/u.gif
192.185.114.174200 OK 42 B URL HTTP/2 lightequine.com/ass/Sign%20in%20to%20XFINITY_files/u.gif
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ass/Sign%20in%20to%20XFINITY_files/u.gif HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 23:59:49 GMT
accept-ranges: bytes
content-length: 42
content-type: image/gif
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/ass/Sign%20in%20to%20XFINITY_files/event.gif
192.185.114.174200 OK 42 B URL HTTP/2 lightequine.com/ass/Sign%20in%20to%20XFINITY_files/event.gif
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ass/Sign%20in%20to%20XFINITY_files/event.gif HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 23:59:49 GMT
accept-ranges: bytes
content-length: 42
content-type: image/gif
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/ass/Sign%20in%20to%20XFINITY_files/seal.png
192.185.114.174200 OK 3.1 kB URL HTTP/2 lightequine.com/ass/Sign%20in%20to%20XFINITY_files/seal.png
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 142 x 45, 8-bit/color RGBA, non-interlaced\012- data
Hash be19bc645a5d70db58e4317fb1f7f791
8c38f471f3e6d17af148acaab219db7e3e4a8d23
6ab85bc152133401e0ad5ca069990f4a76413499820d4ba95a0dadb063bcc8b8
GET /ass/Sign%20in%20to%20XFINITY_files/seal.png HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 23:59:49 GMT
accept-ranges: bytes
content-length: 3091
content-type: image/png
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cb674936db4af4be99c3c397eff8c6ae
de79d76bac3fae5799b0ff35ecc19360595dfb06
992b884b64f9f6fdb76a6ba91c48fed329325b95b99d8003b282879a52093c08
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3972
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:26:09 GMT
Last-Modified: Mon, 12 Sep 2022 19:19:57 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
lightequine.com/ass/Sign%20in%20to%20XFINITY_files/1647526060x32.js
192.185.114.174200 OK 556 B URL HTTP/2 lightequine.com/ass/Sign%20in%20to%20XFINITY_files/1647526060x32.js
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (433)
Hash fe32fbe869ac4a88f764abd1bc438cf1
b1b4f1a0581746de7a45e1f0663220da83d02af1
ce02fcf5ec2a7c9caa9aeed72f1fbdd4581a4745da89c9dfba7e84137dcd96a6
Analyzer Verdict Alert fortinet Phishing
GET /ass/Sign%20in%20to%20XFINITY_files/1647526060x32.js HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 23:59:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 556
content-type: application/javascript
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/ass/Sign%20in%20to%20XFINITY_files/scripts-responsive.js
192.185.114.174200 OK 1.7 kB URL HTTP/2 lightequine.com/ass/Sign%20in%20to%20XFINITY_files/scripts-responsive.js
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (3906), with no line terminators
Hash 0b5a2ee34ecb1141a47f9d569ff54893
a7685dbc86190a3d8161bab891ad4489a493e21f
4294186559939218bf8494573b4dce94cc722bb52f54756832bef1423d873a37
Analyzer Verdict Alert fortinet Phishing
GET /ass/Sign%20in%20to%20XFINITY_files/scripts-responsive.js HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 23:59:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1698
content-type: application/javascript
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/ass/Sign%20in%20to%20XFINITY_files/150582-15.js
192.185.114.174200 OK 1.4 kB URL HTTP/2 lightequine.com/ass/Sign%20in%20to%20XFINITY_files/150582-15.js
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- exported SGML document, ASCII text, with very long lines (2808)
Hash 1247a38a9cdacf0e00ed543c62127fe5
940c71c36b5a0f6bee39a4f89555b43f7dd668cd
da8f696dae05fbc2ecf74b9dcb6aadb94d1bcd7192ffe2d4528c825d43a52193
Analyzer Verdict Alert fortinet Phishing
GET /ass/Sign%20in%20to%20XFINITY_files/150582-15.js HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 23:59:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1382
content-type: application/javascript
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/ass/Sign%20in%20to%20XFINITY_files/Oscars_SignIn_300x250.jpg
192.185.114.174200 OK 36 kB URL HTTP/2 lightequine.com/ass/Sign%20in%20to%20XFINITY_files/Oscars_SignIn_300x250.jpg
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, components 3\012- data
Hash a98fbe346dd7c66a4ca5f1f77aa75e44
ee1c12063d821ba884efe2afedd6cab81c825363
de3e0d54441cd6afe0d7d2afcb95eadf8fec5cb23ecd47a796c3818fe7fb8f4d
GET /ass/Sign%20in%20to%20XFINITY_files/Oscars_SignIn_300x250.jpg HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 23:59:49 GMT
accept-ranges: bytes
content-length: 35514
content-type: image/jpeg
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.155.157.101101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.155.157.101:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 4XzXdIjOKqDi1G0HR6IvoA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: X4S3YvvWIjrCLqFJCyl8JS9lkg8=
z.moatads.com/comcastapn56341864860/moatad.js
2.18.34.199200 OK 0 B URL HTTP/2 z.moatads.com/comcastapn56341864860/moatad.js
IP 2.18.34.199:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /comcastapn56341864860/moatad.js HTTP/1.1
Host: z.moatads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: iNOl1G7caF+4F0KjCYi8LROSIJDzen5qwVKxO9qb70np0Ib7E8xnZvs9UYc5c1RxmbTyX0e7zg8=
x-amz-request-id: 011D4RFHBA3563FE
last-modified: Mon, 11 May 2020 15:59:42 GMT
etag: "d41d8cd98f00b204e9800998ecf8427e"
accept-ranges: bytes
content-type: application/x-javascript
server: AmazonS3
content-length: 0
cache-control: max-age=14539
date: Mon, 12 Sep 2022 20:26:09 GMT
X-Firefox-Spdy: h2
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9d52774aabf130006dcb8b6dac23d0b2
a24d66f00d36399d5cd02f28a05b662333070ac6
0e3ffdcf6d1c2bb1a8a3ad4c07bc775a4ba49b62317fa3f9ad7679658bb4f85c
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3064
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:26:09 GMT
Last-Modified: Mon, 12 Sep 2022 19:35:05 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-Regular.woff2
192.185.114.174404 Not Found 48 kB URL HTTP/2 lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-Regular.woff2
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash e8b052cbdcacbe3cdfba2199ba2a1336
42eef93cee191fbd823df6f5431a0b4aa19872c0
77e9d46196157235be3992c0e4934412b8792157311273288e633ffc2b551c5c
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Regular.woff2 HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://lightequine.com/ass/Sign%20in%20to%20XFINITY_files/styles-light.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://lightequine.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9d52774aabf130006dcb8b6dac23d0b2
a24d66f00d36399d5cd02f28a05b662333070ac6
