Overview

URLcgltreeservices.com/bossss/?entity=1073444
IP 108.167.141.129 (United States)
ASN#46606 UNIFIEDLAYER-AS-1
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-06 09:59:15 UTC
StatusLoading report..
IDS alerts0
Blocklist alert36
urlquery alerts No alerts detected
Tags None

Domain Summary (27)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
smarttag.rubiconproject.com (1) 10660 No data No data 213.19.162.21
connect.facebook.net (1) 139 2012-05-22 02:51:28 UTC 2020-02-17 13:26:09 UTC 157.240.200.14
login.comcast.net (1) 187724 2012-07-19 18:52:07 UTC 2020-05-01 21:09:25 UTC 76.96.69.84
cgltreeservices.com (41) 0 2021-02-19 03:53:03 UTC 2022-12-05 19:55:07 UTC 108.167.141.129 Unknown ranking
staticxx.facebook.com (3) 13631 2018-06-15 20:48:04 UTC 2020-05-04 07:59:52 UTC 157.240.200.14
ocsp.comodoca.com (1) 1696 2012-05-21 07:01:17 UTC 2021-12-08 16:29:47 UTC 104.18.32.68
ocsp.digicert.com (6) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
z.moatads.com (1) 374 2014-02-11 16:19:47 UTC 2020-02-15 21:59:06 UTC 23.38.201.146
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
serviceo.comcast.net (2) 305710 2012-05-24 13:32:38 UTC 2020-05-03 23:52:14 UTC 13.36.218.177
r3.o.lencr.org (7) 344 No data No data 95.101.11.115
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 34.218.164.174
vast.rubiconproject.com (4) 0 No data No data 213.19.162.31 Domain (rubiconproject.com) ranked at: 4832
pixel.quantserve.com (1) 417 2018-12-15 05:23:00 UTC 2020-04-25 05:46:00 UTC 91.228.74.206
www.facebook.com (1) 99 2012-05-21 00:23:41 UTC 2021-06-08 06:38:51 UTC 31.13.72.36
status.geotrust.com (2) 3662 2018-06-23 22:14:44 UTC 2020-01-21 11:48:52 UTC 93.184.220.29
us-ads.openx.net (1) 433609 2012-06-02 13:26:50 UTC 2022-12-06 03:35:31 UTC 35.244.159.8
optimized-by.rubiconproject.com (4) 3992 2012-07-31 01:02:10 UTC 2020-01-20 00:50:38 UTC 3.74.171.125
dpm.demdex.net (1) 204 2018-07-06 04:53:56 UTC 2020-04-29 23:04:31 UTC 54.170.10.162
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-12-05 04:09:09 UTC 34.102.187.140
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-05 04:09:48 UTC 34.117.237.239
ads.rubiconproject.com (1) 2626 2012-05-30 19:51:38 UTC 2020-04-12 07:33:42 UTC 2.21.206.244
secure-assets.rubiconproject.com (1) 1057 2012-05-30 19:51:39 UTC 2019-04-29 14:08:03 UTC 2.21.206.244
fast.comcastathena.demdex.net (1) 0 No data No data 23.33.119.16 Domain (demdex.net) ranked at: 5815
rtax.criteo.com (1) 24191 2012-05-29 06:45:10 UTC 2020-02-21 18:34:27 UTC 178.250.0.166
comcastathena.demdex.net (1) 38236 2018-06-13 18:02:53 UTC 2018-07-05 22:46:05 UTC 54.72.53.159

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-12-05 2 cgltreeservices.com/bossss/?entity=1073444 Comcast Corporation

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-06 2 cgltreeservices.com/bossss/?entity=1073444 Phishing
2022-12-06 2 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/data.json Phishing
2022-12-06 2 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/1203273213x32.js Phishing
2022-12-06 2 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/11648.js Phishing
2022-12-06 2 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/150582-15.js Phishing
2022-12-06 2 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/150582-10.js Phishing
2022-12-06 2 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/1647526060x32.js Phishing
2022-12-06 2 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/scripts-responsive.js Phishing
2022-12-06 2 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/asc.txt Phishing
2022-12-06 2 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/moatad_002.js Phishing
2022-12-06 2 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/event Phishing
2022-12-06 2 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/moatad.js Phishing
2022-12-06 2 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/comcastVisIDAthena.js Phishing
2022-12-06 2 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/omniture_visId.js Phishing
2022-12-06 2 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/rta.js Phishing
2022-12-06 2 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/all.js Phishing
2022-12-06 2 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/segments.js Phishing
2022-12-06 2 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Regular.woff2 Phishing
2022-12-06 2 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-ExtraLigh (...) Phishing
2022-12-06 2 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Regular.woff Phishing
2022-12-06 2 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-ExtraLigh (...) Phishing
2022-12-06 2 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Regular.ttf Phishing
2022-12-06 2 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.ttf Phishing
2022-12-06 2 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff2 Phishing
2022-12-06 2 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Light.woff2 Phishing
2022-12-06 2 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Thin.woff2 Phishing
2022-12-06 2 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/ao6eUeuGXQq.htm Phishing
2022-12-06 2 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/dest5.htm Phishing
2022-12-06 2 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff Phishing
2022-12-06 2 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Light.woff Phishing
2022-12-06 2 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Thin.woff Phishing
2022-12-06 2 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Medium.ttf Phishing
2022-12-06 2 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Light.ttf Phishing
2022-12-06 2 cgltreeservices.com/static/fonts/Xfinity-Standard/XfinityStandard-Thin.ttf Phishing
2022-12-06 2 cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/jquery-1.js Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 108.167.141.129
Date UQ / IDS / BL URL IP
2023-01-28 18:15:14 +0000 0 - 0 - 34 cgltreeservices.com/comsx/?entity=1073444 108.167.141.129
2023-01-08 11:13:57 +0000 0 - 0 - 2 ptcruz.com/ 108.167.141.129
2023-01-07 05:29:34 +0000 0 - 0 - 37 cgltreeservices.com/comsx 108.167.141.129
2023-01-06 07:50:31 +0000 0 - 0 - 34 cgltreeservices.com/comsx/?entity=1073444 108.167.141.129
2022-12-08 18:35:26 +0000 0 - 0 - 71 cgltreeservices.com/comsx/?entity=1073444 108.167.141.129


Last 5 reports on ASN: UNIFIEDLAYER-AS-1
Date UQ / IDS / BL URL IP
2023-02-05 07:13:15 +0000 0 - 0 - 2 mail.estartupchallenge-egabon.org/web/Jorange (...) 108.179.242.163
2023-02-05 06:59:28 +0000 0 - 5 - 0 gaydiscounts.net/__media__/js/netsoltrademark (...) 192.254.225.222
2023-02-05 06:58:57 +0000 4 - 0 - 3 www.spottherare.com/vendor/Spotify/Dashboard/ (...) 162.240.0.136
2023-02-05 06:52:52 +0000 0 - 30 - 0 avyvliyh4.tk/ 142.4.5.138
2023-02-05 06:46:05 +0000 0 - 0 - 3 americansuniteagainstfracking.com/ 69.49.244.168


Last 5 reports on domain: cgltreeservices.com
Date UQ / IDS / BL URL IP
2023-01-28 18:15:14 +0000 0 - 0 - 34 cgltreeservices.com/comsx/?entity=1073444 108.167.141.129
2023-01-07 05:29:34 +0000 0 - 0 - 37 cgltreeservices.com/comsx 108.167.141.129
2023-01-06 07:50:31 +0000 0 - 0 - 34 cgltreeservices.com/comsx/?entity=1073444 108.167.141.129
2022-12-08 18:35:26 +0000 0 - 0 - 71 cgltreeservices.com/comsx/?entity=1073444 108.167.141.129
2022-12-06 12:45:51 +0000 0 - 0 - 36 cgltreeservices.com/bossss/?entity=1073444 108.167.141.129


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-02-04 17:13:30 +0000 0 - 1 - 0 pkg-store.dl.mail.ru/packages/shop/0_2016753d (...) 188.93.63.73
2023-02-04 17:13:18 +0000 0 - 1 - 0 pkg-store.dl.mail.ru/packages/shop/0_2016753d (...) 188.93.63.73
2023-02-04 17:05:54 +0000 0 - 2 - 0 lrxdmhrr.biz/rugcgombisejfom 169.50.13.61
2023-02-04 17:05:29 +0000 0 - 1 - 0 pkg-store.dl.mail.ru/packages/shop/0_2017195d (...) 188.93.63.73
2023-02-04 17:00:27 +0000 0 - 1 - 0 pkg-store.dl.mail.ru/packages/shop/0_2015872d (...) 188.93.63.73

JavaScript

Executed Scripts (57)

Executed Evals (2)
#1 JavaScript::Eval (size: 50) - SHA256: 9fda12704d141686ffade43cfc0269f3533ed4cbbdbda7ad8d37bf9e80391f9a
(function(win) {
    win['Moat#EVA'] = true;
})(window)
#2 JavaScript::Eval (size: 1972) - SHA256: 8f14c536fdc78829b38cb06804c824b03b814a2990121cc0e259eb1c1dad9749
(function h(b, c) {
    function f(b) {
        return function() {
            try {
                b.sending && (g = b.sending = !1, k = 0, h())
            } catch (c) {}
        }
    }

    function h(b, d, e, l) {
        if (b) {
            d = {
                qs: b,
                jsd: d,
                fld: e,
                jso: l
            };
            if (0 === b.indexOf("e=21&")) {
                r(d, !0);
                return
            }
            t.push(d)
        }
        if (0 === k && 0 < t.length)
            if (k++, b = t.shift(), b.sending = !0, b.uid = c.Math.floor(1E10 * c.Math.random()), b.timeoutId = setTimeout(f(b), 2E3), w[b.uid] = b, b.fld && !b.jso && g && u && u.sendMessage) try {
                u.sendMessage(b)
            } catch (m) {
                g = !1, r(b)
            } else r(b)
    }

    function d() {
        try {
            return new l(1, 1)
        } catch (b) {
            var c = window.document.createElement("img");
            c.height = 1;
            c.width = 1;
            return c
        }
    }

    function r(b, c) {
        var e = d();
        e.toSend =
            b;
        c || (e.onerror = function() {
            var b = this.toSend;
            b.failedAttempts = "number" == typeof b.failedAttempts ? b.failedAttempts + 1 : 0;
            var c = (b.jsd + "/pixel.gif?" + b.qs).length;
            1 > b.failedAttempts ? r(b) : z && c > A && q(b)
        }, e.onload = function() {
            q(this.toSend)
        });
        e.src = b.jsd + "/pixel.gif?" + b.qs
    }