0e3ffdcf6d1c2bb1a8a3ad4c07bc775a4ba49b62317fa3f9ad7679658bb4f85c
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3065
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:26:10 GMT
Last-Modified: Mon, 12 Sep 2022 19:35:05 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
us-ads.openx.net/w/1.0/acj?ai=d53b1d95-c00d-440f-be40-11dfd26311b7&o=5741330459&callback=OX_5741330459&ju=https%3A//lightequine.com/ass/&jr=&auid=538020939&dims=1280x939&adxy=620%2C69&res=1280x1024x24&plg=pm&ch=UTF-8&tz=0&ws=1280x939&ifr=0&tws=1280x939&vmt=1&sd=1&mt=1
34.98.64.218200 OK 243 B URL HTTP/2 us-ads.openx.net/w/1.0/acj?ai=d53b1d95-c00d-440f-be40-11dfd26311b7&o=5741330459&callback=OX_5741330459&ju=https%3A//lightequine.com/ass/&jr=&auid=538020939&dims=1280x939&adxy=620%2C69&res=1280x1024x24&plg=pm&ch=UTF-8&tz=0&ws=1280x939&ifr=0&tws=1280x939&vmt=1&sd=1&mt=1
IP 34.98.64.218:0
Hash 56522e9703338cf5fdd809d3d8bffa9f
66c49e209e74c3f9b6a32e27f3fd09393de926ce
bde1197748ecd01ba59dd00fdf899a0f7245dc6a5881d3b9be88bb887dc425d2
GET /w/1.0/acj?ai=d53b1d95-c00d-440f-be40-11dfd26311b7&o=5741330459&callback=OX_5741330459&ju=https%3A//lightequine.com/ass/&jr=&auid=538020939&dims=1280x939&adxy=620%2C69&res=1280x1024x24&plg=pm&ch=UTF-8&tz=0&ws=1280x939&ifr=0&tws=1280x939&vmt=1&sd=1&mt=1 HTTP/1.1
Host: us-ads.openx.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept, Accept-Encoding
server: OXGW/0.0.0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
expires: Mon, 26 Jul 1997 05:00:00 GMT
date: Mon, 12 Sep 2022 20:26:10 GMT
content-type: application/json
content-length: 243
content-encoding: gzip
cache-control: private, max-age=0, no-cache
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 41f997fd3e5f6dad5b9074699d6137c7
031e688762b66e3eff8c54427a2a78bad3bd15ee
aef026efb9215eb419c65640dac8312b6ac0120026b979cf6d5745b5a260c99c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4555
Cache-Control: max-age=104198
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:26:10 GMT
Etag: "631e781d-1d7"
Expires: Wed, 14 Sep 2022 01:22:48 GMT
Last-Modified: Mon, 12 Sep 2022 00:06:53 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
optimized-by.rubiconproject.com/a/11648/36314/150582-10.js?&cb=0.8448343994415005&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
3.65.117.255307 Temporary Redirect 0 B URL HTTP/2 optimized-by.rubiconproject.com/a/11648/36314/150582-10.js?&cb=0.8448343994415005&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
IP 3.65.117.255:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a/11648/36314/150582-10.js?&cb=0.8448343994415005&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10 HTTP/1.1
Host: optimized-by.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
date: Mon, 12 Sep 2022 20:26:10 GMT
content-length: 0
location: https://vast.rubiconproject.com/a/11648/36314/150582-10.js?tk_vps=2&&cb=0.8448343994415005&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-forwarded-for: 91.90.42.154
x-forwarded-proto: https
x-forwarded-port: 443
x-amzn-trace-id: Root=1-631f95e2-4d6296545f924a3e0d601ba1
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
accept: */*
accept-language: en-US,en;q=0.5
referer: https://lightequine.com/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
X-Firefox-Spdy: h2
lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-Regular.ttf
192.185.114.174404 Not Found 10 kB URL HTTP/2 lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-Regular.ttf
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2356), with CRLF, LF line terminators
Hash acd38ea457af77baa5ca132f634b38bc
2c97bc311782f675539ca7f2139aa42d1bfebe3e
8ffcc289eb8ddf5c51bac8049a375b9d56d251276b0adbc4028e73f5fab26942
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Regular.ttf HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://lightequine.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
content-length: 10209
content-type: text/html; charset=UTF-8
date: Mon, 12 Sep 2022 20:26:10 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.woff2
192.185.114.174404 Not Found 40 kB URL HTTP/2 lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.woff2
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 73792bbfedab7a1f1c8683ec229a8db2
5ca0b892ccdcfddeb56551e2880c3ff14080ecfd
c659e0e67eb9c8608ed4f24d4bf4afdb50095cb3f48e3daf3c754176d5e82c83
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.woff2 HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://lightequine.com/ass/Sign%20in%20to%20XFINITY_files/styles-light.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://lightequine.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-Regular.woff
192.185.114.174404 Not Found 30 kB URL HTTP/2 lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-Regular.woff
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2356), with CRLF, LF line terminators
Hash 852cf7f8d111ba677ed5a5e91311c9f7
c2b7d421c769ba7a6641eebf8d2f4587d84a3f41
8697d1688298a7ef39dadb3dda6a783a0891d7689210089460aa0db40313d805
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Regular.woff HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://lightequine.com/ass/Sign%20in%20to%20XFINITY_files/styles-light.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://lightequine.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
optimized-by.rubiconproject.com/a/11648/36314/150582-10.js?&cb=0.8448343994415005&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
3.65.117.255307 Temporary Redirect 0 B URL HTTP/2 optimized-by.rubiconproject.com/a/11648/36314/150582-10.js?&cb=0.8448343994415005&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
IP 3.65.117.255:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a/11648/36314/150582-10.js?&cb=0.8448343994415005&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10 HTTP/1.1
Host: optimized-by.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
date: Mon, 12 Sep 2022 20:26:10 GMT
content-length: 0
location: https://vast.rubiconproject.com/a/11648/36314/150582-10.js?tk_vps=2&&cb=0.8448343994415005&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-forwarded-for: 91.90.42.154
x-forwarded-proto: https
x-forwarded-port: 443
x-amzn-trace-id: Root=1-631f95e2-04a8294260010d324e6e9aad
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
accept: */*
accept-language: en-US,en;q=0.5
referer: https://lightequine.com/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
X-Firefox-Spdy: h2
vast.rubiconproject.com/a/11648/36314/150582-10.js?tk_vps=2&&cb=0.8448343994415005&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
213.19.162.31200 OK 147 B URL HTTP/1.1 vast.rubiconproject.com/a/11648/36314/150582-10.js?tk_vps=2&&cb=0.8448343994415005&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
IP 213.19.162.31:0
Hash 7bdda9f1de292e7e006306b2d85c9cb1
36a60514a49f5f2d58deb949fdf037ed29a067cc
83ea4cc1abe0489b72d792344ff8e08c2749d8bd6933a61ab0bdbd7e07c447ca
GET /a/11648/36314/150582-10.js?tk_vps=2&&cb=0.8448343994415005&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10 HTTP/1.1
Host: vast.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lightequine.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.4
Date: Mon, 12 Sep 2022 20:26:10 GMT
Content-Type: text/javascript
Content-Length: 147
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Pragma: no-cache
Vary: Accept-Encoding
Set-Cookie: khaos=L7Z7TGMS-15-G9SD; Domain=.rubiconproject.com; Path=/; Expires=Tue, 12-Sep-2023 20:26:10 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qoWFW/LrNSkse9DtVM30fCgDwR+tJIZNx/mhWf2Cf7MF4T9uvL5+Bt7Ij5wYjJQab+AF7qA5WC/AGm0nJS9Ddvq; Domain=.rubiconproject.com; Path=/; Expires=Tue, 12-Sep-2023 20:26:10 GMT; Max-Age=31536000; SameSite=None; Secure
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ads.rubiconproject.com/ad/11648.js
2.21.206.244200 OK 8.9 kB URL HTTP/2 ads.rubiconproject.com/ad/11648.js
IP 2.21.206.244:0
File type C source, ASCII text, with very long lines (26545)
Hash 5aecf12e8c3cb1d14458bc71c6b8cf0c
b0cedce6e8165041981ba59a9b7277053a37ba89
69dd3510681bc16e17f107ac8f2fa504aa7ce59d75ebf3248b6f85f02a6409aa
GET /ad/11648.js HTTP/1.1
Host: ads.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
x-powered-by: PHP/5.3.3
content-encoding: gzip
content-length: 8946
content-type: text/javascript
cache-control: max-age=7761
expires: Mon, 12 Sep 2022 22:35:31 GMT
date: Mon, 12 Sep 2022 20:26:10 GMT
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: *
X-Firefox-Spdy: h2
lightequine.com/ass/Sign%20in%20to%20XFINITY_files/moatad.js
192.185.114.174200 OK 72 kB URL HTTP/2 lightequine.com/ass/Sign%20in%20to%20XFINITY_files/moatad.js
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 474e29d520df12a71a745463914e2460
709fbd0f04832c85e2b9956406291918699a276f
a715cbf936f817d3004a6e7c9a1d5b4d0f5dd1fa5e6d14624fdac2abc9be6ca7
Analyzer Verdict Alert fortinet Phishing
GET /ass/Sign%20in%20to%20XFINITY_files/moatad.js HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 23:59:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
optimized-by.rubiconproject.com/a/11648/36314/150582-15.js?&cb=0.7336843618067417&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
3.65.117.255307 Temporary Redirect 0 B URL HTTP/2 optimized-by.rubiconproject.com/a/11648/36314/150582-15.js?&cb=0.7336843618067417&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
IP 3.65.117.255:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a/11648/36314/150582-15.js?&cb=0.7336843618067417&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15 HTTP/1.1
Host: optimized-by.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
date: Mon, 12 Sep 2022 20:26:10 GMT
content-length: 0
location: https://vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.7336843618067417&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-forwarded-for: 91.90.42.154
x-forwarded-proto: https
x-forwarded-port: 443
x-amzn-trace-id: Root=1-631f95e2-009dce8d2f0b5d5e2e7c9022
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
accept: */*
accept-language: en-US,en;q=0.5
referer: https://lightequine.com/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17030
Expires: Tue, 13 Sep 2022 01:10:00 GMT
Date: Mon, 12 Sep 2022 20:26:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17030
Expires: Tue, 13 Sep 2022 01:10:00 GMT
Date: Mon, 12 Sep 2022 20:26:10 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a938fd0-09b1-4550-89f4-e81e9c6a8737.jpeg
34.120.237.76200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a938fd0-09b1-4550-89f4-e81e9c6a8737.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b674daf3dc6e85ed054ab34d69979b86
47aaf5a3af2c25820d01d613c82b7f1279a298fc
7b9993ef69d4b77c1533ada040c85563b9cf7b1f5d007177c005f6cd7fdba1d3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a938fd0-09b1-4550-89f4-e81e9c6a8737.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4162
x-amzn-requestid: 9dc27e34-69e1-439d-8974-1297584ef4d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YSIhuHlWIAMFhOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d87a4-410e9ede524aa657609a057a;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 07:00:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UxATqmWDCTwVqA3ORIXXObWZZj158TSRUoaAr48b08sxdAxBicw5zA==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 07:27:45 GMT
age: 46705
etag: "47aaf5a3af2c25820d01d613c82b7f1279a298fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6174529fff57758e958da5432344962f
05ec2076b32398d60ee77fab8c14345bc7dfe647
65284a76355864efa944dff5033575013c6d74a019a7b731e0236603f2f656a7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9466
x-amzn-requestid: ba3f7eac-61c9-4b5f-ae8a-b372906a25ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YOTeoHMKoAMFr5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bff90-1e70e2c444242a2d46387986;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 03:08:00 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: -SwaUjMInlOaGpH6yK1W1a57QCQMgY-l43RdUfKVtZA1zJzMrLzC6g==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 f7283f3fe2c258cf54f8b7d3dd272e0e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 04:04:42 GMT
age: 58888
etag: "05ec2076b32398d60ee77fab8c14345bc7dfe647"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6b50df-cdcd-4b44-9ed3-90a502ea29ad.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6b50df-cdcd-4b44-9ed3-90a502ea29ad.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 239262b6ab17cb19414c35cd4f761092
48eddcf9838e980e67cc8f9cbb05b475df2f0331
cd27cbce632d769288d9c33c5c8e887ba02df5677f10f7a6d03139b590ba24b4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6b50df-cdcd-4b44-9ed3-90a502ea29ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9815
x-amzn-requestid: 89243e57-94eb-4c6b-903f-aa01df030ecc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUIxnEAjoAMF_Ig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e54d6-199403e2695b214711f5117f;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:36:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PWOeca9JRnIgEymeLVyqTBucBJ0j6OS9Rmqwd4CcAKixqo0zvb452w==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:48:14 GMT
age: 81476