    function q(b) {
        var c = b && b.uid && w && w[b.uid];
        if (b && b.qs && "tracer=" == b.qs) return !1;
        if (c) {
            w[b.uid] = null;
            try {
                delete w[b.uid]
            } catch (d) {}
            try {
                clearTimeout(c.timeoutId)
            } catch (d) {}
            if ("boolean" != typeof c.sending || c.sending) c.sending = !1;
            else return !1
        }
        0 <
            k && k--;
        h()
    }
    var t = [],
        k = 0,
        u = !1,
        g = !1,
        l, n = c[b],
        v = c.Math.floor(1E10 * c.Math.random()),
        w = {};
    n.yh = {};
    n = n.yh;
    l = c.Image;
    n.yi = function(b, c, d, e) {
        h(b, c, d, e)
    };
    n.yk = function(c, d) {
        u = !0;
        var f = b + ".yh.",
            g = {};
        g.src = "https:" === d ? "https://z.moatads.com/swf/MessageSenderV4.swf" : "http://z.moatads.com/swf/MessageSenderV4.swf";
        g.flashVars = "r=" + f + "zb&s=" + f + "zc&e=" + f + "zd&td=" + c;
        return g
    };
    n.yj = function() {
        return !1 === u
    };
    n.xq = function() {
        return v
    };
    n.zb = function() {
        try {
            if (!0 === u) {
                var b = c.document.getElementById("moatMessageSender" +
                    v);
                b && !b.sendMessage && (b = c.document.getElementById("moatMessageSenderEmbed" + v));
                b && b.sendMessage && (g = !0, u = b)
            }
        } catch (d) {}
    };
    n.zc = function(b) {
        try {
            q(b)
        } catch (c) {}
    };
    n.zd = function(b) {
        try {
            g = !1, b && b.jsd && t.push(b), q(b)
        } catch (c) {}
    };
    var y, z, A = 2083;
    try {
        y = document.createElement("div"), y.innerHTML = "\x3c!--[if IE 8]>x<![endif]--\x3e", z = "x" === y.innerHTML
    } catch (J) {
        z = !1
    }
})('MoatSuperV24', window)

Executed Writes (52)
#1 JavaScript::Write (size: 28) - SHA256: b03a9cc712628555461e789056014f0278ad2cd7c767bae0a40d1e9b3a93372d
https: //us-ads.openx.net/...
#2 JavaScript::Write (size: 8) - SHA256: e96725072752f5da3641f73d04526eb67ca33e7397297631da463fc5a5ccf106
 * / -->
#3 JavaScript::Write (size: 39) - SHA256: 97e88b2f6433ef546c362c8154d9be54beee35e54731fcab526523bd374e5210
OX_ads.push({
    "auid": "538020939"
});
#4 JavaScript::Write (size: 275) - SHA256: 23bf1753b0de1bb2f7b24f87a93aa989712f9a430ed50ac0a96c66e01dc21336
       < noscript class = "MOAT-comcastapn56341864860?moatClientLevel1=OpenX&amp;moatClientLevel2=Comcast/OpenX_201507_SIG_300_NATL&amp;moatClientLevel3=300x250_RM_OpenX_SI_09222015&amp;moatClientSlicer1=x32&amp;moatClientSlicer2=comcast.net/login_secure/notve/L30" > < /noscript>
#5 JavaScript::Write (size: 273) - SHA256: b38a98f8d38a159caf4b79a332f7cfd4623d8d81da59a10d10d48e7b16ac8170
< script type = "text/javascript"
src = "//oascentral.comcast.net/RealMedia/ads/adstream_jx.ads/comcast.net/login_secure/notve/1754291762@x32?target=normal&_OAS_GEO_OVERRIDE_=US:UNKNOWN&am=NONE&qsg=D&vidaud=2608&vidaud=1953&vidaud=1986&&theme=light&max-size=fullpage" > < /script>
#6 JavaScript::Write (size: 6) - SHA256: 72a2f9a731af9047b27b0a7db7269c948182f3b1e44b04e5ca1088f3ce269f33
 * to
#7 JavaScript::Write (size: 1) - SHA256: a318c24216defe206feeb73ef5be00033fa9c4a74d0b967f6532a26ca5906d3b
+
#8 JavaScript::Write (size: 3) - SHA256: 49967ec1ed3836f8eb17aff172b5bfef7de60485a439c6ca11c591e1755739ae
);
#9 JavaScript::Write (size: 382) - SHA256: a0672f450acfa14c081cbca5d92a8dba13344217dc82bc1a03b04cd8340eb563
< noscript > < iframe id = "3a83dd2fe3"
name = "3a83dd2fe3"
src = "https://us-ads.openx.net/w/1.0/afr?auid=538020939&cb=2122866929"
frameborder = "0"
scrolling = "no"
width = "300"
height = "600" > < a href = "https://us-ads.openx.net/w/1.0/rc?cs=3a83dd2fe3&cb=2122866929" > < img src = "https://us-ads.openx.net/w/1.0/ai?auid=538020939&cs=3a83dd2fe3&cb=2122866929"
border = "0"
alt = "" > < /a></iframe > < /noscript>
#10 JavaScript::Write (size: 66) - SHA256: bf1cb87d7f117da26bb818eadef3c7d21e04b7e4d265e4e069d5fce8d8082308
var x32adtag = "Comcast/OpenX_201507_SIG_300_NATL".split("/")[1];
#11 JavaScript::Write (size: 414) - SHA256: 3e4f6e6ac28f392d59d8b0817fd8c55be4d5da18370765e8d5949e4b0a48f69a
< script type = 'text/javascript'
id = 'ox_acj_2630710203'
src = 'https://us-ads.openx.net/w/1.0/acj?ai=b55e6baa-31f7-4f56-8d3c-142852895083&o=2630710203&callback=OX_2630710203&ju=http%3A//cgltreeservices.com/bossss/%3Fentity%3D1073444&jr=&auid=538020939&dims=1152x836&adxy=556%2C69&res=1280x1024x24&plg=pm&ch=UTF-8&tz=0&ws=1152x836&ifr=0&tws=1152x836&vmt=1&sd=1&mt=1'
onerror = 'OX_2630710203_onAdRequestError()' > < /script>
#12 JavaScript::Write (size: 124) - SHA256: b8a55bdf970191f0208873a0cc443759035a6164d338db454b4efbac2a3d4520
< script type = 'text/javascript' > rp_requests = new RubiconAdServing.Requests();
rp_requests.sendRequest('150582-15'); < /script>
#13 JavaScript::Write (size: 1) - SHA256: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
#14 JavaScript::Write (size: 412) - SHA256: 2bde6cf0925cc943ef307f2e72941e4338163fd1882462ecf3d1b1aa962f3a3d
< A HREF = "https://oascentral.comcast.net/RealMedia/ads/click_lx.ads/comcast.net/RubiconSIPassback/L29/949843846/x32/Comcast/CIM_2017_SIG_300_FILLERB/Comcast_Business_300x250-general-2.jpg/4b5657396f31654e4744634142694b53;zip=US:60099?x"
target = "_top" > < IMG SRC = "https://cdn.oas-c18.adnxs.com/RealMedia/ads/Creatives/Comcast/CIM_2017_SIG_300_FILLERB/Comcast_Business_300x250-general-2.jpg"
ALT = ""
BORDER = "0" > < /A>
#15 JavaScript::Write (size: 280) - SHA256: 0bd6b92ab472988f69204700c08cfab7013feeba242295d7bcde697496933cce
       < noscript class = "MOAT-comcastapn56341864860?moatClientLevel1=.CIM_PROMOTION&amp;moatClientLevel2=Comcast/CIM_2017_SIG_300_FILLERB&amp;moatClientLevel3=300x250_IMG_ComastBusiness&amp;moatClientSlicer1=x32&amp;moatClientSlicer2=comcast.net/RubiconSIPassback/L29" > < /noscript>
#16 JavaScript::Write (size: 2375) - SHA256: 32eb4d449d10bd365e9c58716abc30356fbc136ef1439c6d42d582e0a9dfdc3b
<!-- ###### START COMPONENT ad.standard ###### -->
<!-- quantcast logic begins -->
< script type = "text/javascript" >
    quantSegs = '';

function qc_results(result) {
    for (var i = 0; i < result.segments.length; i++) {
        quantSegs += "&qsg=" + result.segments[i].id; //added 
    }
} < /script> < script type = "text/javascript"
src = "https://pixel.quantserve.com/api/segments.json?a=p-9eJ8k4iSzux46&callback=qc_results&ttl=86400" > < /script>
    <!-- quantcast logic ends -->
    < script type = "text/javascript" >
    (function() {
        var unknown_zip = "US:UNKNOWN",
            unknown_cid = "NONE";

        function matchKeys(keys) {
            var re = new RegExp('(?:' + keys.join('|') + ')=(?:\\"|%22)(.*?)(?:\\"|%22)');
            var matches = document.cookie.match(re);
            if (!matches) return null;
            return matches[1];
        }
        var flag_matches = document.cookie.match(/(?:adt_optout_flag)=(true|false)/);
        var optout = (flag_matches && flag_matches[1] == "true");
        window.f_ADTARGET_ZIP = (function() {
            if (optout) return unknown_zip;
            var zip = matchKeys(['adt_zip']);
            if (!zip) return unknown_zip;
            return "US:" + zip;
        })();
        window.f_AM_CID = (function() {
            if (optout) return unknown_cid;
            var cid = matchKeys(['amcid']);
            if (!cid) return unknown_cid;
            cid = unescape(cid);
            return cid.replace(",", "&am=");
        })();
        window.f_ENABLE_ADTARGETING = true;
    })(); < /script>

< script type = "text/javascript" >
    // <![CDATA[
    //document.write((function() {
    //(function() {
    var opts = [];
if (typeof f_ADTARGET_ZIP != 'undefined')
    opts.push('_OAS_GEO_OVERRIDE_=' + f_ADTARGET_ZIP);
if (typeof f_AM_CID != 'undefined')
    opts.push('am=' + f_AM_CID.split(',').join('&am='));
if (typeof quantSegs != 'undefined')
    opts.push(quantSegs.slice(1));
if (location.search.indexOf('AdParam') != -1) {
    opts.push('AdParam=' + location.search.slice(9));
}
OAS_query = opts.join('&');
OAS_rn = new String(Math.random());
OAS_rns = OAS_rn.substring(2, 11);
// ]]>
< /script>
<!-- ###### END COMPONENT ad.standard ###### -->
<!-- anything above this comment could reside in a .js file in the head of each page -->