etag: "48eddcf9838e980e67cc8f9cbb05b475df2f0331"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e407da4d97d497925b1ab523fd416787
166741631fb93d109b18dde6d316b3fa3276aa8f
707460c02438da6114e35e0b6569d42c0f3fb747f8cb51002f4d52bedbcffa61
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8485
x-amzn-requestid: a56c9282-2786-4ae7-9fc2-0468bcc820a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_FM1oAMFZ2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-753cc4f121c9b77d22bb82b5;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mfmj40aUc8l5RPk56M-pbqTwhde_HzYcmN5MDrfv-WFPhbpoShWYNw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 22:16:58 GMT
age: 79752
etag: "166741631fb93d109b18dde6d316b3fa3276aa8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
lightequine.com/ass/Sign%20in%20to%20XFINITY_files/omniture_visId.js
192.185.114.174200 OK 43 kB URL HTTP/2 lightequine.com/ass/Sign%20in%20to%20XFINITY_files/omniture_visId.js
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 2836df74ee577ad09a06056b0d602691
081c25289215a02f56a4447c36a753326b86cecb
415ebf7b8c49f71d3fc2a6645b729afb168cce06538780f3db2d2df6484be94c
Analyzer Verdict Alert fortinet Phishing
GET /ass/Sign%20in%20to%20XFINITY_files/omniture_visId.js HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 23:59:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c14088c4ca0d576e087feed41b7f1565
172b23f2ef39b6c3fdebb5441b10a95712206d0a
2699efa811ceac5420f5bd26c35a6f48b51854e29cbce7cbb62efb613db7d6b9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8799
x-amzn-requestid: 1bcdf387-9ad2-449a-861e-3352b1744d23
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUI-0G6vIAMFgbA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e552b-42aa46af6315148106c4fdee;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:37:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: g2mxKK8L5T4YkeD8JqNUuV_KfsIq8ypRMvxhsyzSZSEIP4gDl4zLVQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:41:51 GMT
age: 81859
etag: "172b23f2ef39b6c3fdebb5441b10a95712206d0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.7336843618067417&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
213.19.162.31200 OK 147 B URL HTTP/1.1 vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.7336843618067417&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
IP 213.19.162.31:0
Hash 9441d4459f9bdf15aad152e66fc88643
e97b5816d440de61a5d5a7f47bb921cec240580b
9983e07b9631af361911c4abfcddf64df4a51003d916415dfab1e19c9cd16749
GET /a/11648/36314/150582-15.js?tk_vps=2&&cb=0.7336843618067417&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15 HTTP/1.1
Host: vast.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lightequine.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.4
Date: Mon, 12 Sep 2022 20:26:10 GMT
Content-Type: text/javascript
Content-Length: 147
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Pragma: no-cache
Vary: Accept-Encoding
Set-Cookie: khaos=L7Z7TGTW-1V-JDYS; Domain=.rubiconproject.com; Path=/; Expires=Tue, 12-Sep-2023 20:26:10 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qo9ODRAH1ca2u9DtVM30fCgDwR+tJIZNx/mhWf2Cf7MF4T9uvL5+Bt7Ij5wYjJQab+AF7qA5WC/AGm0nJS9Ddvq; Domain=.rubiconproject.com; Path=/; Expires=Tue, 12-Sep-2023 20:26:10 GMT; Max-Age=31536000; SameSite=None; Secure
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
optimized-by.rubiconproject.com/a/11648/36314/150582-15.js?&cb=0.7336843618067417&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
3.65.117.255307 Temporary Redirect 0 B URL HTTP/2 optimized-by.rubiconproject.com/a/11648/36314/150582-15.js?&cb=0.7336843618067417&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
IP 3.65.117.255:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a/11648/36314/150582-15.js?&cb=0.7336843618067417&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15 HTTP/1.1
Host: optimized-by.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
date: Mon, 12 Sep 2022 20:26:10 GMT
content-length: 0
location: https://vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.7336843618067417&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-forwarded-for: 91.90.42.154
x-forwarded-proto: https
x-forwarded-port: 443
x-amzn-trace-id: Root=1-631f95e2-652a010d44deafb156a00f84
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
accept: */*
accept-language: en-US,en;q=0.5
referer: https://lightequine.com/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
X-Firefox-Spdy: h2
vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.7336843618067417&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
213.19.162.31200 OK 147 B URL HTTP/1.1 vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.7336843618067417&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
IP 213.19.162.31:0
Hash 9441d4459f9bdf15aad152e66fc88643
e97b5816d440de61a5d5a7f47bb921cec240580b
9983e07b9631af361911c4abfcddf64df4a51003d916415dfab1e19c9cd16749
GET /a/11648/36314/150582-15.js?tk_vps=2&&cb=0.7336843618067417&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15 HTTP/1.1
Host: vast.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lightequine.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.4
Date: Mon, 12 Sep 2022 20:26:10 GMT
Content-Type: text/javascript
Content-Length: 147
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Pragma: no-cache
Vary: Accept-Encoding
Set-Cookie: khaos=L7Z7TGWJ-13-4VKE; Domain=.rubiconproject.com; Path=/; Expires=Tue, 12-Sep-2023 20:26:10 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qoWDI9bH6MOU+9DtVM30fCgDwR+tJIZNx/mhWf2Cf7MF4T9uvL5+Bt7Ij5wYjJQab+AF7qA5WC/AGm0nJS9Ddvq; Domain=.rubiconproject.com; Path=/; Expires=Tue, 12-Sep-2023 20:26:10 GMT; Max-Age=31536000; SameSite=None; Secure
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 952949bec7aa0a3deece8cecd1c777c8
26aa92de78cbc4f4a6a8e2c7c7dbc8d8003d22a9
f2a0922f14d795b44f78bcb930a8913ee8d5e0fcb0d0d2cae0efa3a8edf541fd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4135
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:26:10 GMT
Last-Modified: Mon, 12 Sep 2022 19:17:15 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
pixel.quantserve.com/api/segments.json?a=p-9eJ8k4iSzux46&callback=qc_results&ttl=86400
91.228.74.166200 OK 39 B URL HTTP/2 pixel.quantserve.com/api/segments.json?a=p-9eJ8k4iSzux46&callback=qc_results&ttl=86400
IP 91.228.74.166:0
Hash 9c5453ce3943ebf709c68c4358907916
25c057fa107fca0917c7dca9f432cdce93ce2316
c47bb8af6317ddc64116b9fa30f3d2d46ea6b759789556c003a08fd57c0f6e8a
GET /api/segments.json?a=p-9eJ8k4iSzux46&callback=qc_results&ttl=86400 HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:26:10 GMT