< script type = "text/javascript" >
    OAS_type = 'jx'; //jx or mjx
OAS_sitepage = 'comcast.net/RubiconSIPassback';
OAS_listpos = 'x32';

document.write('<script type="text/javascript" src=\"https://oascentral.comcast.net/RealMedia/ads/adstream_' + OAS_type + '.ads/' + OAS_sitepage + '/1' + OAS_rns + '@' + OAS_listpos + '?' + OAS_query + '&kw=noloopback_smr\" ></scr' + 'ipt>');

< /script>
#17 JavaScript::Write (size: 4) - SHA256: 58e9d05a64d7c8ddd50c4e2e0bfe41a2d762b454d2fbdac24e5f0ae10e150e7b
< scr
#18 JavaScript::Write (size: 296) - SHA256: 4c428080cb22eb0d79fa3fe70674bbe473add7fe68a71d5cd8de48fe9216fb59
< script src = "https://z.moatads.com/comcastapn56341864860/moatad.js#moatClientLevel1=OpenX&moatClientLevel2=Comcast/OpenX_201507_SIG_300_NATL&moatClientLevel3=300x250_RM_OpenX_SI_09222015&moatClientSlicer1=x32&moatClientSlicer2=comcast.net/login_secure/notve/L30"
type = "text/javascript" > < /script>
#19 JavaScript::Write (size: 3) - SHA256: 34bb1fea2555eac5f1543ab10ac5710d1ccd5ee7c0038af49fe38d503663563d
 *
#20 JavaScript::Write (size: 4) - SHA256: fc5415e0722187f8976c12b444fa25e2bf742b32a8295ddb3eca837d70d0c2b1
/scr
#21 JavaScript::Write (size: 9) - SHA256: cf14a32120c034eafc76d4138166beb8c7a968a3633a0008e74f406dd9d2126d
< script >
#22 JavaScript::Write (size: 79) - SHA256: 52af0e1f9eda55a68da84d3ee99a5d644017b39b5796ec66ac4d2a227ef7f9a5
var adtag_x32 = "camp_" + x32adtag + "_creativeId_300x250_IMG_ComastBusiness";
#23 JavaScript::Write (size: 60) - SHA256: 482b4e182e6d5b1bca2b3c7e57181d8c8c02e627a705beee2fe4be750188ccbc
 * The tag in this template has been generated
 for use on a
#24 JavaScript::Write (size: 60) - SHA256: 074dc062bd376dc8e4b71d25afa96ac513fe5e52d014a42a6f32d7282e130cc3
< script src = "https://us-ads.openx.net/w/1.0/jstag" > < /script>
#25 JavaScript::Write (size: 81) - SHA256: af84a1de668edf37cce9710b63d309c9bbd02c1039542ea0f38efc9d81084212
var adtag_x32 = "camp_" + x32adtag + "_creativeId_300x250_RM_OpenX_SI_09222015";
#26 JavaScript::Write (size: 124) - SHA256: 8761bba21972d65f2e379c4238888816f8235f067bc43d5a2d53f0a454840a94
< script type = 'text/javascript' > rp_requests = new RubiconAdServing.Requests();
rp_requests.sendRequest('150582-10'); < /script>
#27 JavaScript::Write (size: 208) - SHA256: 42acab08304bef2c0b72ec8e379792d0a369bc9e00ba65e1e97522cf041b99b2
< script type = "text/javascript"
src = "http://optimized-by.rubiconproject.com/a/11648/36314/150582-10.js?&cb=0.5477071014438208&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10" > < /script>
#28 JavaScript::Write (size: 2) - SHA256: 75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070
#29 JavaScript::Write (size: 429) - SHA256: 2af4b82f040de50d65367bc357cc9004e5df82e7b1fd90ce67ec5864359553a2
<!--  Begin Rubicon Project Tag -->
<!--  Site: Xfinity - Secure   Zone: Log-In   Size: Medium Rectangle  -->
< script language = "JavaScript"
type = "text/javascript" >
    rp_account = '11648';
rp_site = '36314';
rp_zonesize = '150582-15';
rp_adtype = 'js';
rp_smartfile = '[SMART FILE URL]'; < /script> < script type = "text/javascript"
src = "https://ads.rubiconproject.com/ad/11648.js" > < /script>
    <!--  End Rubicon Project Tag -->
#30 JavaScript::Write (size: 208) - SHA256: c1e7c8afdc94afa394243cb3cae33b600664f260310714052ed2aaf764661429
< script type = "text/javascript"
src = "http://optimized-by.rubiconproject.com/a/11648/36314/150582-15.js?&cb=0.7101548064243212&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15" > < /script>
#31 JavaScript::Write (size: 15) - SHA256: 7cd0e6dd19083e25d38dfb35b2d0cb518903dd6da28631aad368d6a2424726b9
document.write(
#32 JavaScript::Write (size: 215) - SHA256: 765565860addcf56f8fc07bf483d3212c0c13d214532af60bd07be3afc90b9fc
< script type = "text/javascript"
src = "https://oascentral.comcast.net/RealMedia/ads/adstream_jx.ads/comcast.net/RubiconSIPassback/1708954560@x32?_OAS_GEO_OVERRIDE_=US:UNKNOWN&am=NONE&qsg=D&kw=noloopback_smr" > < /script>
#33 JavaScript::Write (size: 5) - SHA256: 0dd4d955accc30fd912938e3f7bbb0325a19550e0b9f37348481204a78ae5b10
try {
#34 JavaScript::Write (size: 11) - SHA256: 742c800c05fd69a5f2237dea34dc68f8c7e67f737212bd98fdba8adc476c667a
catch (e) {}
#35 JavaScript::Write (size: 5) - SHA256: 7879981d4f226a8f0191d36730c07205d7a5ff1c780fca9b2f905f25264cf636
#36 JavaScript::Write (size: 0) - SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
#37 JavaScript::Write (size: 218) - SHA256: 2a4a1c92ddaece66f6d093ee042d358a6b1ab975dd3d9ec889f0b992d753e8eb
< script type = "text/javascript"
src = "https://smarttag.rubiconproject.com/a/11648/36314/150582-15.js?&cb=0.09370195725039776&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15&rp_secure=1" > < /script>
#38 JavaScript::Write (size: 37) - SHA256: df346a80a88198424a2f9e4a04508477b4c2eafc615941707d03989c5513fd8e
if (!window.OX_ads) {
    OX_ads = [];
}
#39 JavaScript::Write (size: 8) - SHA256: 28bfbc1fd4382053eb80d39838ea9c4b19a7e66cf286a3bbdaa2a32dd95f6738
<!-- /*
#40 JavaScript::Write (size: 72) - SHA256: 4d271784f8a0f343c63cc61d13a66c23b95a6b08cc551938a0d33dbd8aae3368
 * non - SSL page.If this tag is to be placed on an SSL page, change the
#41 JavaScript::Write (size: 10) - SHA256: 2f358f0371a6e732c4340332235199dcd91ebc46239a5ddcfe6f9a63e6ebecfe
< /script>
#42 JavaScript::Write (size: 4) - SHA256: 4786fdb4166cd7d10007951f7e085916076b1970b08bb0dc2a5d5d321d7dfe4c
ipt >
#43 JavaScript::Write (size: 2) - SHA256: 412ca345ccf75bf9c0806bce695be8de808b79984251a7a54d202cf6101dd451
}
#44 JavaScript::Write (size: 126) - SHA256: 5b265dea38a156641f5d5dff6586fe6564e5c1d63ec9dd09b7a62118548dc721
< img border = "0"
src = "https://secure-assets.rubiconproject.com/static/psa/blank/1x1.png"
width = "300"
height = "600"
alt = "blank" >
#45 JavaScript::Write (size: 215) - SHA256: bcf55eb27b9985133a2c9701132e8bb4f2a835a7c25b8dc549ef456fe6e7ada5
< script type = "text/javascript"
src = "https://oascentral.comcast.net/RealMedia/ads/adstream_jx.ads/comcast.net/RubiconSIPassback/1923094965@x32?_OAS_GEO_OVERRIDE_=US:UNKNOWN&am=NONE&qsg=D&kw=noloopback_smr" > < /script>
#46 JavaScript::Write (size: 34) - SHA256: 0f96e300ca342d0d9228b07be10ee3a9310aa2ee392b12175f88733505c3132f
<!--/* OpenX JavaScript tag */-->
#47 JavaScript::Write (size: 65) - SHA256: a2769bf687e12cd8c0a6ade33204918b592e434787db8bd8327f7e57350df8cd
var x32adtag = "Comcast/CIM_2017_SIG_300_FILLERB".split("/")[1];
#48 JavaScript::Write (size: 32) - SHA256: 24be741ecfc0488f0e9a9a62af470487470585c046f1940afaaa22ccdb282a84
< script type = "text/javascript" >
#49 JavaScript::Write (size: 49) - SHA256: 17dc4a7702ed84ec8db6d42f7bfe6cfe5145746d8d774e9b50d8b8abacc441f8
ipt src = "https://us-ads.openx.net/w/1.0/jstag" > < \
#50 JavaScript::Write (size: 126) - SHA256: e0994f5bb7ba37f0df4a1e8cf43f488c0d199c5c196f1c3bd1d01a0052da577f
< img border = "0"
src = "https://secure-assets.rubiconproject.com/static/psa/blank/1x1.png"
width = "300"
height = "250"
alt = "blank" >
#51 JavaScript::Write (size: 301) - SHA256: 3b4d6649c419d60f2fc6d239050749a3893b24fc200a2d63e7b9b07a9a20aac9
< script src = "https://z.moatads.com/comcastapn56341864860/moatad.js#moatClientLevel1=.CIM_PROMOTION&moatClientLevel2=Comcast/CIM_2017_SIG_300_FILLERB&moatClientLevel3=300x250_IMG_ComastBusiness&moatClientSlicer1=x32&moatClientSlicer2=comcast.net/RubiconSIPassback/L29"
type = "text/javascript" > < /script>
#52 JavaScript::Write (size: 1) - SHA256: 265fda17a34611b1533d8a281ff680dc5791b0ce0a11c25b35e11c8e75685509
'


HTTP Transactions (94)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4577
Expires: Tue, 06 Dec 2022 11:15:21 GMT
Date: Tue, 06 Dec 2022 09:59:04 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4022
Cache-Control: max-age=92357
Date: Tue, 06 Dec 2022 09:59:04 GMT
Etag: "638dc877-1d7"
Expires: Wed, 07 Dec 2022 11:38:21 GMT
Last-Modified: Mon, 05 Dec 2022 10:31:19 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16362
Expires: Tue, 06 Dec 2022 14:31:46 GMT
Date: Tue, 06 Dec 2022 09:59:04 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 06 Dec 2022 09:20:23 GMT
cache-control: public,max-age=3600
age: 2321
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: TZswYYE/CvnDofIShgUv1S9ECSf5hFLh2Gym7QiHdnlrCfyimtzLxtffDDl9M/AXlKe+HHsHdxo=
x-amz-request-id: 5BH9Y6F75D48N7VC
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 06 Dec 2022 09:47:03 GMT
age: 721
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    53341dea33f4f3d9b4966f80589f429a
Sha1:   20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
Sha256: 651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 06 Dec 2022 09:59:04 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /bossss/?entity=1073444 HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         108.167.141.129
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Tue, 06 Dec 2022 09:59:05 GMT
Server: nginx/1.21.6
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Server-Cache: true
X-Proxy-Cache: HIT
Accept-Ranges: none
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6168)
Size:   12476
Md5:    c3efe83741a31102819cb5bfbc70a164
Sha1:   f175bc04b9c902e4ad394955aeaec1a6947672d3
Sha256: 393e784229e9e51ee9a0deabe8213c6407e1cbc146cc35b2c46ee36458c38786

Alerts:
  Blocklists:
    - openphish: Comcast Corporation
    - fortinet: Phishing
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 06 Dec 2022 09:11:20 GMT
cache-control: public,max-age=3600
age: 2864
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /bossss/Sign%20in%20to%20XFINITY_files/data.json HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444

search
                                         108.167.141.129
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Date: Tue, 06 Dec 2022 09:59:04 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Content-Length: 295


--- Additional Info ---
Magic:  ASCII text
Size:   295
Md5:    c4e699111d8c5ee41a03610b94ff02d5
Sha1:   7b4ec667ab9d73b69d752931fa675eca988ac1be
Sha256: f1aa6a629871c08a077cba94a653cb0c2ace627617e442adccbf6712972bf0df

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /bossss/Sign%20in%20to%20XFINITY_files/styles-light.css HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444

search
                                         108.167.141.129
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 06 Dec 2022 09:59:04 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  ASCII text, with very long lines (50848), with no line terminators
Size:   19094
Md5:    049b3d8d779e070847174a63fbdbea8b
Sha1:   750f842ebbf752faf947c87ec57979d25a21b882
Sha256: b0e765e63a6d5c24e7197c491bae8ea2193d93a2c085b9b72ff5bfa4a5edc0d1
                                        
                                            GET /bossss/Sign%20in%20to%20XFINITY_files/1203273213x32.js HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444

search
                                         108.167.141.129
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 06 Dec 2022 09:59:04 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 772


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (403)
Size:   772
Md5:    7c2c39d578f8a54322d2f1084bf458db
Sha1:   b9da3c835240b6217ced4d7f8d792de9faafea74
Sha256: 8210268d9c4641543fffbd2394c23a7585408a90e94fcc58f84e6ae4b568936d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /bossss/Sign%20in%20to%20XFINITY_files/11648.js HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444

search
                                         108.167.141.129
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 06 Dec 2022 09:59:04 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8455


--- Additional Info ---
Magic:  HTML document text\012- C source, ASCII text, with very long lines (25399)
Size:   8455
Md5:    c540292a1c3d83602949e4f4af9272cd
Sha1:   2695d7e1ae9dd40ab88d9e7a45cc8a8930623e74
Sha256: 867f02cd87490f12f458ec91eb03ba6f23f94c585c26746a2b60937b3fa3bbd3

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /bossss/Sign%20in%20to%20XFINITY_files/150582-15.js HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444

search
                                         108.167.141.129
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 06 Dec 2022 09:59:04 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1382


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, ASCII text, with very long lines (2808)
Size:   1382
Md5:    1247a38a9cdacf0e00ed543c62127fe5
Sha1:   940c71c36b5a0f6bee39a4f89555b43f7dd668cd
Sha256: da8f696dae05fbc2ecf74b9dcb6aadb94d1bcd7192ffe2d4528c825d43a52193

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /bossss/Sign%20in%20to%20XFINITY_files/150582-10.js HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444

search
                                         108.167.141.129
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 06 Dec 2022 09:59:04 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 477


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, ASCII text, with very long lines (728)
Size:   477
Md5:    daef3004cc94546e9cd07c793db655a6
Sha1:   286c98c28b3e7a628f8a5eb28134c13f58e1f779
Sha256: a5bb938bc07b3bf08ae755ba4494f285c7684fef6c0dc9349e7d52f2366ad88e

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /bossss/Sign%20in%20to%20XFINITY_files/1647526060x32.js HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444

search
                                         108.167.141.129
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 06 Dec 2022 09:59:04 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 556


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (433)
Size:   556
Md5:    fe32fbe869ac4a88f764abd1bc438cf1
Sha1:   b1b4f1a0581746de7a45e1f0663220da83d02af1
Sha256: ce02fcf5ec2a7c9caa9aeed72f1fbdd4581a4745da89c9dfba7e84137dcd96a6

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4001
Cache-Control: max-age=87269
Date: Tue, 06 Dec 2022 09:59:04 GMT
Etag: "638db4ac-1d7"
Expires: Wed, 07 Dec 2022 10:13:33 GMT
Last-Modified: Mon, 05 Dec 2022 09:06:52 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /bossss/Sign%20in%20to%20XFINITY_files/scripts-responsive.js HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444

search
                                         108.167.141.129
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 06 Dec 2022 09:59:04 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1698


--- Additional Info ---
Magic:  ASCII text, with very long lines (3906), with no line terminators
Size:   1698
Md5:    0b5a2ee34ecb1141a47f9d569ff54893
Sha1:   a7685dbc86190a3d8161bab891ad4489a493e21f
Sha256: 4294186559939218bf8494573b4dce94cc722bb52f54756832bef1423d873a37

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /bossss/Sign%20in%20to%20XFINITY_files/asc.txt HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444

search
                                         108.167.141.129
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Date: Tue, 06 Dec 2022 09:59:06 GMT
Server: nginx/1.21.6
Content-Length: 17
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
X-Server-Cache: true
X-Proxy-Cache: HIT
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   17
Md5:    92ecce91e58ca501e89410701805ffd2
Sha1:   fbc2f9374e8f5aebbc0a9ebeaeb836dfe2ee8803
Sha256: af2d3351d5bb6b63e81eb19140f27324fd7b0ba94dc7c39b6154461243e4986e

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /bossss/Sign%20in%20to%20XFINITY_files/moatad_002.js HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444

search
                                         108.167.141.129
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 06 Dec 2022 09:59:04 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  ASCII text, with very long lines (554)
Size:   72384
Md5:    72378a0eda9ae895d3b9a85b18998c75
Sha1:   e78c8b727ab8e4cdb38cd1a43e694cc72942da04
Sha256: f742f5aff25449afd9df0a489303e1d4fd903aba2ec784528d1b68b8bdbdaeb0

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /bossss/Sign%20in%20to%20XFINITY_files/event HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444

search
                                         108.167.141.129
HTTP/1.1 200 OK
                                        
Date: Tue, 06 Dec 2022 09:59:06 GMT
Server: nginx/1.21.6
Content-Length: 191
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
X-Server-Cache: true
X-Proxy-Cache: HIT
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   191
Md5:    2d5d169b7afabb783f8994c576f005cb
Sha1:   d3c1f326303b3cd98f892a5ab28cea82222d058b
Sha256: 384d036f62eab523e123b0e2c033bdee06077fdf041c564ce56f956e6219fb24

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5AEzDyUFkzYqEceOOKlMnA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         34.218.164.174
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: LY8t8yGOGa/CzlxvRLWct+xlwRk=

                                        
                                            GET /bossss/Sign%20in%20to%20XFINITY_files/moatad.js HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444

search
                                         108.167.141.129
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 06 Dec 2022 09:59:04 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  ASCII text, with very long lines (554)
Size:   72384
Md5:    72378a0eda9ae895d3b9a85b18998c75
Sha1:   e78c8b727ab8e4cdb38cd1a43e694cc72942da04
Sha256: f742f5aff25449afd9df0a489303e1d4fd903aba2ec784528d1b68b8bdbdaeb0

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /bossss/Sign%20in%20to%20XFINITY_files/comcastVisIDAthena.js HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444

search
                                         108.167.141.129
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 06 Dec 2022 09:59:05 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8409


--- Additional Info ---
Magic:  ASCII text, with very long lines (815), with CRLF line terminators
Size:   8409
Md5:    79940589e33f37f68f9a80ce5e13c037
Sha1:   d7572fb9ef61134c9cb335a6db3740468b93b36f
Sha256: 6fff922e860e02fb4bc322b3807ab5e37dd8079072929c2b233c3ae9cdd21d8f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /bossss/Sign%20in%20to%20XFINITY_files/omniture_visId.js HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444

search
                                         108.167.141.129
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 06 Dec 2022 09:59:05 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  ASCII text, with very long lines (707), with CRLF line terminators
Size:   36160
Md5:    993f685dda3ba38c62260c5c7f690057
Sha1:   9a9673bc1c0f6d516e2e8da1acdd86ebcb89f803
Sha256: 74d0b37d1cccb61abb1678b181b5784501b488f6f65c8b2989a28d108f78c6a0

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /bossss/Sign%20in%20to%20XFINITY_files/rta.js HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444

search
                                         108.167.141.129
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 06 Dec 2022 09:59:05 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 159


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with no line terminators
Size:   159
Md5:    a66a008566af0e3807b90760012863c2
Sha1:   e09466fb3c0b0d2b94f6233b54321d179903eb17
Sha256: 3ee657e09030047c5792c02cf0f206708cfd3f33aa98b0ccf28cd9c4b098f610

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /bossss/Sign%20in%20to%20XFINITY_files/all.js HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444

search
                                         108.167.141.129
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 06 Dec 2022 09:59:04 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  ASCII text, with very long lines (18053)
Size:   81701
Md5:    d3c16f63bb394161ab950761946097c7
Sha1:   e2db8104260b5e9574af432bb5162072ccf9e774
Sha256: af710747fdaf30a7775f1915817fad217a2a1e64ae09ba719da243abf6ee67f4

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /bossss/Sign%20in%20to%20XFINITY_files/segments.js HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444

search
                                         108.167.141.129
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 06 Dec 2022 09:59:05 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Content-Length: 39


--- Additional Info ---
Magic:  ASCII text
Size:   39
Md5:    9c5453ce3943ebf709c68c4358907916
Sha1:   25c057fa107fca0917c7dca9f432cdce93ce2316
Sha256: c47bb8af6317ddc64116b9fa30f3d2d46ea6b759789556c003a08fd57c0f6e8a

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /bossss/Sign%20in%20to%20XFINITY_files/event.gif HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444

search
                                         108.167.141.129
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Tue, 06 Dec 2022 09:59:05 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Content-Length: 42


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /bossss/Sign%20in%20to%20XFINITY_files/seal.png HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444

search
                                         108.167.141.129
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Tue, 06 Dec 2022 09:59:05 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Content-Length: 3091