content-type: application/x-javascript
content-length: 39
cache-control: private, no-transform, must-revalidate, max-age=86400
expires: Tue, 13 Sep 2022 20:26:10 GMT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
set-cookie: mc=631f95e2-d9240-9d7e7-c9b82; expires=Fri, 13-Oct-2023 20:26:10 GMT; path=/; domain=.quantserve.com
X-Firefox-Spdy: h2
lightequine.com/ass/Sign%20in%20to%20XFINITY_files/ao6eUeuGXQq.htm
192.185.114.174200 OK 17 kB URL HTTP/2 lightequine.com/ass/Sign%20in%20to%20XFINITY_files/ao6eUeuGXQq.htm
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6078), with CRLF line terminators
Hash 9922458cb6254769b56591dbc1dc09fe
9e5e45878fd2024b41bc47dcb59a096fb65bc65d
686657c40c7df232e408c1bb2ee85b6d7bdb256581ecd22686d23bd178befc9a
Analyzer Verdict Alert fortinet Phishing
GET /ass/Sign%20in%20to%20XFINITY_files/ao6eUeuGXQq.htm HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/
Cookie: OX_sd=1; OX_plg=pm
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 23:59:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 16871
content-type: text/html
date: Mon, 12 Sep 2022 20:26:11 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/ass/Sign%20in%20to%20XFINITY_files/dest5.htm
192.185.114.174200 OK 4.2 kB URL HTTP/2 lightequine.com/ass/Sign%20in%20to%20XFINITY_files/dest5.htm
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (581), with CRLF line terminators
Hash bca5675fe990e0cf10ada92892b4469b
fe22bdb21a46264c5d41dd0a032f26cfcd9314bf
ac3af5d86b1b86bed0c272d4bee25d13f4993322fce9906018c299a764365d6b
Analyzer Verdict Alert fortinet Phishing
GET /ass/Sign%20in%20to%20XFINITY_files/dest5.htm HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/
Cookie: OX_sd=1; OX_plg=pm; s_cc=true; s_fid=7F3FFCB9FFA800CC-2B0505252F0B163F; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T; s_sq=%5B%5BB%5D%5D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 23:59:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4199
content-type: text/html
date: Mon, 12 Sep 2022 20:26:11 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/static/images/fb-logo-29.png
192.185.114.174404 Not Found 10 kB URL HTTP/2 lightequine.com/static/images/fb-logo-29.png
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2356), with CRLF, LF line terminators
Hash acd38ea457af77baa5ca132f634b38bc
2c97bc311782f675539ca7f2139aa42d1bfebe3e
8ffcc289eb8ddf5c51bac8049a375b9d56d251276b0adbc4028e73f5fab26942
GET /static/images/fb-logo-29.png HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://lightequine.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
content-length: 10209
content-type: text/html; charset=UTF-8
date: Mon, 12 Sep 2022 20:26:11 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d0b93bf10aa6a1c704f00fe526ad647b
0a19767b3b99aa79469aadc9b88ec5d3df93d442
852466649bb58710c5a9a42d6fcc2ada0d5062ba42351cc503ed2fdd46588e33
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5074
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:26:11 GMT
Last-Modified: Mon, 12 Sep 2022 19:01:37 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
staticxx.facebook.com/connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42
157.240.200.14302 Found 0 B URL HTTP/2 staticxx.facebook.com/connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42
IP 157.240.200.14:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42 HTTP/1.1
Host: staticxx.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.facebook.com/connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 1KqG9cnlbUKELnI/nYa+e/XLKlV8sv/7WOepBWQJcxpaQp444D9P+XsfDYW7fLwOQkyphH0L9SO4/tmnwcHdRA==
content-length: 0
x-fb-trip-id: 1679558926
date: Mon, 12 Sep 2022 20:26:11 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d0b93bf10aa6a1c704f00fe526ad647b
0a19767b3b99aa79469aadc9b88ec5d3df93d442
852466649bb58710c5a9a42d6fcc2ada0d5062ba42351cc503ed2fdd46588e33
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5074
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:26:11 GMT
Last-Modified: Mon, 12 Sep 2022 19:01:37 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 80525994d69aabf96c0d2266f1b7d5ad
15b0eae9b81eda7e048a4b681850fd6d398555a9
521f905a22f7132fa6e74a9aa1551dad9a41e43ab97c34e5f752a1410d36c174
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:26:11 GMT
Server: ECS (amb/6B98)
Content-Length: 471
www.facebook.com/connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42
157.240.200.35404 Not Found 72 B URL HTTP/2 www.facebook.com/connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42
IP 157.240.200.35:0
File type HTML document, ASCII text, with no line terminators
Hash 2556c01148fc3cf811a190ae37345224
644567805749ab3ec4df4a00c82b0a4f8566f25d
f65e4cc023578b2bb3522d09231cd56eb84d209b18d501eeebf8a0b098f7635e
GET /connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lightequine.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: TNX/5StzXjMMhJ9T9yWbcN4wg5tQSBGPhxrFsJGLgsq3z4k3xDxlFZwxpEVXjEtXGbxR2/9YC+EVHn7Nhu2JWg==
content-length: 72
date: Mon, 12 Sep 2022 20:26:11 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
serviceos.comcast.net/b/ss/comcastnetdev/1/H.27.5/s24757354554578?AQB=1&ndh=1&t=12%2F8%2F2022%2020%3A25%3A58%201%200&fid=7F3FFCB9FFA800CC-2B0505252F0B163F&ce=UTF-8&ns=comcast&pageName=sign%20in&g=https%3A%2F%2Flightequine.com%2Fass%2F&cc=USD&ch=sign%20in&events=event11&c1=%2Fass%2F%2F%3Asign%20in&v1=%2Fass%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Fass%2F&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&AQE=1
15.236.176.210302 Found 0 B URL HTTP/2 serviceos.comcast.net/b/ss/comcastnetdev/1/H.27.5/s24757354554578?AQB=1&ndh=1&t=12%2F8%2F2022%2020%3A25%3A58%201%200&fid=7F3FFCB9FFA800CC-2B0505252F0B163F&ce=UTF-8&ns=comcast&pageName=sign%20in&g=https%3A%2F%2Flightequine.com%2Fass%2F&cc=USD&ch=sign%20in&events=event11&c1=%2Fass%2F%2F%3Asign%20in&v1=%2Fass%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Fass%2F&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&AQE=1
IP 15.236.176.210:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/ss/comcastnetdev/1/H.27.5/s24757354554578?AQB=1&ndh=1&t=12%2F8%2F2022%2020%3A25%3A58%201%200&fid=7F3FFCB9FFA800CC-2B0505252F0B163F&ce=UTF-8&ns=comcast&pageName=sign%20in&g=https%3A%2F%2Flightequine.com%2Fass%2F&cc=USD&ch=sign%20in&events=event11&c1=%2Fass%2F%2F%3Asign%20in&v1=%2Fass%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Fass%2F&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&AQE=1 HTTP/1.1
Host: serviceos.comcast.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
access-control-allow-origin: *
vary: Origin
date: Mon, 12 Sep 2022 20:26:11 GMT
content-type: text/plain;charset=utf-8
expires: Sun, 11 Sep 2022 20:26:11 GMT
last-modified: Tue, 13 Sep 2022 20:26:11 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|318FCAF1C4D2050B-600019DDA0007D05[CE]; Path=/; Domain=comcast.net; Max-Age=63072000; Expires=Wed, 11 Sep 2024 20:26:26 GMT;
location: https://serviceos.comcast.net/b/ss/comcastnetdev/1/H.27.5/s24757354554578?AQB=1&pccr=true&vidn=318FCAF1C4D2050B-600019DDA0007D05&ndh=1&t=12%2F8%2F2022%2020%3A25%3A58%201%200&fid=7F3FFCB9FFA800CC-2B0505252F0B163F&ce=UTF-8&ns=comcast&pageName=sign%20in&g=https%3A%2F%2Flightequine.com%2Fass%2F&cc=USD&ch=sign%20in&events=event11&c1=%2Fass%2F%2F%3Asign%20in&v1=%2Fass%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Fass%2F&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&AQE=1
content-length: 0
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
serviceos.comcast.net/b/ss/comcastnetdev/1/H.27.5/s24757354554578?AQB=1&pccr=true&vidn=318FCAF1C4D2050B-600019DDA0007D05&ndh=1&t=12%2F8%2F2022%2020%3A25%3A58%201%200&fid=7F3FFCB9FFA800CC-2B0505252F0B163F&ce=UTF-8&ns=comcast&pageName=sign%20in&g=https%3A%2F%2Flightequine.com%2Fass%2F&cc=USD&ch=sign%20in&events=event11&c1=%2Fass%2F%2F%3Asign%20in&v1=%2Fass%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Fass%2F&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&AQE=1
15.236.176.210200 OK 43 B URL HTTP/2 serviceos.comcast.net/b/ss/comcastnetdev/1/H.27.5/s24757354554578?AQB=1&pccr=true&vidn=318FCAF1C4D2050B-600019DDA0007D05&ndh=1&t=12%2F8%2F2022%2020%3A25%3A58%201%200&fid=7F3FFCB9FFA800CC-2B0505252F0B163F&ce=UTF-8&ns=comcast&pageName=sign%20in&g=https%3A%2F%2Flightequine.com%2Fass%2F&cc=USD&ch=sign%20in&events=event11&c1=%2Fass%2F%2F%3Asign%20in&v1=%2Fass%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Fass%2F&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&AQE=1
IP 15.236.176.210:0
File type GIF image data, version 89a, 2 x 2\012- data
Hash ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
GET /b/ss/comcastnetdev/1/H.27.5/s24757354554578?AQB=1&pccr=true&vidn=318FCAF1C4D2050B-600019DDA0007D05&ndh=1&t=12%2F8%2F2022%2020%3A25%3A58%201%200&fid=7F3FFCB9FFA800CC-2B0505252F0B163F&ce=UTF-8&ns=comcast&pageName=sign%20in&g=https%3A%2F%2Flightequine.com%2Fass%2F&cc=USD&ch=sign%20in&events=event11&c1=%2Fass%2F%2F%3Asign%20in&v1=%2Fass%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Fass%2F&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&AQE=1 HTTP/1.1
Host: serviceos.comcast.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lightequine.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
date: Mon, 12 Sep 2022 20:26:11 GMT
expires: Sun, 11 Sep 2022 20:26:11 GMT
last-modified: Tue, 13 Sep 2022 20:26:11 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|318FCAF1EE4E4D57-40000E892003A821[CE]; Path=/; Domain=comcast.net; Max-Age=63072000; Expires=Wed, 11 Sep 2024 20:26:26 GMT;
etag: 3571296169962110976-4619759221746149408
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-Medium.ttf
192.185.114.174404 Not Found 10 kB URL HTTP/2 lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-Medium.ttf
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2356), with CRLF, LF line terminators
Hash acd38ea457af77baa5ca132f634b38bc
2c97bc311782f675539ca7f2139aa42d1bfebe3e
8ffcc289eb8ddf5c51bac8049a375b9d56d251276b0adbc4028e73f5fab26942
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Medium.ttf HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm; s_cc=true; s_fid=7F3FFCB9FFA800CC-2B0505252F0B163F; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T; s_sq=%5B%5BB%5D%5D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://lightequine.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
content-length: 10209
content-type: text/html; charset=UTF-8
date: Mon, 12 Sep 2022 20:26:11 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-Light.ttf
192.185.114.174404 Not Found 10 kB URL HTTP/2 lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-Light.ttf
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2356), with CRLF, LF line terminators
Hash acd38ea457af77baa5ca132f634b38bc
2c97bc311782f675539ca7f2139aa42d1bfebe3e
8ffcc289eb8ddf5c51bac8049a375b9d56d251276b0adbc4028e73f5fab26942
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Light.ttf HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm; s_cc=true; s_fid=7F3FFCB9FFA800CC-2B0505252F0B163F; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T; s_sq=%5B%5BB%5D%5D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://lightequine.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
content-length: 10209
content-type: text/html; charset=UTF-8
date: Mon, 12 Sep 2022 20:26:11 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-Thin.ttf
192.185.114.174404 Not Found 10 kB URL HTTP/2 lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-Thin.ttf
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2356), with CRLF, LF line terminators
Hash acd38ea457af77baa5ca132f634b38bc
2c97bc311782f675539ca7f2139aa42d1bfebe3e
8ffcc289eb8ddf5c51bac8049a375b9d56d251276b0adbc4028e73f5fab26942
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Thin.ttf HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm; s_cc=true; s_fid=7F3FFCB9FFA800CC-2B0505252F0B163F; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T; s_sq=%5B%5BB%5D%5D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://lightequine.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
content-length: 10209
content-type: text/html; charset=UTF-8
date: Mon, 12 Sep 2022 20:26:11 GMT
server: Apache
X-Firefox-Spdy: h2
secure-assets.rubiconproject.com/static/psa/blank/1x1.png
2.21.206.244200 OK 155 B URL HTTP/2 secure-assets.rubiconproject.com/static/psa/blank/1x1.png
IP 2.21.206.244:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 0fed6b76619acefb38a43867d5fbbd65
b4881fe00376089907ce39fb43398fe2b9d55b8a
172f8ce100094feaee2d292f56c5a847b0a89852a43e79ef7743d28d06dec7d7
GET /static/psa/blank/1x1.png HTTP/1.1
Host: secure-assets.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Tue, 01 Oct 2019 16:53:58 GMT
accept-ranges: bytes
content-type: image/png
content-encoding: gzip
unused62: 8096267
content-length: 155
date: Mon, 12 Sep 2022 20:26:11 GMT
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash ee5e64cce395a094979d3195e29a1bad
0eddd70ca13199edd92d4c1c3d7b2dab0f746cc7
a29c29cd5fe1b5e142af5040576d0525329ec8b79d4b73b6cda3c7a20bf7bfb4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 397
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:26:11 GMT