--- Additional Info ---
Magic:  PNG image data, 142 x 45, 8-bit/color RGBA, non-interlaced\012- data
Size:   3091
Md5:    be19bc645a5d70db58e4317fb1f7f791
Sha1:   8c38f471f3e6d17af148acaab219db7e3e4a8d23
Sha256: 6ab85bc152133401e0ad5ca069990f4a76413499820d4ba95a0dadb063bcc8b8
                                        
                                            GET /bossss/Sign%20in%20to%20XFINITY_files/Oscars_SignIn_300x250.jpg HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444

search
                                         108.167.141.129
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Tue, 06 Dec 2022 09:59:05 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Content-Length: 35514


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, components 3\012- data
Size:   35514
Md5:    a98fbe346dd7c66a4ca5f1f77aa75e44
Sha1:   ee1c12063d821ba884efe2afedd6cab81c825363
Sha256: de3e0d54441cd6afe0d7d2afcb95eadf8fec5cb23ecd47a796c3818fe7fb8f4d
                                        
                                            GET /bossss/Sign%20in%20to%20XFINITY_files/u.gif HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444

search
                                         108.167.141.129
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Tue, 06 Dec 2022 09:59:05 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Content-Length: 42


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /static/fonts/Xfinity-Standard/XfinityStandard-Regular.woff2 HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css

search
                                         108.167.141.129
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Tue, 06 Dec 2022 09:59:05 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Content-Length: 746
Vary: Accept-Encoding


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   746
Md5:    dbf8ec3db1d4b93b848197591827939c
Sha1:   2e12f671d6101f52060133c32f8d359af756f9b2
Sha256: 63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /comcastapn56341864860/moatad.js HTTP/1.1 
Host: z.moatads.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cgltreeservices.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         23.38.201.146
HTTP/2 200 OK
content-type: application/x-javascript
                                        
x-amz-id-2: DgrV/yUP0cYZJ24pT7Z5LVkFATYFOX23OVuFadPO2EW++SB5KZZT2R0SCmVojLGlVbLec6pGXtw=
x-amz-request-id: CA2DQ7A5WM2MGH3Y
last-modified: Mon, 11 May 2020 15:59:42 GMT
etag: "d41d8cd98f00b204e9800998ecf8427e"
accept-ranges: bytes
server: AmazonS3
content-length: 0
cache-control: max-age=31488
date: Tue, 06 Dec 2022 09:59:05 GMT
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: status.geotrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6217
Cache-Control: 'max-age=158059'
Date: Tue, 06 Dec 2022 09:59:05 GMT
Last-Modified: Tue, 06 Dec 2022 08:15:28 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.woff2 HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css

search
                                         108.167.141.129
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Tue, 06 Dec 2022 09:59:05 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Content-Length: 746
Vary: Accept-Encoding


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   746
Md5:    dbf8ec3db1d4b93b848197591827939c
Sha1:   2e12f671d6101f52060133c32f8d359af756f9b2
Sha256: 63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /w/1.0/jstag HTTP/1.1 
Host: us-ads.openx.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cgltreeservices.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         35.244.159.8
HTTP/2 200 OK
content-type: text/javascript
                                        
vary: Accept-Encoding
server: OXGW/0.0.0
p3p: CP="CUR ADM OUR NOR STA NID"
expires: Tue, 06 Dec 2022 10:59:05 GMT
date: Tue, 06 Dec 2022 09:59:05 GMT
content-length: 18071
content-encoding: gzip
cache-control: max-age=3600
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (12594)
Size:   18071
Md5:    ca86d365471cdc0fdbbdcf961803eb48
Sha1:   ce7f84533218cd78c2d81527b3dc5c1945bcf3b7
Sha256: c7912dd203837530845da50cfec5daf435a99eb4c6ade95a7c6d41a55605cbb4
                                        
                                            POST / HTTP/1.1 
Host: status.geotrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6217
Cache-Control: 'max-age=158059'
Date: Tue, 06 Dec 2022 09:59:05 GMT
Last-Modified: Tue, 06 Dec 2022 08:15:28 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /static/fonts/Xfinity-Standard/XfinityStandard-Regular.woff HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css

search
                                         108.167.141.129
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Tue, 06 Dec 2022 09:59:05 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Content-Length: 746
Vary: Accept-Encoding


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   746
Md5:    dbf8ec3db1d4b93b848197591827939c
Sha1:   2e12f671d6101f52060133c32f8d359af756f9b2
Sha256: 63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.woff HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css

search
                                         108.167.141.129
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Tue, 06 Dec 2022 09:59:05 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Content-Length: 746
Vary: Accept-Encoding


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   746
Md5:    dbf8ec3db1d4b93b848197591827939c
Sha1:   2e12f671d6101f52060133c32f8d359af756f9b2
Sha256: 63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /a/11648/36314/150582-10.js?&cb=0.5477071014438208&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10 HTTP/1.1 
Host: optimized-by.rubiconproject.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/

search
                                         3.74.171.125
HTTP/1.1 307 Temporary Redirect
                                        
Date: Tue, 06 Dec 2022 09:59:05 GMT
Content-Length: 0
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Location: http://vast.rubiconproject.com/a/11648/36314/150582-10.js?tk_vps=2&&cb=0.5477071014438208&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
X-Forwarded-For: 91.90.42.154
X-Forwarded-Proto: http
X-Forwarded-Port: 80
Host: optimized-by.rubiconproject.com
X-Amzn-Trace-Id: Root=1-638f1269-4385d93436d4ce010b144c5d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cgltreeservices.com/

                                        
                                            GET /static/fonts/Xfinity-Standard/XfinityStandard-Regular.ttf HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm

search
                                         108.167.141.129
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Tue, 06 Dec 2022 09:59:07 GMT
Server: nginx/1.21.6
Content-Length: 462
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   462
Md5:    3b58a4197a90ce28f053f853e9f5201a
Sha1:   1764aa95ccf139706beb229625b9d6d6f154bd5d
Sha256: e63cc6fceab87ebcfc2e83b5d9354ef92bd45c582ac8202ff6d141f39ec17648

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.ttf HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm

search
                                         108.167.141.129
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Tue, 06 Dec 2022 09:59:07 GMT
Server: nginx/1.21.6
Content-Length: 462
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   462
Md5:    3b58a4197a90ce28f053f853e9f5201a
Sha1:   1764aa95ccf139706beb229625b9d6d6f154bd5d
Sha256: e63cc6fceab87ebcfc2e83b5d9354ef92bd45c582ac8202ff6d141f39ec17648

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /a/11648/36314/150582-10.js?tk_vps=2&&cb=0.5477071014438208&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10 HTTP/1.1 
Host: vast.rubiconproject.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cgltreeservices.com/
Connection: keep-alive

search
                                         213.19.162.31
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Server: nginx/1.21.4
Date: Tue, 06 Dec 2022 09:59:06 GMT
Content-Length: 147
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Pragma: no-cache
Vary: Accept-Encoding
Set-Cookie: khaos=LBC1UG5Q-23-8K2N; Domain=.rubiconproject.com; Path=/; Expires=Wed, 06-Dec-2023 09:59:06 GMT; Max-Age=31536000; SameSite=None; Secure audit=1|naVuGyos1qpuP10wWc85gO9DtVM30fCgV3PdyjZap6Td0XM3A4FRH5t8UDkxNtLxZjgLr2G0q8TggJ3pD4CYmwZlrptl4/mV0A+VO7RH1E0=; Domain=.rubiconproject.com; Path=/; Expires=Wed, 06-Dec-2023 09:59:06 GMT; Max-Age=31536000; SameSite=None; Secure
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"


--- Additional Info ---
Magic:  ASCII text
Size:   147
Md5:    7bdda9f1de292e7e006306b2d85c9cb1
Sha1:   36a60514a49f5f2d58deb949fdf037ed29a067cc
Sha256: 83ea4cc1abe0489b72d792344ff8e08c2749d8bd6933a61ab0bdbd7e07c447ca
                                        
                                            GET /a/11648/36314/150582-10.js?&cb=0.5477071014438208&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10 HTTP/1.1 
Host: optimized-by.rubiconproject.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/

search
                                         3.74.171.125
HTTP/1.1 307 Temporary Redirect
                                        
Date: Tue, 06 Dec 2022 09:59:06 GMT
Content-Length: 0
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Location: http://vast.rubiconproject.com/a/11648/36314/150582-10.js?tk_vps=2&&cb=0.5477071014438208&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
X-Forwarded-For: 91.90.42.154
X-Forwarded-Proto: http
X-Forwarded-Port: 80
Host: optimized-by.rubiconproject.com
X-Amzn-Trace-Id: Root=1-638f126a-037f277e1f1d2e300297c500
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cgltreeservices.com/

                                        
                                            GET /a/11648/36314/150582-10.js?tk_vps=2&&cb=0.5477071014438208&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10 HTTP/1.1 
Host: vast.rubiconproject.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cgltreeservices.com/
Connection: keep-alive

search
                                         213.19.162.31
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Server: nginx/1.21.4
Date: Tue, 06 Dec 2022 09:59:06 GMT
Content-Length: 147
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Pragma: no-cache
Vary: Accept-Encoding
Set-Cookie: khaos=LBC1UG8A-4-EQ82; Domain=.rubiconproject.com; Path=/; Expires=Wed, 06-Dec-2023 09:59:06 GMT; Max-Age=31536000; SameSite=None; Secure audit=1|naVuGyos1qoxvDJ1+CxEnu9DtVM30fCgV3PdyjZap6Td0XM3A4FRH5t8UDkxNtLxZjgLr2G0q8TggJ3pD4CYmwZlrptl4/mV0A+VO7RH1E0=; Domain=.rubiconproject.com; Path=/; Expires=Wed, 06-Dec-2023 09:59:06 GMT; Max-Age=31536000; SameSite=None; Secure
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"


--- Additional Info ---
Magic:  ASCII text
Size:   147
Md5:    7bdda9f1de292e7e006306b2d85c9cb1
Sha1:   36a60514a49f5f2d58deb949fdf037ed29a067cc
Sha256: 83ea4cc1abe0489b72d792344ff8e08c2749d8bd6933a61ab0bdbd7e07c447ca
                                        