Last-Modified: Mon, 12 Sep 2022 20:19:34 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 6cbfc75c7a684a8b0cef0bc88f6e795c
4c33ed043d054990d2a368cc15f05877631a832b
13ebd6d7fc8762407b3fd44f85aef14d984e33925be02e030bc4ba55cab95bc4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5956
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:26:11 GMT
Last-Modified: Mon, 12 Sep 2022 18:46:55 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 6cbfc75c7a684a8b0cef0bc88f6e795c
4c33ed043d054990d2a368cc15f05877631a832b
13ebd6d7fc8762407b3fd44f85aef14d984e33925be02e030bc4ba55cab95bc4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1771
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:26:11 GMT
Last-Modified: Mon, 12 Sep 2022 19:56:40 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
rtax.criteo.com/delivery/rta/rta.js?netId=2528&cookieName=crtg_comcast&rnd=84318716519&varName=crtg_content
178.250.0.166204 No Content 0 B URL HTTP/2 rtax.criteo.com/delivery/rta/rta.js?netId=2528&cookieName=crtg_comcast&rnd=84318716519&varName=crtg_content
IP 178.250.0.166:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /delivery/rta/rta.js?netId=2528&cookieName=crtg_comcast&rnd=84318716519&varName=crtg_content HTTP/1.1
Host: rtax.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.20.1
date: Mon, 12 Sep 2022 20:26:11 GMT
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
dpm.demdex.net/id?d_visid_ver=1.5.6&d_rtbd=json&d_ver=2&d_orgid=723C39F756ABCD0B7F000101%40AdobeOrg&d_nsid=0&d_mid=92200193193597678208487440612643043805&d_cb=s_c_il%5B0%5D._setMarketingCloudFields
54.154.199.204200 OK 684 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=1.5.6&d_rtbd=json&d_ver=2&d_orgid=723C39F756ABCD0B7F000101%40AdobeOrg&d_nsid=0&d_mid=92200193193597678208487440612643043805&d_cb=s_c_il%5B0%5D._setMarketingCloudFields
IP 54.154.199.204:0
File type ASCII text, with very long lines (1651), with no line terminators
Hash 422d7257a4239a129a9b33b603eb42d6
30bdfeed274c078969ea053edda229a6b0ae75ce
ac9306ed70ecbeaff89cd1de658c19521ffb02627b4ec81778dc68d5b1a59fc9
GET /id?d_visid_ver=1.5.6&d_rtbd=json&d_ver=2&d_orgid=723C39F756ABCD0B7F000101%40AdobeOrg&d_nsid=0&d_mid=92200193193597678208487440612643043805&d_cb=s_c_il%5B0%5D._setMarketingCloudFields HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/javascript;charset=utf-8
DCS: dcs-prod-irl1-2-v039-096107272.edge-irl1.demdex.com 3 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=91870272138606611698449742938293967712; Max-Age=15552000; Expires=Sat, 11 Mar 2023 20:26:11 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: SWeCjJMYTWU=
Content-Length: 684
Connection: keep-alive
dpm.demdex.net/id?d_visid_ver=1.5.6&d_rtbd=json&d_ver=2&d_orgid=723C39F756ABCD0B7F000101%40AdobeOrg&d_nsid=0&d_cb=s_c_il%5B0%5D._setMarketingCloudFields
54.154.199.204200 OK 692 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=1.5.6&d_rtbd=json&d_ver=2&d_orgid=723C39F756ABCD0B7F000101%40AdobeOrg&d_nsid=0&d_cb=s_c_il%5B0%5D._setMarketingCloudFields
IP 54.154.199.204:0
File type ASCII text, with very long lines (1656), with no line terminators
Hash c3ec203f1fe975606e8b285c5f8791bc
fd4a9fb84fb8767bc48ddee89b8b66a0dfb90948
6cd34d158f30a56ec008d4bc28fe04068a8d7717a1c1c66581d34a4d8567c5ee
GET /id?d_visid_ver=1.5.6&d_rtbd=json&d_ver=2&d_orgid=723C39F756ABCD0B7F000101%40AdobeOrg&d_nsid=0&d_cb=s_c_il%5B0%5D._setMarketingCloudFields HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/javascript;charset=utf-8
DCS: dcs-prod-irl1-1-v039-0df1ffea5.edge-irl1.demdex.com 9 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=07666851310095103551052741451714490410; Max-Age=15552000; Expires=Sat, 11 Mar 2023 20:26:11 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: rpwPEhK2T8k=
Content-Length: 692
Connection: keep-alive
comcastathena.demdex.net/event?d_mid=92200193193597678208487440612643043805&d_nsid=1&d_ld=_ts%3D1663014358806&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_1_1663014358806&c_pageName=sign%20in&c_channel=sign%20in&c_events=event11&c_prop1=%2Fass%2F%2F%3Asign%20in&c_eVar1=%2Fass%2F%2F%3Asign%20in&c_prop4=sign%20in&c_prop7=my-xfinity&c_eVar7=my-xfinity&c_prop23=large&c_prop31=comcast&c_eVar31=sign%20in&c_prop32=cim&c_eVar32=cim&c_prop33=comcast%20net&c_eVar33=comcast%20net&c_prop34=comcast%20net%3Asign%20in&c_prop35=authentication&c_eVar35=authentication&c_prop36=site%3Ahome&c_eVar36=site%3Ahome&c_eVar41=large&c_prop44=anonymous%3Asign%20in&c_eVar47=anonymous&c_hier1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&c_hier2=%2Fass%2F
52.213.133.86200 OK 151 B URL HTTP/1.1 comcastathena.demdex.net/event?d_mid=92200193193597678208487440612643043805&d_nsid=1&d_ld=_ts%3D1663014358806&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_1_1663014358806&c_pageName=sign%20in&c_channel=sign%20in&c_events=event11&c_prop1=%2Fass%2F%2F%3Asign%20in&c_eVar1=%2Fass%2F%2F%3Asign%20in&c_prop4=sign%20in&c_prop7=my-xfinity&c_eVar7=my-xfinity&c_prop23=large&c_prop31=comcast&c_eVar31=sign%20in&c_prop32=cim&c_eVar32=cim&c_prop33=comcast%20net&c_eVar33=comcast%20net&c_prop34=comcast%20net%3Asign%20in&c_prop35=authentication&c_eVar35=authentication&c_prop36=site%3Ahome&c_eVar36=site%3Ahome&c_eVar41=large&c_prop44=anonymous%3Asign%20in&c_eVar47=anonymous&c_hier1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&c_hier2=%2Fass%2F
IP 52.213.133.86:0
File type ASCII text, with no line terminators
Hash bfd8586031b1fb4663640582536054e5
f5ba1e709c7527f3e36127217825f0a2eb1f6e54
90d3229c7f98befb8b8fe6b3a33e5e4938d4620c87e6011925fb81c39c5c3a5a
GET /event?d_mid=92200193193597678208487440612643043805&d_nsid=1&d_ld=_ts%3D1663014358806&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_1_1663014358806&c_pageName=sign%20in&c_channel=sign%20in&c_events=event11&c_prop1=%2Fass%2F%2F%3Asign%20in&c_eVar1=%2Fass%2F%2F%3Asign%20in&c_prop4=sign%20in&c_prop7=my-xfinity&c_eVar7=my-xfinity&c_prop23=large&c_prop31=comcast&c_eVar31=sign%20in&c_prop32=cim&c_eVar32=cim&c_prop33=comcast%20net&c_eVar33=comcast%20net&c_prop34=comcast%20net%3Asign%20in&c_prop35=authentication&c_eVar35=authentication&c_prop36=site%3Ahome&c_eVar36=site%3Ahome&c_eVar41=large&c_prop44=anonymous%3Asign%20in&c_eVar47=anonymous&c_hier1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&c_hier2=%2Fass%2F HTTP/1.1
Host: comcastathena.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/javascript;charset=utf-8
DCS: dcs-prod-irl1-1-v039-0d94e4dd0.edge-irl1.demdex.com 5 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=91870272138606611698449742938293967712; Max-Age=15552000; Expires=Sat, 11 Mar 2023 20:26:12 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: vVCb3PL/Ti0=
Content-Length: 151
Connection: keep-alive
ocsp.comodoca.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash c590e0436eebf482df9b649b4bfda70b
001ce29a12a682f75adb12cb22ac3175d603ff6e
8ac971681c41237845a28a0d89455c5ee2e4ea4b158f58947e3fb801314c4cab
POST / HTTP/1.1
Host: ocsp.comodoca.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 12 Sep 2022 20:26:12 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 15:17:21 GMT
Expires: Thu, 15 Sep 2022 15:17:20 GMT
Etag: "001ce29a12a682f75adb12cb22ac3175d603ff6e"
Cache-Control: max-age=597759,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 749b6075ee191c12-OSL
lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff
192.185.114.174404 Not Found 31 kB URL HTTP/2 lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash be838467fef1eeb8c256734fc8f363d2
e9b2c84b4b300fd199aa3a9dca6063cacab0503e
52f95bae960e352cb32727790fef072481de7e78ea018be7c85ee28610e762a1
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://lightequine.com/ass/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm; s_cc=true; s_fid=7F3FFCB9FFA800CC-2B0505252F0B163F; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T; s_sq=%5B%5BB%5D%5D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://lightequine.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Mon, 12 Sep 2022 20:26:11 GMT
server: Apache
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36ab1cf7-da3f-4bea-abd5-3f9da5a18c29.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36ab1cf7-da3f-4bea-abd5-3f9da5a18c29.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash beca122055c554548ca6ef68a66a4e2e
cf5ec3650282d05c082eb0534f1b70a59f9f4bbe
a9cf7ef5dfb6a58c66bc29b2a280c2253e56a28ce317d8271273ddae2008d9d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36ab1cf7-da3f-4bea-abd5-3f9da5a18c29.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9126
x-amzn-requestid: 86fd10d3-f2bb-4191-93b0-3a416000fd68
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUJHeGMqoAMFnwA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e5562-1f8b12e10d7212353f050f3f;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:38:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: WcMMN48JT7YRvUBGR6oAes5EwusRcdgrWT60xJffsOfsbkJ4_XyALg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:41:51 GMT
age: 81866
etag: "cf5ec3650282d05c082eb0534f1b70a59f9f4bbe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
lightequine.com/ass/Sign%20in%20to%20XFINITY_files/jquery-1.js
192.185.114.174200 OK 0 B URL HTTP/2 lightequine.com/ass/Sign%20in%20to%20XFINITY_files/jquery-1.js
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /ass/Sign%20in%20to%20XFINITY_files/jquery-1.js HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 23:59:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.woff
192.185.114.174404 Not Found 0 B URL HTTP/2 lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.woff
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.woff HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://lightequine.com/ass/Sign%20in%20to%20XFINITY_files/styles-light.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://lightequine.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/ass/Sign%20in%20to%20XFINITY_files/moatad_002.js
192.185.114.174200 OK 0 B URL HTTP/2 lightequine.com/ass/Sign%20in%20to%20XFINITY_files/moatad_002.js
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /ass/Sign%20in%20to%20XFINITY_files/moatad_002.js HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 23:59:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/ass/Sign%20in%20to%20XFINITY_files/styles-light.css
192.185.114.174200 OK 0 B URL HTTP/2 lightequine.com/ass/Sign%20in%20to%20XFINITY_files/styles-light.css
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
GET /ass/Sign%20in%20to%20XFINITY_files/styles-light.css HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 23:59:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-Light.woff2
192.185.114.174404 Not Found 0 B URL HTTP/2 lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-Light.woff2
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Light.woff2 HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://lightequine.com/ass/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://lightequine.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Mon, 12 Sep 2022 20:26:11 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/ass/Sign%20in%20to%20XFINITY_files/all.js
192.185.114.174200 OK 0 B URL HTTP/2 lightequine.com/ass/Sign%20in%20to%20XFINITY_files/all.js
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /ass/Sign%20in%20to%20XFINITY_files/all.js HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lightequine.com/ass/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 23 Aug 2022 23:59:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Mon, 12 Sep 2022 20:26:09 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-Light.woff
192.185.114.174404 Not Found 0 B URL HTTP/2 lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-Light.woff
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Light.woff HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://lightequine.com/ass/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm; s_cc=true; s_fid=7F3FFCB9FFA800CC-2B0505252F0B163F; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T; s_sq=%5B%5BB%5D%5D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://lightequine.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Mon, 12 Sep 2022 20:26:11 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff2
192.185.114.174404 Not Found 0 B URL HTTP/2 lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff2
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff2 HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://lightequine.com/ass/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://lightequine.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Mon, 12 Sep 2022 20:26:11 GMT
server: Apache
X-Firefox-Spdy: h2
lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-Thin.woff2
192.185.114.174404 Not Found 0 B URL HTTP/2 lightequine.com/static/fonts/Xfinity-Standard/XfinityStandard-Thin.woff2
IP 192.185.114.174:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Thin.woff2 HTTP/1.1
Host: lightequine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://lightequine.com/ass/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://lightequine.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Mon, 12 Sep 2022 20:26:11 GMT
server: Apache
X-Firefox-Spdy: h2