                                            GET /ad/11648.js HTTP/1.1 
Host: ads.rubiconproject.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cgltreeservices.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         2.21.206.244
HTTP/2 200 OK
content-type: text/javascript
                                        
server: Apache
x-powered-by: PHP/5.3.3
content-encoding: gzip
content-length: 8946
cache-control: max-age=12439
expires: Tue, 06 Dec 2022 13:26:25 GMT
date: Tue, 06 Dec 2022 09:59:06 GMT
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  C source, ASCII text, with very long lines (26545)
Size:   8946
Md5:    5aecf12e8c3cb1d14458bc71c6b8cf0c
Sha1:   b0cedce6e8165041981ba59a9b7277053a37ba89
Sha256: 69dd3510681bc16e17f107ac8f2fa504aa7ce59d75ebf3248b6f85f02a6409aa
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3860
Cache-Control: max-age=144731
Date: Tue, 06 Dec 2022 09:59:06 GMT
Etag: "638e95b1-1d7"
Expires: Thu, 08 Dec 2022 02:11:17 GMT
Last-Modified: Tue, 06 Dec 2022 01:06:57 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /a/11648/36314/150582-15.js?&cb=0.09370195725039776&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15&rp_secure=1 HTTP/1.1 
Host: smarttag.rubiconproject.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cgltreeservices.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         213.19.162.21
HTTP/2 200 OK
content-type: text/javascript
                                        
server: nginx/1.21.4
date: Tue, 06 Dec 2022 09:59:06 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LBC1UGEQ-25-AQDX; Domain=.rubiconproject.com; Path=/; Expires=Wed, 06-Dec-2023 09:59:06 GMT; Max-Age=31536000; SameSite=None; Secure audit=1|naVuGyos1qrliVj5xbZ8cO9DtVM30fCgV3PdyjZap6Td0XM3A4FRH5t8UDkxNtLxZjgLr2G0q8TggJ3pD4CYmwZlrptl4/mV0A+VO7RH1E0=; Domain=.rubiconproject.com; Path=/; Expires=Wed, 06-Dec-2023 09:59:06 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 147
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   147
Md5:    9441d4459f9bdf15aad152e66fc88643
Sha1:   e97b5816d440de61a5d5a7f47bb921cec240580b
Sha256: 9983e07b9631af361911c4abfcddf64df4a51003d916415dfab1e19c9cd16749
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11042
Expires: Tue, 06 Dec 2022 13:03:08 GMT
Date: Tue, 06 Dec 2022 09:59:06 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11042
Expires: Tue, 06 Dec 2022 13:03:08 GMT
Date: Tue, 06 Dec 2022 09:59:06 GMT
Connection: keep-alive

                                        
                                            GET /a/11648/36314/150582-15.js?&cb=0.7101548064243212&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15 HTTP/1.1 
Host: optimized-by.rubiconproject.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/

search
                                         3.74.171.125
HTTP/1.1 307 Temporary Redirect
                                        
Date: Tue, 06 Dec 2022 09:59:06 GMT
Content-Length: 0
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Location: http://vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.7101548064243212&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
X-Forwarded-For: 91.90.42.154
X-Forwarded-Proto: http
X-Forwarded-Port: 80
Host: optimized-by.rubiconproject.com
X-Amzn-Trace-Id: Root=1-638f126a-40e5747a7a6ff39326a72892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cgltreeservices.com/

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11042
Expires: Tue, 06 Dec 2022 13:03:08 GMT
Date: Tue, 06 Dec 2022 09:59:06 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11042
Expires: Tue, 06 Dec 2022 13:03:08 GMT
Date: Tue, 06 Dec 2022 09:59:06 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11042
Expires: Tue, 06 Dec 2022 13:03:08 GMT
Date: Tue, 06 Dec 2022 09:59:06 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcfc1e29-0017-4346-aacf-66d3875076ce.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5790
x-amzn-requestid: 2e409a5f-ce04-4b9b-b3a2-74e5bbd256d3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSvoEoUoAMFsxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64ca-72e1bb13187b18aa26c8566f;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WBNaNTgYQaDVlJqu2u341xYy_6zmr5LqmCD2BPjGPGgmAG20WNHyKw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:46:52 GMT
age: 43934
etag: "1f25392db4cf3693259202b24e898f21093b8bf9"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5790
Md5:    18bbcbf84b00d3bc602830478ff1bd7f
Sha1:   1f25392db4cf3693259202b24e898f21093b8bf9
Sha256: cb2b44e1f74a9bb43fab48536f6146e273c728b34e4889ff3f18a411d14d2282
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10183
x-amzn-requestid: 557e6b38-7be9-4953-968b-2e5bd3491ef4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUDYEQbIAMFwRg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e66e2-1fcd8fc4719bc0bc7d11abd2;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: z1_zJTJMuk724WMOmIc660b54AyZK8ffNVF5N7ehZ00W2kaL3Lcd1A==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:47:14 GMT
age: 43912
etag: "f914f04a0e1fb45a221d31d2105bfc73015b03e6"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10183
Md5:    99d1ff8fa2e095dcf2bda3d1e1af1221
Sha1:   f914f04a0e1fb45a221d31d2105bfc73015b03e6
Sha256: 90325d4299a44dbd213857ada6f6880db8c33ad61685cfcb60c4a2455a84cf87
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ca09fa3-9c1c-4e27-b763-2de04564da9d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4827
x-amzn-requestid: 9091cc45-8fb1-4b07-8ef9-3f42b85fb81e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSuYH_KIAMFpMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64c2-6bf3bf8659ef3feb27c1803f;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fxdYE-ftBwC_0KcBJBQqvUbVXM54TmsKR8QXIfLIhdLYsqtaxdx9tg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:26 GMT
age: 41800
etag: "0f1c7567b89cc3de60196e47e37879296359bc78"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4827
Md5:    73b9f329cd3a39d0756de62dd5f190b7
Sha1:   0f1c7567b89cc3de60196e47e37879296359bc78
Sha256: e15711efe27a3d302a9869cf01d27fd65bd0beca9d03a19d93bbf11e28f3e1d8
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70fb9d31-10e5-4323-9fbd-ed451a00e6b1.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10594
x-amzn-requestid: eee9f193-eef5-44bf-997a-877fa206749e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSyIHpGoAMF1fw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64da-0a9190f7698dbf2f73bb1575;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: f-KQCOuDl461V8MBPsSOj1ILCU91Q0pCSENaldkMHR2oZdrEUnHeaA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:03:16 GMT
age: 42950
etag: "366aa3ab0790c496ea51bc08d1f2ff3358530d9e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10594
Md5:    7e1b54923ba506fde6b21c5bfb51ccc8
Sha1:   366aa3ab0790c496ea51bc08d1f2ff3358530d9e
Sha256: a993ca6dc9a1f854f4542f9221e4f90060825ea863974b5163a9d3e284dc4663
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba08976-65c4-4b8b-9ef1-92055a7b5235.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12293
x-amzn-requestid: 49891ceb-3f74-4e83-8064-f54fc8b30961
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSyGHPOIAMFYqw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64da-651e4e0c55257bcc553cd176;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4f0QQ4-21m-DiP4oUtIG75_vremc835laqhfDerlqCuW-WyKClvc9Q==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:29:38 GMT
age: 41368
etag: "9a26884875abb0652c568c50438b65f801779f9a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12293
Md5:    53afd826523f4c18bf968764818d7ca7
Sha1:   9a26884875abb0652c568c50438b65f801779f9a
Sha256: 4f9dfeda67a040fef9c6987a7c334a91c993c84f694fa91771fcf7fd1d2e4937
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:23:09 GMT
age: 41757
etag: "36082b7329d473829178f280cb71a83b1531e486"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11224
Md5:    b15136d60fd0a5e0f657a4f5c75d540f
Sha1:   36082b7329d473829178f280cb71a83b1531e486
Sha256: 79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8
                                        
                                            GET /a/11648/36314/150582-15.js?tk_vps=2&&cb=0.7101548064243212&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15 HTTP/1.1 
Host: vast.rubiconproject.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cgltreeservices.com/
Connection: keep-alive

search
                                         213.19.162.31
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Server: nginx/1.21.4
Date: Tue, 06 Dec 2022 09:59:06 GMT
Content-Length: 147
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Pragma: no-cache
Vary: Accept-Encoding
Set-Cookie: khaos=LBC1UGH6-10-99B5; Domain=.rubiconproject.com; Path=/; Expires=Wed, 06-Dec-2023 09:59:06 GMT; Max-Age=31536000; SameSite=None; Secure audit=1|SDziDG3X/EjbucnZjE4Zgu9DtVM30fCgV3PdyjZap6Td0XM3A4FRH5t8UDkxNtLxZjgLr2G0q8TggJ3pD4CYmwZlrptl4/mV0A+VO7RH1E0=; Domain=.rubiconproject.com; Path=/; Expires=Wed, 06-Dec-2023 09:59:06 GMT; Max-Age=31536000; SameSite=None; Secure
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"


--- Additional Info ---
Magic:  ASCII text
Size:   147
Md5:    9441d4459f9bdf15aad152e66fc88643
Sha1:   e97b5816d440de61a5d5a7f47bb921cec240580b
Sha256: 9983e07b9631af361911c4abfcddf64df4a51003d916415dfab1e19c9cd16749
                                        
                                            GET /a/11648/36314/150582-15.js?&cb=0.7101548064243212&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15 HTTP/1.1 
Host: optimized-by.rubiconproject.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/

search
                                         3.74.171.125
HTTP/1.1 307 Temporary Redirect
                                        
Date: Tue, 06 Dec 2022 09:59:06 GMT
Content-Length: 0
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Location: http://vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.7101548064243212&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
X-Forwarded-For: 91.90.42.154
X-Forwarded-Proto: http
X-Forwarded-Port: 80
Host: optimized-by.rubiconproject.com
X-Amzn-Trace-Id: Root=1-638f126a-54731f217741047916856eed
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cgltreeservices.com/

                                        
                                            GET /a/11648/36314/150582-15.js?tk_vps=2&&cb=0.7101548064243212&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15 HTTP/1.1 
Host: vast.rubiconproject.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cgltreeservices.com/
Connection: keep-alive

search
                                         213.19.162.31
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Server: nginx/1.21.4
Date: Tue, 06 Dec 2022 09:59:06 GMT
Content-Length: 147
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Pragma: no-cache
Vary: Accept-Encoding
Set-Cookie: khaos=LBC1UGJ1-V-LKV3; Domain=.rubiconproject.com; Path=/; Expires=Wed, 06-Dec-2023 09:59:06 GMT; Max-Age=31536000; SameSite=None; Secure audit=1|naVuGyos1qoHzIKf8+GpNe9DtVM30fCgV3PdyjZap6Td0XM3A4FRH5t8UDkxNtLxZjgLr2G0q8TggJ3pD4CYmwZlrptl4/mV0A+VO7RH1E0=; Domain=.rubiconproject.com; Path=/; Expires=Wed, 06-Dec-2023 09:59:06 GMT; Max-Age=31536000; SameSite=None; Secure
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"


--- Additional Info ---
Magic:  ASCII text
Size:   147
Md5:    9441d4459f9bdf15aad152e66fc88643
Sha1:   e97b5816d440de61a5d5a7f47bb921cec240580b
Sha256: 9983e07b9631af361911c4abfcddf64df4a51003d916415dfab1e19c9cd16749
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3463
Cache-Control: 'max-age=158059'
Date: Tue, 06 Dec 2022 09:59:06 GMT
Last-Modified: Tue, 06 Dec 2022 09:01:23 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /api/segments.json?a=p-9eJ8k4iSzux46&callback=qc_results&ttl=86400 HTTP/1.1 
Host: pixel.quantserve.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cgltreeservices.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         91.228.74.206
HTTP/2 200 OK
content-type: application/x-javascript
                                        
date: Tue, 06 Dec 2022 09:59:06 GMT
content-length: 39
cache-control: private, no-transform, must-revalidate, max-age=86400
expires: Wed, 07 Dec 2022 09:59:06 GMT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
set-cookie: mc=638f126a-acbeb-cedf7-2bf46; expires=Sat, 06-Jan-2024 09:59:06 GMT; path=/; domain=.quantserve.com
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   39
Md5:    9c5453ce3943ebf709c68c4358907916
Sha1:   25c057fa107fca0917c7dca9f432cdce93ce2316
Sha256: c47bb8af6317ddc64116b9fa30f3d2d46ea6b759789556c003a08fd57c0f6e8a
                                        
                                            GET /static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff2 HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm

search
                                         108.167.141.129
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Tue, 06 Dec 2022 09:59:06 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Content-Length: 746
Vary: Accept-Encoding


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   746
Md5:    dbf8ec3db1d4b93b848197591827939c
Sha1:   2e12f671d6101f52060133c32f8d359af756f9b2
Sha256: 63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /b/ss/comcastnetdev/1/H.27.5/s98131181810116?AQB=1&ndh=1&t=6%2F11%2F2022%209%3A59%3A6%202%200&fid=685599E80737753A-3D3A1B3112774C13&ce=UTF-8&ns=comcast&pageName=sign%20in&g=http%3A%2F%2Fcgltreeservices.com%2Fbossss%2F%3Fentity%3D1073444&cc=USD&ch=sign%20in&events=event11&c1=%2Fbossss%2F%2F%3Asign%20in&v1=%2Fbossss%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Fbossss%2F&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1152&bh=836&AQE=1 HTTP/1.1 
Host: serviceo.comcast.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/

search
                                         13.36.218.177
HTTP/1.1 302 Found
content-type: text/plain;charset=utf-8
                                        
access-control-allow-origin: *
vary: Origin
date: Tue, 06 Dec 2022 09:59:06 GMT
expires: Mon, 05 Dec 2022 09:59:06 GMT
last-modified: Wed, 07 Dec 2022 09:59:06 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|31C789353B9FE884-40000711294619F4[CE]; Path=/; Domain=comcast.net; Max-Age=63072000; Expires=Thu, 05 Dec 2024 09:59:59 GMT;
location: http://serviceo.comcast.net/b/ss/comcastnetdev/1/H.27.5/s98131181810116?AQB=1&pccr=true&vidn=31C789353B9FE884-40000711294619F4&ndh=1&t=6%2F11%2F2022%209%3A59%3A6%202%200&fid=685599E80737753A-3D3A1B3112774C13&ce=UTF-8&ns=comcast&pageName=sign%20in&g=http%3A%2F%2Fcgltreeservices.com%2Fbossss%2F%3Fentity%3D1073444&cc=USD&ch=sign%20in&events=event11&c1=%2Fbossss%2F%2F%3Asign%20in&v1=%2Fbossss%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Fbossss%2F&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1152&bh=836&AQE=1
content-length: 0
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff

                                        
                                            GET /static/images/fb-logo-29.png HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm

search
                                         108.167.141.129
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Tue, 06 Dec 2022 09:59:06 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 462


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   462
Md5:    3b58a4197a90ce28f053f853e9f5201a
Sha1:   1764aa95ccf139706beb229625b9d6d6f154bd5d
Sha256: e63cc6fceab87ebcfc2e83b5d9354ef92bd45c582ac8202ff6d141f39ec17648
                                        
                                            GET /static/fonts/Xfinity-Standard/XfinityStandard-Light.woff2 HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm

search
                                         108.167.141.129
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Tue, 06 Dec 2022 09:59:06 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Content-Length: 746
Vary: Accept-Encoding


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   746
Md5:    dbf8ec3db1d4b93b848197591827939c
Sha1:   2e12f671d6101f52060133c32f8d359af756f9b2
Sha256: 63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /b/ss/comcastnetdev/1/H.27.5/s98131181810116?AQB=1&pccr=true&vidn=31C789353B9FE884-40000711294619F4&ndh=1&t=6%2F11%2F2022%209%3A59%3A6%202%200&fid=685599E80737753A-3D3A1B3112774C13&ce=UTF-8&ns=comcast&pageName=sign%20in&g=http%3A%2F%2Fcgltreeservices.com%2Fbossss%2F%3Fentity%3D1073444&cc=USD&ch=sign%20in&events=event11&c1=%2Fbossss%2F%2F%3Asign%20in&v1=%2Fbossss%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Fbossss%2F&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1152&bh=836&AQE=1 HTTP/1.1 
Host: serviceo.comcast.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cgltreeservices.com/
Connection: keep-alive

search
                                         13.36.218.177
HTTP/1.1 200 OK
content-type: image/gif;charset=utf-8
                                        
access-control-allow-origin: *
date: Tue, 06 Dec 2022 09:59:06 GMT
expires: Mon, 05 Dec 2022 09:59:06 GMT
last-modified: Wed, 07 Dec 2022 09:59:06 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|31C7893503C12570-40001772894A5845[CE]; Path=/; Domain=comcast.net; Max-Age=63072000; Expires=Thu, 05 Dec 2024 09:59:59 GMT;
etag: 3586986489013141504-4619804204704880708
vary: *
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff


--- Additional Info ---
Magic:  GIF image data, version 89a, 2 x 2\012- data
Size:   43
Md5:    ad480fd0732d0f6f1a8b06359e3a42bb
Sha1:   a544538683a2dfe574eeb2e358ac8fcc78289d50
Sha256: a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
                                        
                                            GET /static/fonts/Xfinity-Standard/XfinityStandard-Thin.woff2 HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm

search
                                         108.167.141.129
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Tue, 06 Dec 2022 09:59:06 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Content-Length: 746
Vary: Accept-Encoding


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   746
Md5:    dbf8ec3db1d4b93b848197591827939c
Sha1:   2e12f671d6101f52060133c32f8d359af756f9b2
Sha256: 63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /bossss/Sign%20in%20to%20XFINITY_files/ao6eUeuGXQq.htm HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
Cookie: OX_sd=1; OX_plg=pm
Upgrade-Insecure-Requests: 1

search
                                         108.167.141.129
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Tue, 06 Dec 2022 09:59:08 GMT
Server: nginx/1.21.6
Content-Length: 16871
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
X-Server-Cache: false


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6078), with CRLF line terminators
Size:   16871
Md5:    9922458cb6254769b56591dbc1dc09fe
Sha1:   9e5e45878fd2024b41bc47dcb59a096fb65bc65d
Sha256: 686657c40c7df232e408c1bb2ee85b6d7bdb256581ecd22686d23bd178befc9a

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /bossss/Sign%20in%20to%20XFINITY_files/dest5.htm HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444
Cookie: OX_sd=1; OX_plg=pm; s_cc=true; s_fid=685599E80737753A-3D3A1B3112774C13; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T; s_sq=%5B%5BB%5D%5D
Upgrade-Insecure-Requests: 1

search
                                         108.167.141.129
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Tue, 06 Dec 2022 09:59:08 GMT
Server: nginx/1.21.6
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
X-Server-Cache: false
Content-Length: 4199


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (581), with CRLF line terminators
Size:   4199
Md5:    bca5675fe990e0cf10ada92892b4469b
Sha1:   fe22bdb21a46264c5d41dd0a032f26cfcd9314bf
Sha256: ac3af5d86b1b86bed0c272d4bee25d13f4993322fce9906018c299a764365d6b

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42 HTTP/1.1 
Host: staticxx.facebook.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/
Upgrade-Insecure-Requests: 1

search
                                         157.240.200.14
HTTP/1.1 301 Moved Permanently
Content-Type: text/plain
                                        
Location: https://staticxx.facebook.com/connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42
Server: proxygen-bolt
Date: Tue, 06 Dec 2022 09:59:07 GMT
Connection: keep-alive
Content-Length: 0

                                        
                                            GET /static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm; s_cc=true; s_fid=685599E80737753A-3D3A1B3112774C13; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T; s_sq=%5B%5BB%5D%5D

search
                                         108.167.141.129
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Tue, 06 Dec 2022 09:59:07 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Content-Length: 746
Vary: Accept-Encoding


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   746
Md5:    dbf8ec3db1d4b93b848197591827939c
Sha1:   2e12f671d6101f52060133c32f8d359af756f9b2
Sha256: 63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3514
Cache-Control: max-age=105504
Date: Tue, 06 Dec 2022 09:59:07 GMT
Etag: "638dfdd1-1d7"
Expires: Wed, 07 Dec 2022 15:17:31 GMT
Last-Modified: Mon, 05 Dec 2022 14:18:57 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /static/fonts/Xfinity-Standard/XfinityStandard-Light.woff HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm; s_cc=true; s_fid=685599E80737753A-3D3A1B3112774C13; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T; s_sq=%5B%5BB%5D%5D

search
                                         108.167.141.129
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Tue, 06 Dec 2022 09:59:07 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Content-Length: 746
Vary: Accept-Encoding


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   746
Md5:    dbf8ec3db1d4b93b848197591827939c
Sha1:   2e12f671d6101f52060133c32f8d359af756f9b2
Sha256: 63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /static/fonts/Xfinity-Standard/XfinityStandard-Thin.woff HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm; s_cc=true; s_fid=685599E80737753A-3D3A1B3112774C13; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T; s_sq=%5B%5BB%5D%5D

search
                                         108.167.141.129
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Tue, 06 Dec 2022 09:59:07 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Content-Length: 746
Vary: Accept-Encoding


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   746
Md5:    dbf8ec3db1d4b93b848197591827939c
Sha1:   2e12f671d6101f52060133c32f8d359af756f9b2
Sha256: 63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42 HTTP/1.1 
Host: staticxx.facebook.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cgltreeservices.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         157.240.200.14
HTTP/2 404 Not Found
content-type: text/html; charset="utf-8"
                                        
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
strict-transport-security: max-age=15552000; preload
x-fb-debug: 4zCgIkiR3r345Ofx2xoxMf+GVw59SRiFnBRFEZrDOw10AYKRuKEQE9oamVsnrO65t+PGsh2Ph04a9JUm5FKvGA==
content-length: 9
x-fb-trip-id: 1679558926
date: Tue, 06 Dec 2022 09:59:07 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   9
Md5:    9d1ead73e678fa2f51a70a933b0bf017
Sha1:   d205cbd6783332a212c5ae92d73c77178c2d2f28
Sha256: 0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3514
Cache-Control: max-age=105504
Date: Tue, 06 Dec 2022 09:59:07 GMT
Etag: "638dfdd1-1d7"
Expires: Wed, 07 Dec 2022 15:17:31 GMT
Last-Modified: Mon, 05 Dec 2022 14:18:57 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42 HTTP/1.1 
Host: staticxx.facebook.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cgltreeservices.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         157.240.200.14
HTTP/2 404 Not Found
content-type: text/html; charset="utf-8"
                                        
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
strict-transport-security: max-age=15552000; preload
x-fb-debug: R1nKnNMLL06m94etrmO2VufrGjsxolLtRvEKg5JqPb2flk5Vknb7sxlPtEUMQfG3Ipxwan8HUaOe9pofUFGMzw==
content-length: 9
x-fb-trip-id: 1679558926
date: Tue, 06 Dec 2022 09:59:07 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   9
Md5:    9d1ead73e678fa2f51a70a933b0bf017
Sha1:   d205cbd6783332a212c5ae92d73c77178c2d2f28
Sha256: 0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5
                                        
                                            GET /static/fonts/Xfinity-Standard/XfinityStandard-Medium.ttf HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm; s_cc=true; s_fid=685599E80737753A-3D3A1B3112774C13; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T; s_sq=%5B%5BB%5D%5D

search
                                         108.167.141.129
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Tue, 06 Dec 2022 09:59:08 GMT
Server: nginx/1.21.6
Content-Length: 462
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   462
Md5:    3b58a4197a90ce28f053f853e9f5201a
Sha1:   1764aa95ccf139706beb229625b9d6d6f154bd5d
Sha256: e63cc6fceab87ebcfc2e83b5d9354ef92bd45c582ac8202ff6d141f39ec17648

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /static/fonts/Xfinity-Standard/XfinityStandard-Light.ttf HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm; s_cc=true; s_fid=685599E80737753A-3D3A1B3112774C13; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T; s_sq=%5B%5BB%5D%5D

search
                                         108.167.141.129
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Tue, 06 Dec 2022 09:59:08 GMT
Server: nginx/1.21.6
Content-Length: 462
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   462
Md5:    3b58a4197a90ce28f053f853e9f5201a
Sha1:   1764aa95ccf139706beb229625b9d6d6f154bd5d
Sha256: e63cc6fceab87ebcfc2e83b5d9354ef92bd45c582ac8202ff6d141f39ec17648

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /static/fonts/Xfinity-Standard/XfinityStandard-Thin.ttf HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm; s_cc=true; s_fid=685599E80737753A-3D3A1B3112774C13; AMCV_723C39F756ABCD0B7F000101%40AdobeOrg=T; s_sq=%5B%5BB%5D%5D

search
                                         108.167.141.129
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Tue, 06 Dec 2022 09:59:08 GMT
Server: nginx/1.21.6
Content-Length: 462
Last-Modified: Thu, 23 Jun 2022 12:39:47 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   462
Md5:    3b58a4197a90ce28f053f853e9f5201a
Sha1:   1764aa95ccf139706beb229625b9d6d6f154bd5d
Sha256: e63cc6fceab87ebcfc2e83b5d9354ef92bd45c582ac8202ff6d141f39ec17648

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /static/psa/blank/1x1.png HTTP/1.1 
Host: secure-assets.rubiconproject.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cgltreeservices.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         2.21.206.244
HTTP/2 200 OK
content-type: image/png
                                        
server: Apache
last-modified: Tue, 01 Oct 2019 16:53:58 GMT
accept-ranges: bytes
content-encoding: gzip
unused62: 8096267
content-length: 155
date: Tue, 06 Dec 2022 09:59:07 GMT
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Size:   155
Md5:    0fed6b76619acefb38a43867d5fbbd65
Sha1:   b4881fe00376089907ce39fb43398fe2b9d55b8a
Sha256: 172f8ce100094feaee2d292f56c5a847b0a89852a43e79ef7743d28d06dec7d7
                                        
                                            GET /en_US/all.js HTTP/1.1 
Host: connect.facebook.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/

search
                                         157.240.200.14
HTTP/1.1 301 Moved Permanently
Content-Type: text/plain
                                        
Location: https://connect.facebook.net/en_US/all.js
Server: proxygen-bolt
Date: Tue, 06 Dec 2022 09:59:07 GMT
Connection: keep-alive
Content-Length: 0

                                        
                                            GET /delivery/rta/rta.js?netId=2528&cookieName=crtg_comcast&rnd=88649387466&varName=crtg_content HTTP/1.1 
Host: rtax.criteo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/

search
                                         178.250.0.166
HTTP/1.1 204 No Content
                                        
server: nginx/1.20.1
date: Tue, 06 Dec 2022 09:59:07 GMT
strict-transport-security: max-age=31536000; preload;

                                        
                                            GET /id?d_visid_ver=1.5.6&d_rtbd=json&d_ver=2&d_orgid=723C39F756ABCD0B7F000101%40AdobeOrg&d_nsid=0&d_cb=s_c_il%5B0%5D._setMarketingCloudFields HTTP/1.1 
Host: dpm.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/

search
                                         54.170.10.162
HTTP/1.1 200 OK
Content-Type: application/javascript;charset=utf-8
                                        
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
DCS: dcs-prod-irl1-1-v045-0d492e21d.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=83115032145783221531960445016253317958; Max-Age=15552000; Expires=Sun, 04 Jun 2023 09:59:07 GMT; Path=/; Domain=.demdex.net
X-TID: 2u1kMmQLSnI=
Content-Length: 689
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (1652), with no line terminators
Size:   689
Md5:    2eb0020fc0e9a7e736d114b91c63e2fa
Sha1:   3e0f13639e4b9eab8dc6ca319397d89e2f47eb29
Sha256: e26ed3a5228d1bc7984bd3ec5eb2717793d26314180ef8bc9dccba799ec8c4a9
                                        
                                            GET /event?d_mid=83458936266698363721999053362717893115&d_nsid=1&d_ld=_ts%3D1670320746853&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_1_1670320746853&c_pageName=sign%20in&c_channel=sign%20in&c_events=event11&c_prop1=%2Fbossss%2F%2F%3Asign%20in&c_eVar1=%2Fbossss%2F%2F%3Asign%20in&c_prop4=sign%20in&c_prop7=my-xfinity&c_eVar7=my-xfinity&c_prop23=large&c_prop31=comcast&c_eVar31=sign%20in&c_prop32=cim&c_eVar32=cim&c_prop33=comcast%20net&c_eVar33=comcast%20net&c_prop34=comcast%20net%3Asign%20in&c_prop35=authentication&c_eVar35=authentication&c_prop36=site%3Ahome&c_eVar36=site%3Ahome&c_eVar41=large&c_prop44=anonymous%3Asign%20in&c_eVar47=anonymous&c_hier1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&c_hier2=%2Fbossss%2F HTTP/1.1 
Host: comcastathena.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/

search
                                         54.72.53.159
HTTP/1.1 200 OK
Content-Type: application/javascript;charset=utf-8
                                        
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
DCS: dcs-prod-irl1-1-v045-0327f6936.edge-irl1.demdex.com 4 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=83115032145783221531960445016253317958; Max-Age=15552000; Expires=Sun, 04 Jun 2023 09:59:07 GMT; Path=/; Domain=.demdex.net
X-TID: eBsQg1PqSPM=
Content-Length: 150
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   150
Md5:    20e0a8aedb4e525c741fb3112426ac56
Sha1:   f98ce8a3b126e27201873828c958f54ec67e2145
Sha256: f441cb4b6ac2c4dad07e0590da8dcbb0ec4355543b72c20fe8e30c2a87c5c9a8
                                        
                                            GET /dest5.html?d_nsid=undefined HTTP/1.1 
Host: fast.comcastathena.demdex.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/
Upgrade-Insecure-Requests: 1

search
                                         23.33.119.16
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Accept-Ranges: bytes
ETag: "2c9c2ee145ee280b85a217ad7045fae5:1580750826.437238"
Last-Modified: Mon, 03 Feb 2020 17:27:06 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=21600
Date: Tue, 06 Dec 2022 09:59:07 GMT
Content-Length: 2785
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Size:   2785
Md5:    b8a1b21bd0651935d53a7bff0c2479d6
Sha1:   31527c952669b6d1d06c537eb50c9043f576e607
Sha256: 80888fb8b92d01d8dd990af664d273f6364b2917741b09911096099ce4eef1bd
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Dec 2022 09:59:08 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 10:07:33 GMT
Expires: Mon, 12 Dec 2022 10:07:32 GMT
Etag: "3948927f98e2938fb38eb761eb834d20b848d048"
Cache-Control: max-age=602281,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77542ac49d590b69-OSL

                                        
                                            GET /static/images/global/favicon.ico HTTP/1.1 
Host: login.comcast.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cgltreeservices.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         76.96.69.84
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
                                        
Date: Tue, 06 Dec 2022 09:59:08 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Last-Modified: Tue, 11 Jan 2022 16:05:32 GMT
Accept-Ranges: bytes
Content-Length: 1150
Keep-Alive: timeout=5, max=500
Connection: Keep-Alive


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size:   1150
Md5:    8591b1e1977be23073d13751a5f203d0
Sha1:   3f549eff3cf641803992d8748202bf0775f4765e
Sha256: a0307845ad0d4579ae6e7283a02b81403767295ab37cc0b144ac9d60772ebf97
                                        
                                            GET /impression.php/f30a9b6c172d95a/?api_key=161991040493541&lid=115&payload=%7B%22source%22%3A%22jssdk%22%7D HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cgltreeservices.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         31.13.72.36
HTTP/2 200 OK
content-type: image/gif
                                        
vary: Accept-Encoding
content-encoding: br
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
x-fb-debug: AAwlCwSwSe3ulUWXsevDkRT5CTafQKL8GBMHRSKplpS/e/DqxnKCfhMd234bd0qdyPNH/fKeVGOMJnODqszN6A==
date: Tue, 06 Dec 2022 09:59:07 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /bossss/Sign%20in%20to%20XFINITY_files/jquery-1.js HTTP/1.1 
Host: cgltreeservices.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cgltreeservices.com/bossss/?entity=1073444

search
                                         108.167.141.129
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 06 Dec 2022 09:59:04 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 11:38:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing