ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7908acd0c083145e2b454aaeb063c236
0696647bb0a4118327f637a50ebcc21bac39d592
ffc30b68df0b33d67f31e37bbf5ae5cf4c23e1c8b8197bf76a95ee06bec4cd36
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6349
Cache-Control: max-age=113407
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 04:46:53 GMT
Etag: "636a2fef-1d7"
Expires: Thu, 10 Nov 2022 12:17:00 GMT
Last-Modified: Tue, 08 Nov 2022 10:31:11 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aabe410b4bbe4d8beb0e4561d3aa158e
e1788632902ddea62cdd9e7ad6009a75ffb69788
ad535e27b201e92670770b2b868c58f7c05633ec66490a41ef4592f062834c1f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AD535E27B201E92670770B2B868C58F7C05633EC66490A41EF4592F062834C1F"
Last-Modified: Wed, 09 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6016
Expires: Wed, 09 Nov 2022 06:27:09 GMT
Date: Wed, 09 Nov 2022 04:46:53 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7908acd0c083145e2b454aaeb063c236
0696647bb0a4118327f637a50ebcc21bac39d592
ffc30b68df0b33d67f31e37bbf5ae5cf4c23e1c8b8197bf76a95ee06bec4cd36
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3094
Cache-Control: max-age=110152
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 04:46:53 GMT
Etag: "636a2fef-1d7"
Expires: Thu, 10 Nov 2022 11:22:45 GMT
Last-Modified: Tue, 08 Nov 2022 10:31:11 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dc90abd8b3ea8e75a68c144d74d75788
1ce29dca1ee9ca8931397de31ffb6cf7833baaf8
807000997bcf1b7a1fa35e43908cbfa54cd1704a5a0f53c09e1ae154638f10e0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "807000997BCF1B7A1FA35E43908CBFA54CD1704A5A0F53C09E1AE154638F10E0"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2522
Expires: Wed, 09 Nov 2022 05:28:55 GMT
Date: Wed, 09 Nov 2022 04:46:53 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: bdBpDzpJ6vnPwrTYx4Gk7JMZ7/9DZPTa1naNuE8BZd5EAM4nTZWGV4foywvINP4j/oDxnTKkbhI=
x-amz-request-id: EF8HAD49KP3909BR
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 09 Nov 2022 03:48:48 GMT
age: 3485
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 04:46:53 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c3bfb2369ac6a796f89ff733882b7c13
b91a4257bfcfdbb49aa925043ef6c3cf6058bffa
1331da379f31a0c6b0e377b4dfd22e4048cf035f54a33683acd925c7ed5d1d2e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1331DA379F31A0C6B0E377B4DFD22E4048CF035F54A33683ACD925C7ED5D1D2E"
Last-Modified: Tue, 08 Nov 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21575
Expires: Wed, 09 Nov 2022 10:46:28 GMT
Date: Wed, 09 Nov 2022 04:46:53 GMT
Connection: keep-alive
randfordsecurex.run.place/rbfcsecure
210.16.120.243301 Moved Permanently 253 B URL HTTP/1.1 randfordsecurex.run.place/rbfcsecure
IP 210.16.120.243:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7f9e06a093917b89898771e9f3c40010
ef0e7d562d37ac26b531cbf2344a48b118d6200b
436de8b375ca560be105c74086486cf06071b6a218f7ec28437652ee5ca17144
Analyzer Verdict Alert openphish RBFCU
fortinet Phishing
GET /rbfcsecure HTTP/1.1
Host: randfordsecurex.run.place
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ga=GA1.2.1198812089.1667958974; _gid=GA1.2.592565797.1667958974; _uetsid=b107f1305fd111ed972c47cc23343ca4; _uetvid=b107e6905fd111ed9f5283aef1d8e645
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 09 Nov 2022 04:46:53 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 253
Connection: keep-alive
Location: https://randfordsecurex.run.place/rbfcsecure/
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2a47d129a3af5f02c654faf925c60273
9ad27ed9f4500c939260a677c12e702599b00fa9
0e031af077bf7009ffefada782407a247bbd31bddc96994c68de7bfe902bf992
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5006
Cache-Control: max-age=106999
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 04:46:53 GMT
Etag: "636a1c26-1d7"
Expires: Thu, 10 Nov 2022 10:30:12 GMT
Last-Modified: Tue, 08 Nov 2022 09:06:46 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.89.217.163101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.217.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: x6x0jg/untqjwPvPvZXuag==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: DMQpTh+j1vNmobKJf9jfVaBO138=
randfordsecurex.run.place/rbfcsecure/
210.16.120.243200 OK 18 kB URL HTTP/1.1 randfordsecurex.run.place/rbfcsecure/
IP 210.16.120.243:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text
Hash be1934435775fc68aef4910769a6021b
5f17c2bb39bf8157f608c1bc8e44c1b02440bc4b
031ad4c0eac709bed180f733da6dbc610ba7761d206bdbb69f57b6181654e622
Analyzer Verdict Alert fortinet Phishing
GET /rbfcsecure/ HTTP/1.1
Host: randfordsecurex.run.place
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ga=GA1.2.1198812089.1667958974; _gid=GA1.2.592565797.1667958974; _uetsid=b107f1305fd111ed972c47cc23343ca4; _uetvid=b107e6905fd111ed9f5283aef1d8e645
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Nov 2022 04:46:53 GMT
Content-Type: text/html
Content-Length: 18393
Connection: keep-alive
Last-Modified: Tue, 08 Nov 2022 15:13:14 GMT
ETag: "fc56-5ecf6faa0654e-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5635
Expires: Wed, 09 Nov 2022 06:20:49 GMT
Date: Wed, 09 Nov 2022 04:46:54 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba11c7c9-77b7-4b0d-aa7f-493ab46c77b1.jpeg
34.120.237.76200 OK 2.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba11c7c9-77b7-4b0d-aa7f-493ab46c77b1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1b4ae74d6a926ef85ce993a33f7d8a3f
9ce8d453c5ab8f7682e5ee3641a37b1abe1a8857
61b2fea439945e122a8502ab05e6c68bc1b3a9d8c639344ef5b04dfcc6889a65
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba11c7c9-77b7-4b0d-aa7f-493ab46c77b1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2766
x-amzn-requestid: 934d6215-528a-4e78-bc46-3b0838d94671
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bG3d2HMGIAMF7Gg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6365d2be-0c11c2fb6ebc48eb1f0a3aef;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 03:04:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OMbpNCSxrKRiI5pF-AOJuTpFYdCHl00zMOLWxyXZAqWxnq3FJPsSaA==
via: 1.1 d8d9c12d1a621129f4bc739038e7c72e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 09:36:18 GMT
age: 69036
etag: "9ce8d453c5ab8f7682e5ee3641a37b1abe1a8857"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5635
Expires: Wed, 09 Nov 2022 06:20:49 GMT
Date: Wed, 09 Nov 2022 04:46:54 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fff4595af-345a-41e9-bc77-5e5f5719a251.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fff4595af-345a-41e9-bc77-5e5f5719a251.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ee6ac2ea7efd3fab3c55044dc9b01879
a3564349a6c866d4a36fb2d86944b69628bdb8e6
95745616900a0ea1527a69558a415beab18fde9b871e1bf4cf246fa8777dcb91
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fff4595af-345a-41e9-bc77-5e5f5719a251.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8586
x-amzn-requestid: 4ae185c6-868f-4d10-9c41-a423cdf42101
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bTTUCG1doAMFtYg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636acc19-3d3201177e8e60866ce59b01;Sampled=0
x-amzn-remapped-date: Tue, 08 Nov 2022 21:37:29 GMT
x-amz-cf-pop: SFO20-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: RJe5KNfHzBE5n8chH2pVcUGXQWXVVYH3u5Ocbn4BJDwGvqrgMIcPWw==
via: 1.1 f9d4b21c935c23e15cfc47b3d33e44e6.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 21:44:13 GMT
etag: "a3564349a6c866d4a36fb2d86944b69628bdb8e6"
content-type: image/jpeg
age: 25361
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5635
Expires: Wed, 09 Nov 2022 06:20:49 GMT
Date: Wed, 09 Nov 2022 04:46:54 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F892db5b6-1bca-4d8f-b844-3201ef7b3ef0.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F892db5b6-1bca-4d8f-b844-3201ef7b3ef0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e3d20f900a883cec8e0cab687df8a251
1105130523fb346dbab9ad2bb8d71c3f505425ce
b5ade9b1302479c4589eb659125d0111c55bb4520d72501cc47b295fd65e8a6e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F892db5b6-1bca-4d8f-b844-3201ef7b3ef0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12510
x-amzn-requestid: ad966326-25a8-44df-880a-608572bf2538
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bTTTuExNIAMFilA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636acc17-4eaa4fda178720702d9a9583;Sampled=0
x-amzn-remapped-date: Tue, 08 Nov 2022 21:37:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Xombu_yzlbxHa6C2uPHFwR_ufnmPaEMna2B1rkj71iyxBe8J5QJQ5g==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 21:43:31 GMT
etag: "1105130523fb346dbab9ad2bb8d71c3f505425ce"
content-type: image/jpeg
age: 25403
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf9d55c4-e1e8-4687-8395-004d7c4a0225.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf9d55c4-e1e8-4687-8395-004d7c4a0225.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b3cd10472aabf86c5ffdfd06057f87f6
82728de12017be85f27e65a7222573058aad37c3
1bbb913786c95b51639193739d2cf01de1cdd8afe8b68dfef378b989129f0ef4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf9d55c4-e1e8-4687-8395-004d7c4a0225.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6635
x-amzn-requestid: ad14becc-e9a4-4df4-9319-240fd6131b55
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bTSsTESsIAMF-Dg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636acb1b-3ba7a6a43e2ac8e31ed031dd;Sampled=0
x-amzn-remapped-date: Tue, 08 Nov 2022 21:33:15 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: q4afSOCKteTyjO8YPEXTQ6wqrJydGhptic3J_sT7WcjmeH0ypa3i2g==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 21:43:31 GMT
etag: "82728de12017be85f27e65a7222573058aad37c3"
content-type: image/jpeg
age: 25403
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 2cc2a9c89cbd9d2da1fd4a79a7d8b1d8
b2a4971855e26ff842f71d5dd4fff2596a83bd59
3bdf6aea6d003d0b087c13a74034f422cb09a59fd5c97b2b48ce590dfca6109a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 04:46:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 2cc2a9c89cbd9d2da1fd4a79a7d8b1d8
b2a4971855e26ff842f71d5dd4fff2596a83bd59
3bdf6aea6d003d0b087c13a74034f422cb09a59fd5c97b2b48ce590dfca6109a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 04:46:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5635
Expires: Wed, 09 Nov 2022 06:20:49 GMT
Date: Wed, 09 Nov 2022 04:46:54 GMT
Connection: keep-alive
ajax.googleapis.com/ajax/libs/jqueryui/1.8.16/themes/base/jquery-ui.css
142.250.74.10200 OK 5.9 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jqueryui/1.8.16/themes/base/jquery-ui.css
IP 142.250.74.10:0
File type ASCII text, with very long lines (551)
Hash 521def403dde2402c6d867185ab41ac6
128490143795bd6d557b6c6bd463c2973b1862ce
16c80f377bbb572eff07ce4b202463d39073e31e4c327edaf898de923b2034c0
GET /ajax/libs/jqueryui/1.8.16/themes/base/jquery-ui.css HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 5918
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Nov 2022 12:40:18 GMT
expires: Fri, 03 Nov 2023 12:40:18 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 489996
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/css; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jqueryui/1.8.16/jquery-ui.min.js
142.250.74.10200 OK 52 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jqueryui/1.8.16/jquery-ui.min.js
IP 142.250.74.10:0
File type ASCII text, with very long lines (563)
Hash 0fd0e04fe62ff281d2dd5a94ced9e11f
0fc9632b823fd5c782ab106fc2ef9715130e2822
2e19c9038a7939b50ac6beca5801c3d8d8c6ac506fb397300276a8d1127d35d5
GET /ajax/libs/jqueryui/1.8.16/jquery-ui.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 52222
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 07 Nov 2022 03:03:59 GMT
expires: Tue, 07 Nov 2023 03:03:59 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 178975
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5635
Expires: Wed, 09 Nov 2022 06:20:49 GMT
Date: Wed, 09 Nov 2022 04:46:54 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84bc0bac-c8ba-4055-b51a-0c279033a4e9.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84bc0bac-c8ba-4055-b51a-0c279033a4e9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1382cce063e7b64ce1a9360db1cb1a03
e773fbc5ba8bb957bce566d353c4580e46d4b31c
88332359957b997367612f496d866de90680f3ff458ead4e6cdc052ad3fe8858
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84bc0bac-c8ba-4055-b51a-0c279033a4e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6458
x-amzn-requestid: 7dc5df31-e521-476f-aee2-6a59192d8c94
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bTTTuEwBoAMFpVg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636acc17-1a1866f906458f916d6baac8;Sampled=0
x-amzn-remapped-date: Tue, 08 Nov 2022 21:37:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: MqEzLi_mL_A3zCGmqd6Tgjp4DnBxrxC-Zbl-8U-OcGlBO_0la7woBg==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 21:44:23 GMT
etag: "e773fbc5ba8bb957bce566d353c4580e46d4b31c"
content-type: image/jpeg
age: 25351
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 2cc2a9c89cbd9d2da1fd4a79a7d8b1d8
b2a4971855e26ff842f71d5dd4fff2596a83bd59
3bdf6aea6d003d0b087c13a74034f422cb09a59fd5c97b2b48ce590dfca6109a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 04:46:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
142.250.74.10200 OK 33 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
IP 142.250.74.10:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash 18351732b1849ba758e98884e186b3c8
d735af8661eda41ff4ffbf76e6a284a0e2deb81c
bfac625d304d52e04f2caeb19266354749929c888ca09d3d1e3edcbb8770d0f0
GET /ajax/libs/jquery/1.7.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33333
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 07 Nov 2022 13:11:41 GMT
expires: Tue, 07 Nov 2023 13:11:41 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 142513
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 2cc2a9c89cbd9d2da1fd4a79a7d8b1d8
b2a4971855e26ff842f71d5dd4fff2596a83bd59
3bdf6aea6d003d0b087c13a74034f422cb09a59fd5c97b2b48ce590dfca6109a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 04:46:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 2cc2a9c89cbd9d2da1fd4a79a7d8b1d8
b2a4971855e26ff842f71d5dd4fff2596a83bd59
3bdf6aea6d003d0b087c13a74034f422cb09a59fd5c97b2b48ce590dfca6109a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 04:46:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
randfordsecurex.run.place/NBO/assets/js/spin.min.js
210.16.120.243404 Not Found 729 B URL HTTP/1.1 randfordsecurex.run.place/NBO/assets/js/spin.min.js
IP 210.16.120.243:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a484b23063e38b47056ec9fed74dabbd
b10da299e767acd87e02107789121818520aaae6
df550d2e505a45f8dc2f2f33beb07dc0fae38e4e60d09fec84f67c28021d3b63
Analyzer Verdict Alert fortinet Phishing
GET /NBO/assets/js/spin.min.js HTTP/1.1
Host: randfordsecurex.run.place
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/rbfcsecure/
Cookie: _ga=GA1.2.1198812089.1667958974; _gid=GA1.2.592565797.1667958974; _uetsid=b107f1305fd111ed972c47cc23343ca4; _uetvid=b107e6905fd111ed9f5283aef1d8e645
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 09 Nov 2022 04:46:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 08 Nov 2022 15:06:50 GMT
ETag: W/"5aa-5ecf6e3b78d92"
Content-Encoding: gzip
fonts.googleapis.com/icon?family=Material+Icons
142.250.74.10200 OK 812 B URL HTTP/2 fonts.googleapis.com/icon?family=Material+Icons
IP 142.250.74.10:0
Hash f122f6e95237f7cf4c67b6047c78a6de
41b4af5024fdd7d59cb00069b5af85b8e7a2959e
0d06967632c8ffbf57160d7d6aa5f3a24f963265d658c692863cbea8196b7642
GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 09 Nov 2022 04:46:54 GMT
date: Wed, 09 Nov 2022 04:46:54 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 6557f1e57e8da70d2e1061be418f9256
aa28e9891183af5eca7f52fd727bca921e17a680
5306a3a9fbcd8ad30054bc4e4da4d5dd882b3664493d8421471832f2b067dc1f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6591
Cache-Control: max-age=166939
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 04:46:54 GMT
Etag: "636b001a-1d7"
Expires: Fri, 11 Nov 2022 03:09:13 GMT
Last-Modified: Wed, 09 Nov 2022 01:19:22 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 6557f1e57e8da70d2e1061be418f9256
aa28e9891183af5eca7f52fd727bca921e17a680
5306a3a9fbcd8ad30054bc4e4da4d5dd882b3664493d8421471832f2b067dc1f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 696
Cache-Control: max-age=161044
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 04:46:54 GMT
Etag: "636b001a-1d7"
Expires: Fri, 11 Nov 2022 01:30:58 GMT
Last-Modified: Wed, 09 Nov 2022 01:19:22 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 6557f1e57e8da70d2e1061be418f9256
aa28e9891183af5eca7f52fd727bca921e17a680
5306a3a9fbcd8ad30054bc4e4da4d5dd882b3664493d8421471832f2b067dc1f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6591
Cache-Control: max-age=166939
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 04:46:54 GMT
Etag: "636b001a-1d7"
Expires: Fri, 11 Nov 2022 03:09:13 GMT
Last-Modified: Wed, 09 Nov 2022 01:19:22 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e31070030cb5637aea39ad9f280df1a9
d33fc4210a09b5d83169a866420714d59bb464dc
661fac41293dae91793d06e563b9dc877bfd0e8ad120b9cd231fc866babb2ee3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=126119
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 04:46:54 GMT
Etag: "636a7a65-1d7"
Expires: Thu, 10 Nov 2022 15:48:53 GMT
Last-Modified: Tue, 08 Nov 2022 15:48:53 GMT
Server: nginx
Content-Length: 471
randfordsecurex.run.place/NBO/assets/js/common.js?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
210.16.120.243404 Not Found 729 B URL HTTP/1.1 randfordsecurex.run.place/NBO/assets/js/common.js?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
IP 210.16.120.243:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a484b23063e38b47056ec9fed74dabbd
b10da299e767acd87e02107789121818520aaae6
df550d2e505a45f8dc2f2f33beb07dc0fae38e4e60d09fec84f67c28021d3b63
Analyzer Verdict Alert fortinet Phishing
GET /NBO/assets/js/common.js?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8 HTTP/1.1
Host: randfordsecurex.run.place
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/rbfcsecure/
Cookie: _ga=GA1.2.1198812089.1667958974; _gid=GA1.2.592565797.1667958974; _uetsid=b107f1305fd111ed972c47cc23343ca4; _uetvid=b107e6905fd111ed9f5283aef1d8e645
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 09 Nov 2022 04:46:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 08 Nov 2022 15:06:50 GMT
ETag: W/"5aa-5ecf6e3b78d92"
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e31070030cb5637aea39ad9f280df1a9
d33fc4210a09b5d83169a866420714d59bb464dc
661fac41293dae91793d06e563b9dc877bfd0e8ad120b9cd231fc866babb2ee3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=126119
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 04:46:54 GMT
Etag: "636a7a65-1d7"
Expires: Thu, 10 Nov 2022 15:48:53 GMT
Last-Modified: Tue, 08 Nov 2022 15:48:53 GMT
Server: nginx
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e31070030cb5637aea39ad9f280df1a9
d33fc4210a09b5d83169a866420714d59bb464dc
661fac41293dae91793d06e563b9dc877bfd0e8ad120b9cd231fc866babb2ee3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=126119
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 04:46:54 GMT
Etag: "636a7a65-1d7"
Expires: Thu, 10 Nov 2022 15:48:53 GMT
Last-Modified: Tue, 08 Nov 2022 15:48:53 GMT
Server: nginx
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e31070030cb5637aea39ad9f280df1a9
d33fc4210a09b5d83169a866420714d59bb464dc
661fac41293dae91793d06e563b9dc877bfd0e8ad120b9cd231fc866babb2ee3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=126119
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 04:46:54 GMT
Etag: "636a7a65-1d7"
Expires: Thu, 10 Nov 2022 15:48:53 GMT
Last-Modified: Tue, 08 Nov 2022 15:48:53 GMT
Server: nginx
Content-Length: 471
www.rbfcu.org/NBO/assets/css/main.css?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
107.162.179.221200 OK 114 B URL HTTP/1.1 www.rbfcu.org/NBO/assets/css/main.css?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
IP 107.162.179.221:0
File type ASCII text, with CRLF line terminators
Hash 29ff40f45cf15e206cf0e07f9101209b
ccb83f746066dcda98f90e8aafb5abc67338c07a
9b4694e3039b77de3a1fb1abba77bd96809ce43234b1cef398178ed9f54a9bf7
GET /NBO/assets/css/main.css?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8 HTTP/1.1
Host: www.rbfcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Xet-Cookie:
Age: 15967
Date: Wed, 09 Nov 2022 00:20:49 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 111, 1.1 dca1-bit6002
Last-Modified: Tue, 13 Sep 2022 13:50:12 GMT
Content-Type: text/css
Accept-Ranges: bytes
Content-Language: en-US
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
serverID: LS2
Strict-Transport-Security: max-age=31536000
Set-Cookie: PersistanceCookie=!f5a4UPhFKrMK90VJ3apogWNvWjLRG0egd4UHe0Ii3Y3nqXUvQ084XoAhSQ8tHf0+YItlWsR4Rp3AuwA=; path=/; Httponly; Secure
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
randfordsecurex.run.place/NBO/assets/js/columnHeight.js?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
210.16.120.243404 Not Found 729 B URL HTTP/1.1 randfordsecurex.run.place/NBO/assets/js/columnHeight.js?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
IP 210.16.120.243:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a484b23063e38b47056ec9fed74dabbd
b10da299e767acd87e02107789121818520aaae6
df550d2e505a45f8dc2f2f33beb07dc0fae38e4e60d09fec84f67c28021d3b63
Analyzer Verdict Alert fortinet Phishing
GET /NBO/assets/js/columnHeight.js?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8 HTTP/1.1
Host: randfordsecurex.run.place
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/rbfcsecure/
Cookie: _ga=GA1.2.1198812089.1667958974; _gid=GA1.2.592565797.1667958974; _uetsid=b107f1305fd111ed972c47cc23343ca4; _uetvid=b107e6905fd111ed9f5283aef1d8e645
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 09 Nov 2022 04:46:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 08 Nov 2022 15:06:50 GMT
ETag: W/"5aa-5ecf6e3b78d92"
Content-Encoding: gzip
randfordsecurex.run.place/NBO/assets/js/ajax.js?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
210.16.120.243404 Not Found 729 B URL HTTP/1.1 randfordsecurex.run.place/NBO/assets/js/ajax.js?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
IP 210.16.120.243:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a484b23063e38b47056ec9fed74dabbd
b10da299e767acd87e02107789121818520aaae6
df550d2e505a45f8dc2f2f33beb07dc0fae38e4e60d09fec84f67c28021d3b63
GET /NBO/assets/js/ajax.js?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8 HTTP/1.1
Host: randfordsecurex.run.place
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/rbfcsecure/
Cookie: _ga=GA1.2.1198812089.1667958974; _gid=GA1.2.592565797.1667958974; _uetsid=b107f1305fd111ed972c47cc23343ca4; _uetvid=b107e6905fd111ed9f5283aef1d8e645
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 09 Nov 2022 04:46:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 08 Nov 2022 15:06:50 GMT
ETag: W/"5aa-5ecf6e3b78d92"
Content-Encoding: gzip
randfordsecurex.run.place/NBO/assets/js/logon.js?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
210.16.120.243404 Not Found 729 B URL HTTP/1.1 randfordsecurex.run.place/NBO/assets/js/logon.js?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
IP 210.16.120.243:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a484b23063e38b47056ec9fed74dabbd
b10da299e767acd87e02107789121818520aaae6
df550d2e505a45f8dc2f2f33beb07dc0fae38e4e60d09fec84f67c28021d3b63
Analyzer Verdict Alert fortinet Phishing
GET /NBO/assets/js/logon.js?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8 HTTP/1.1
Host: randfordsecurex.run.place
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/rbfcsecure/
Cookie: _ga=GA1.2.1198812089.1667958974; _gid=GA1.2.592565797.1667958974; _uetsid=b107f1305fd111ed972c47cc23343ca4; _uetvid=b107e6905fd111ed9f5283aef1d8e645
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 09 Nov 2022 04:46:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 08 Nov 2022 15:06:50 GMT
ETag: W/"5aa-5ecf6e3b78d92"
Content-Encoding: gzip
www.rbfcu.org/NBO/assets/css/redesignCss/footer-modals.css?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
107.162.179.221200 OK 2.5 kB URL HTTP/1.1 www.rbfcu.org/NBO/assets/css/redesignCss/footer-modals.css?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
IP 107.162.179.221:0
File type assembler source, ASCII text
Hash 2fd2f617739aa997c7bcbebbdb267ba7
9ab75932f5bafaa4c904420da16700d3a774c0f9
01122f59e7a9eac9e9bbf57333213af6ce4b965f3cd8ffc2bcbaa39ac5899150
GET /NBO/assets/css/redesignCss/footer-modals.css?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8 HTTP/1.1
Host: www.rbfcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Xet-Cookie:
Age: 15964
Date: Wed, 09 Nov 2022 00:20:52 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 111, 1.1 dca1-bit13027
Last-Modified: Tue, 13 Sep 2022 13:50:20 GMT
Content-Type: text/css
Accept-Ranges: bytes
Content-Language: en-US
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
serverID: LA4
Strict-Transport-Security: max-age=31536000
Set-Cookie: PersistanceCookie=!J3pHuk2r0ewseTvhrnwYohVdbB9C8+R2Ys92Kbks4JR00RhMqRYoQtIAMzQuUzbUPFCYQYpx0MKrUdU=; path=/; Httponly; Secure
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
www.rbfcu.org/NBO/assets/css/redesignCss/floatlabel.css?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
107.162.179.221200 OK 1.2 kB URL HTTP/1.1 www.rbfcu.org/NBO/assets/css/redesignCss/floatlabel.css?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
IP 107.162.179.221:0
Hash a025ce93659c13ee48c102c1bf6904c1
d5acabdaf052c03026edb9328aa20dd6849f284a
54b251089798d44616b8255e9e64b535cbe97f7bb1f2d070a9175e2b11747e0d
GET /NBO/assets/css/redesignCss/floatlabel.css?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8 HTTP/1.1
Host: www.rbfcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Xet-Cookie:
Age: 15964
Date: Wed, 09 Nov 2022 00:20:52 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 111, 1.1 dca1-bit7011
Last-Modified: Tue, 13 Sep 2022 13:50:18 GMT
Content-Type: text/css
Accept-Ranges: bytes
Content-Language: en-US
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
serverID: LS3
Strict-Transport-Security: max-age=31536000
Set-Cookie: PersistanceCookie=!06OJrjkDUAXecfEfAlrt/gAymWxGa1JiCrAIJaQmru98VMfj0ZcgsUIh7HgKw9Owy+5DFCmKkMxK8zc=; path=/; Httponly; Secure
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
www.rbfcu.org/NBO/assets/css/redesignCss/redesignheader.css?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
107.162.179.221200 OK 14 kB URL HTTP/1.1 www.rbfcu.org/NBO/assets/css/redesignCss/redesignheader.css?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
IP 107.162.179.221:0
File type assembler source, ASCII text, with very long lines (325), with CRLF line terminators
Hash 5e1b6d02febad06c3c474b7ccf3242db
087c1fe6f79b7f551c2add530aa83883aa3a3032
a4953551f043d2fefd1256393b824cbd1003abe746db1e1accd99dfc23d83a6e
GET /NBO/assets/css/redesignCss/redesignheader.css?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8 HTTP/1.1
Host: www.rbfcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Xet-Cookie:
Age: 15903
Date: Wed, 09 Nov 2022 00:21:53 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 111, 1.1 dca1-bit4010
Last-Modified: Tue, 13 Sep 2022 13:50:12 GMT
Content-Type: text/css
Accept-Ranges: bytes
Content-Language: en-US
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
serverID: LS2
Strict-Transport-Security: max-age=31536000
Set-Cookie: PersistanceCookie=!NWkR4qw4Fpm/X9NAkMUA10oZ0F/2rx9xLirfEr3RyqxCWAQkYtocW80CdW1oApobqzjFBqvS8i5/em8=; path=/; Httponly; Secure
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
www.rbfcu.org/NBO/assets/css/general.css?upd=542
107.162.179.221200 OK 6.5 kB URL HTTP/1.1 www.rbfcu.org/NBO/assets/css/general.css?upd=542
IP 107.162.179.221:0
File type ASCII text, with CRLF line terminators
Hash 48b47cc184f61d806d091bbedae7ccce
9ffe793d27fb10767fa7ddfa0a82bd69c5f1303e
3255ad265adc75929c18b555825cb458594c0d0bca532d89066da02493ef5865
GET /NBO/assets/css/general.css?upd=542 HTTP/1.1
Host: www.rbfcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.rbfcu.org/NBO/assets/css/main.css?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Xet-Cookie:
Age: 54406
Date: Tue, 08 Nov 2022 13:40:13 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 111, 1.1 dca1-bit6002
Last-Modified: Tue, 13 Sep 2022 13:50:18 GMT
Content-Type: text/css
Accept-Ranges: bytes
Content-Language: en-US
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
serverID: LA4
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
www.rbfcu.org/NBO/assets/css/tables.css?upd=543
107.162.179.221200 OK 3.8 kB URL HTTP/1.1 www.rbfcu.org/NBO/assets/css/tables.css?upd=543
IP 107.162.179.221:0
Hash c715d1a5a4dd47e79a10debccc08cbe2
124d338ddff312c98341e64f62b5fc449f962b7c
d2c88ee20f64b6214f1e73e8892330ebe5446a82974b2eb2d0eee972d30a442b
GET /NBO/assets/css/tables.css?upd=543 HTTP/1.1
Host: www.rbfcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.rbfcu.org/NBO/assets/css/main.css?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Xet-Cookie:
Age: 53316
Date: Tue, 08 Nov 2022 13:58:23 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 111, 1.1 dca1-bit13027
Last-Modified: Tue, 13 Sep 2022 13:50:16 GMT
Content-Type: text/css
Accept-Ranges: bytes
Content-Language: en-US
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
serverID: LA3
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
www.rbfcu.org/NBO/assets/css/forms.css?upd=543
107.162.179.221200 OK 4.2 kB URL HTTP/1.1 www.rbfcu.org/NBO/assets/css/forms.css?upd=543
IP 107.162.179.221:0
File type ASCII text, with CRLF, LF line terminators
Hash ac36970b94097b0a6b87df3e4038543b
aac09d9010d9768003219df73bd4cd4cc75a9ef0
644219a983b0aac11b275194773b7c28305a91bc30e8619ef2eaebf67c4472f9
GET /NBO/assets/css/forms.css?upd=543 HTTP/1.1
Host: www.rbfcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.rbfcu.org/NBO/assets/css/main.css?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Xet-Cookie:
Age: 44688
Date: Tue, 08 Nov 2022 16:22:11 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 111, 1.1 dca1-bit7011
Last-Modified: Tue, 13 Sep 2022 13:50:16 GMT
Content-Type: text/css
Accept-Ranges: bytes
Content-Language: en-US
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
serverID: LA1
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
randfordsecurex.run.place/NBO/assets/js/common.js?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
210.16.120.243404 Not Found 729 B URL HTTP/1.1 randfordsecurex.run.place/NBO/assets/js/common.js?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
IP 210.16.120.243:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a484b23063e38b47056ec9fed74dabbd
b10da299e767acd87e02107789121818520aaae6
df550d2e505a45f8dc2f2f33beb07dc0fae38e4e60d09fec84f67c28021d3b63
Analyzer Verdict Alert fortinet Phishing
GET /NBO/assets/js/common.js?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8 HTTP/1.1
Host: randfordsecurex.run.place
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/rbfcsecure/
Cookie: _ga=GA1.2.1198812089.1667958974; _gid=GA1.2.592565797.1667958974; _uetsid=b107f1305fd111ed972c47cc23343ca4; _uetvid=b107e6905fd111ed9f5283aef1d8e645
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 09 Nov 2022 04:46:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 08 Nov 2022 15:06:50 GMT
ETag: W/"5aa-5ecf6e3b78d92"
Content-Encoding: gzip
www.rbfcu.org/NBO/assets/css/print.css?upd=543
107.162.179.221200 OK 876 B URL HTTP/1.1 www.rbfcu.org/NBO/assets/css/print.css?upd=543
IP 107.162.179.221:0
Hash fb0070d0acdc7f98ec86305f286d863b
cad50ba27361167699186ce9a2c20ecf1cf16fed
becb7ab334081cde0535c42c199eaf539e15ff8e7e8fa62823644b05032f09c2
GET /NBO/assets/css/print.css?upd=543 HTTP/1.1
Host: www.rbfcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.rbfcu.org/NBO/assets/css/main.css?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Xet-Cookie:
Age: 53315
Date: Tue, 08 Nov 2022 13:58:24 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 111, 1.1 dca1-bit4010
Last-Modified: Tue, 13 Sep 2022 13:50:14 GMT
Content-Type: text/css
Accept-Ranges: bytes
Content-Language: en-US
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
serverID: LA3
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
randfordsecurex.run.place/NBO/assets/js/columnHeight.js?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
210.16.120.243404 Not Found 729 B URL HTTP/1.1 randfordsecurex.run.place/NBO/assets/js/columnHeight.js?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
IP 210.16.120.243:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a484b23063e38b47056ec9fed74dabbd
b10da299e767acd87e02107789121818520aaae6
df550d2e505a45f8dc2f2f33beb07dc0fae38e4e60d09fec84f67c28021d3b63
Analyzer Verdict Alert fortinet Phishing
GET /NBO/assets/js/columnHeight.js?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8 HTTP/1.1
Host: randfordsecurex.run.place
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/rbfcsecure/
Cookie: _ga=GA1.2.1198812089.1667958974; _gid=GA1.2.592565797.1667958974; _uetsid=b107f1305fd111ed972c47cc23343ca4; _uetvid=b107e6905fd111ed9f5283aef1d8e645
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 09 Nov 2022 04:46:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 08 Nov 2022 15:06:50 GMT
ETag: W/"5aa-5ecf6e3b78d92"
Content-Encoding: gzip
www.rbfcu.org/NBO/assets/css/colors.css?upd=543
107.162.179.221200 OK 1.7 kB URL HTTP/1.1 www.rbfcu.org/NBO/assets/css/colors.css?upd=543
IP 107.162.179.221:0
Hash df3996f8f9f4dfd4130ed12d34ba9949
6513e274dfb205cf38a2e66c5fe4a96bb39335e6
9f574443d1b4af964d23411e63f9170aede32bf4770dee8793053d0408df3717
GET /NBO/assets/css/colors.css?upd=543 HTTP/1.1
Host: www.rbfcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.rbfcu.org/NBO/assets/css/main.css?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Xet-Cookie:
Age: 54385
Date: Tue, 08 Nov 2022 13:40:34 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 111, 1.1 dca1-bit7011
Last-Modified: Tue, 13 Sep 2022 13:50:12 GMT
Content-Type: text/css
Accept-Ranges: bytes
Content-Language: en-US
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
serverID: LS2
Strict-Transport-Security: max-age=31536000
Set-Cookie: PersistanceCookie=!Oc82Xn21P8P8NAsfAlrt/gAymWxGaxZAFeYgVAmOHYhdNcz4qPG5EWDmaTQzy3TA1KZoe1shDOMM+48=; path=/; Httponly; Secure
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
www.rbfcu.org/NBO/assets/css/font-awesome.min.css?upd=543
107.162.179.221200 OK 8.1 kB URL HTTP/1.1 www.rbfcu.org/NBO/assets/css/font-awesome.min.css?upd=543
IP 107.162.179.221:0
File type ASCII text, with very long lines (30837)
Hash 5c556f9e7946df92e121cf44fd2304b6
234c501437052a466a152d6ba2705926cfceb62f
dd17d174481dfce0bf64b4a59dab49177ac57d35b9ddb31cc0c98303323dec4e
GET /NBO/assets/css/font-awesome.min.css?upd=543 HTTP/1.1
Host: www.rbfcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.rbfcu.org/NBO/assets/css/main.css?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Xet-Cookie:
Age: 54088
Date: Tue, 08 Nov 2022 13:45:33 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 111, 1.1 dca1-bit13027
Last-Modified: Tue, 13 Sep 2022 13:50:16 GMT
Content-Type: text/css
Accept-Ranges: bytes
Content-Language: en-US
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
serverID: LS2
Strict-Transport-Security: max-age=31536000
Set-Cookie: PersistanceCookie=!GVYtbyqCOe0e9DXhrnwYohVdbB9C82WGDWSBYEG95fuj34ODYLMqLKJOiml2IvBiBjvCcSvObh1yqqI=; path=/; Httponly; Secure
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 4dc4a177d25f666a9ba1cf6225354467
8975f2e5cc9cadc4a1e369da45471eb1f0830c5e
6c9e54a13abc265cac7bdee51c6fa49e5e7590fec7a1cc99096c384dabef31be
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 04:46:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 3b26e900b9be930a07101e0d5f5de579
fc84082e3eef2e000f255f1cbd4cf45b694a2118
1dff9aae4984871070d193b60d41548a8a816f0ba20839d41d6e73a08e548afe
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 04:46:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://randfordsecurex.run.place
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Nov 2022 19:34:08 GMT
expires: Thu, 02 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 551568
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 4dc4a177d25f666a9ba1cf6225354467
8975f2e5cc9cadc4a1e369da45471eb1f0830c5e
6c9e54a13abc265cac7bdee51c6fa49e5e7590fec7a1cc99096c384dabef31be
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 04:46:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
216.58.207.195200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 16740, version 1.0\012- data
Hash e43b535855a4ae53bd5b07a6eeb3bf67
6507312d9491156036316484bf8dc41e8b52ddd9
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681
GET /s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://randfordsecurex.run.place
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 07 Nov 2022 18:53:39 GMT
expires: Tue, 07 Nov 2023 18:53:39 GMT
cache-control: public, max-age=31536000
age: 121997
last-modified: Mon, 15 Aug 2022 18:14:44 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 4dc4a177d25f666a9ba1cf6225354467
8975f2e5cc9cadc4a1e369da45471eb1f0830c5e
6c9e54a13abc265cac7bdee51c6fa49e5e7590fec7a1cc99096c384dabef31be
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 04:46:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-5B5PGN
142.250.74.168200 OK 90 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5B5PGN
IP 142.250.74.168:0
File type Unicode text, UTF-8 text, with very long lines (44551)
Hash b92477a88b8bf1c2e168e34efec6aedc
7f67cac4625c789c5a99fca240261751c0f4c1ca
a7cef0f23f62d589e99bde19975501313d35b35db7c1d6bac35f223e6ba52719
GET /gtm.js?id=GTM-5B5PGN HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 09 Nov 2022 04:46:56 GMT
expires: Wed, 09 Nov 2022 04:46:56 GMT
cache-control: private, max-age=900
last-modified: Wed, 09 Nov 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 89571
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.rbfcu.org/NBO/assets/img/redesign-icons/EHL-logo-gray.svg
107.162.179.221200 OK 1.6 kB URL HTTP/1.1 www.rbfcu.org/NBO/assets/img/redesign-icons/EHL-logo-gray.svg
IP 107.162.179.221:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (364)
Hash 4c3e76f3539f8138ce127058adda3f16
3d24cf4b8ac04557b1cb49ba5200e06513bc5136
8113eb956366da6d18ed13faa5cc8e9a459c09cdcf41c2619c80828d4ac2b152
GET /NBO/assets/img/redesign-icons/EHL-logo-gray.svg HTTP/1.1
Host: www.rbfcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Xet-Cookie:
Age: 54481
Date: Tue, 08 Nov 2022 13:39:00 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 111, 1.1 dca1-bit7011
Last-Modified: Tue, 13 Sep 2022 13:50:20 GMT
Content-Length: 1613
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Language: en-US
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
serverID: LA4
Strict-Transport-Security: max-age=31536000
www.rbfcu.org/NBO/assets/img/redesign-icons/send-reg-mail-olive.svg
107.162.179.221200 OK 6.8 kB URL HTTP/1.1 www.rbfcu.org/NBO/assets/img/redesign-icons/send-reg-mail-olive.svg
IP 107.162.179.221:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4432)
Hash 9929514c11d33bfe2a6799469f364d86
de2d9b60c8e7d9280b6e651e0083ccce21b3576b
4e2bff0068e8833892e2a07e86e168f9ce05b57bb0820ae9b67b7802781704b1
GET /NBO/assets/img/redesign-icons/send-reg-mail-olive.svg HTTP/1.1
Host: www.rbfcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Xet-Cookie:
Age: 15860
Date: Wed, 09 Nov 2022 00:22:37 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 111, 1.1 dca1-bit4010
Last-Modified: Tue, 13 Sep 2022 13:50:20 GMT
Content-Length: 6764
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Language: en-US
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
serverID: LA3
Strict-Transport-Security: max-age=31536000
www.rbfcu.org/NBO/assets/img/redesign-icons/NCUA-gray.jpg
107.162.179.221200 OK 3.0 kB URL HTTP/1.1 www.rbfcu.org/NBO/assets/img/redesign-icons/NCUA-gray.jpg
IP 107.162.179.221:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 96x40, components 3\012- data
Hash d80aab3eb6561429fe8e8492f6d0536f
e33730a2c6f2767ca5df99c54062da34813ba5ff
07c30c3c7a4f0be68f1435fce0f5ad1bd975c078d6615f10db02b82a24d2e5d6
GET /NBO/assets/img/redesign-icons/NCUA-gray.jpg HTTP/1.1
Host: www.rbfcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Xet-Cookie:
Age: 26919
Date: Tue, 08 Nov 2022 21:18:20 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 111, 1.1 dca1-bit13027
Last-Modified: Tue, 13 Sep 2022 13:50:12 GMT
Content-Length: 3001
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Language: en-US
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
serverID: LS3
Strict-Transport-Security: max-age=31536000
www.rbfcu.org/NBO/assets/img/redesign-icons/call-member-services-blue.svg
107.162.179.221200 OK 1.9 kB URL HTTP/1.1 www.rbfcu.org/NBO/assets/img/redesign-icons/call-member-services-blue.svg
IP 107.162.179.221:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (750)
Hash b5b5a34c5ba5d972249fcdd7a26ceb3d
f02d36454cb31a73cbc672fe95ebcaa0bdd432e4
abc9fe01ce6f914e95ca82f3a92dc6fad4301e74db572714db706c938aa8a6ef
GET /NBO/assets/img/redesign-icons/call-member-services-blue.svg HTTP/1.1
Host: www.rbfcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Xet-Cookie:
Age: 44686
Date: Tue, 08 Nov 2022 16:22:13 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 111, 1.1 dca1-bit13027
Last-Modified: Tue, 13 Sep 2022 13:50:14 GMT
Content-Length: 1859
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Language: en-US
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
serverID: LA1
Strict-Transport-Security: max-age=31536000
www.rbfcu.org/NBO/assets/img/redesign-icons/gray-phone-footer.svg
107.162.179.221200 OK 1.7 kB URL HTTP/1.1 www.rbfcu.org/NBO/assets/img/redesign-icons/gray-phone-footer.svg
IP 107.162.179.221:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (845)
Hash cb033ded6c1f2f925259cc1d79c1c386
393c06fb6736af1a32e122feba480012716ecaf6
ae9a2a53c52aa5ee5f447598cfd3dc771459349e9bbb2f1f82a9d1d875246d74
GET /NBO/assets/img/redesign-icons/gray-phone-footer.svg HTTP/1.1
Host: www.rbfcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Xet-Cookie:
Age: 44687
Date: Tue, 08 Nov 2022 16:22:12 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 111, 1.1 dca1-bit6002
Last-Modified: Tue, 13 Sep 2022 13:50:20 GMT
Content-Length: 1653
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Language: en-US
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
serverID: LA1
Strict-Transport-Security: max-age=31536000
www.rbfcu.org/NBO/assets/img/redesign-icons/locate-branch-orange.svg
107.162.179.221200 OK 1.8 kB URL HTTP/1.1 www.rbfcu.org/NBO/assets/img/redesign-icons/locate-branch-orange.svg
IP 107.162.179.221:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (709)
Hash 13b566dce2613be3e009ffb5e247f2a9
27d576b054500fc6e1d3687524f31198bba198a9
0658dde45a3100670a452f32dc2eef8ab127ea26bae103c34c0b7b3d743f0a4f
GET /NBO/assets/img/redesign-icons/locate-branch-orange.svg HTTP/1.1
Host: www.rbfcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Xet-Cookie:
Age: 44687
Date: Tue, 08 Nov 2022 16:22:13 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 111, 1.1 dca1-bit7011
Last-Modified: Tue, 13 Sep 2022 13:50:18 GMT
Content-Length: 1809
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Language: en-US
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
serverID: LA1
Strict-Transport-Security: max-age=31536000
randfordsecurex.run.place/NBO/assets/js/logon.js?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
210.16.120.243404 Not Found 729 B URL HTTP/1.1 randfordsecurex.run.place/NBO/assets/js/logon.js?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
IP 210.16.120.243:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a484b23063e38b47056ec9fed74dabbd
b10da299e767acd87e02107789121818520aaae6
df550d2e505a45f8dc2f2f33beb07dc0fae38e4e60d09fec84f67c28021d3b63
Analyzer Verdict Alert fortinet Phishing
GET /NBO/assets/js/logon.js?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8 HTTP/1.1
Host: randfordsecurex.run.place
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/rbfcsecure/
Cookie: _ga=GA1.2.1198812089.1667958974; _gid=GA1.2.592565797.1667958974; _uetsid=b107f1305fd111ed972c47cc23343ca4; _uetvid=b107e6905fd111ed9f5283aef1d8e645
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 09 Nov 2022 04:46:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 08 Nov 2022 15:06:50 GMT
ETag: W/"5aa-5ecf6e3b78d92"
Content-Encoding: gzip
www.rbfcu.org/NBO/assets/img/redesign-icons/send-email-blue.svg
107.162.179.221200 OK 2.0 kB URL HTTP/1.1 www.rbfcu.org/NBO/assets/img/redesign-icons/send-email-blue.svg
IP 107.162.179.221:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (486)
Hash d8dfad42f1093203fc216df58447df6a
16c8ba02821191ba9ee5c80af56775a46e411d9d
0485a7fb75a2337825e6fef13a41ae4baeb10de565cb6f32eae708e9c293fdae
GET /NBO/assets/img/redesign-icons/send-email-blue.svg HTTP/1.1
Host: www.rbfcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Xet-Cookie:
Age: 15860
Date: Wed, 09 Nov 2022 00:22:37 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 111, 1.1 dca1-bit13027
Last-Modified: Tue, 13 Sep 2022 13:50:12 GMT
Content-Length: 1965
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Language: en-US
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
serverID: LA4
Strict-Transport-Security: max-age=31536000
www.rbfcu.org/NBO/assets/img/redesign-icons/rbfcu-logo.svg
107.162.179.221200 OK 5.4 kB URL HTTP/1.1 www.rbfcu.org/NBO/assets/img/redesign-icons/rbfcu-logo.svg
IP 107.162.179.221:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (5383), with no line terminators
Hash 2d436455d162d3e00f0ca92055cef754
5b64a30fd987d469bd818fc8ed6a4ed89b873d02
09092e11153b90955b14c6dcad28c3e2902b035f6b12ac85e24a693e5c97c884
GET /NBO/assets/img/redesign-icons/rbfcu-logo.svg HTTP/1.1
Host: www.rbfcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Xet-Cookie:
Age: 44689
Date: Tue, 08 Nov 2022 16:22:11 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 111, 1.1 dca1-bit7011
Last-Modified: Tue, 13 Sep 2022 13:50:18 GMT
Content-Length: 5383
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Language: en-US
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
serverID: LA1
Strict-Transport-Security: max-age=31536000
www.rbfcu.org/NBO/assets/img/redesign-icons/white-phone-header.svg
107.162.179.221200 OK 1.7 kB URL HTTP/1.1 www.rbfcu.org/NBO/assets/img/redesign-icons/white-phone-header.svg
IP 107.162.179.221:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (845)
Hash 4a066fd87a48426d8cf5d81f2f1e7622
bc25e0aaa78aa736100d278b1a4beb5fa46db78b
2c0b8abef50020a91c0b8f07a8478c65eea5bd77446467b9a44ae1b1d98828b7
GET /NBO/assets/img/redesign-icons/white-phone-header.svg HTTP/1.1
Host: www.rbfcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Xet-Cookie:
Age: 54084
Date: Tue, 08 Nov 2022 13:45:36 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 111, 1.1 dca1-bit4010
Last-Modified: Tue, 13 Sep 2022 13:50:16 GMT
Content-Length: 1653
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Language: en-US
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
serverID: LA4
Strict-Transport-Security: max-age=31536000
www.rbfcu.org/NBO/assets/img/gloss.png
107.162.179.221200 OK 399 B URL HTTP/1.1 www.rbfcu.org/NBO/assets/img/gloss.png
IP 107.162.179.221:0
File type PNG image data, 100 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash cccb13661652c2216f2f2c8eed7ae728
0772be45b82aca4933bcfad8be4c4d45c6595a68
b923ab35ae73a0112a01b4f4b323e8e1d00260e2280b153232e6a069f57c7009
GET /NBO/assets/img/gloss.png HTTP/1.1
Host: www.rbfcu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.rbfcu.org/NBO/assets/css/forms.css?upd=543
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Xet-Cookie:
Age: 44175
Date: Tue, 08 Nov 2022 16:30:44 GMT
Connection: Keep-Alive
Via: NS-CACHE-10.0: 111, 1.1 dca1-bit13027
Last-Modified: Tue, 13 Sep 2022 13:50:20 GMT
Content-Length: 399
Content-Type: image/png
Accept-Ranges: bytes
Content-Language: en-US
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
serverID: LS2
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding
snap.licdn.com/li.lms-analytics/insight.min.js
23.36.76.121200 OK 472 B URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.min.js
IP 23.36.76.121:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (996)
Hash 9c84a489651025d1173e25b763aa9512
f11ffd7fc8aebb12204163c8c7de63e15b7f1a7e
a0690bf498581eb6f63de50ec2aa642fa995a4ff24bdc455aa449472ee21feb8
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 09 Nov 2022 00:42:33 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=72127
date: Wed, 09 Nov 2022 04:46:56 GMT
content-length: 472
x-cdn: AKAM
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 59f429535fc537db5ac270d3ce0848fa
b05a1e6c082abfc3486357a26adfbc2bf959b632
a5b6b7379ac571c9d99165eae5bef20de6542cf32c2c656bf78289b4ac252fa5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A5B6B7379AC571C9D99165EAE5BEF20DE6542CF32C2C656BF78289B4AC252FA5"
Last-Modified: Tue, 08 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16738
Expires: Wed, 09 Nov 2022 09:25:54 GMT
Date: Wed, 09 Nov 2022 04:46:56 GMT
Connection: keep-alive
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Wed, 09 Nov 2022 04:41:09 GMT
expires: Wed, 09 Nov 2022 06:41:09 GMT
cache-control: public, max-age=7200
age: 347
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
snap.licdn.com/li.lms-analytics/insight.old.min.js
23.36.76.121200 OK 3.1 kB URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.old.min.js
IP 23.36.76.121:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (7751)
Hash 57efbbeb3e1d23c82b677511c67c8b0e
f927ba115ef4be362694c22850ddbdd1c1b054d1
873b38d80c8ff1ffcac23ecdb7fb2d17413ae3c217236d8e1e24574b1c4707c6
GET /li.lms-analytics/insight.old.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 24 Oct 2022 21:02:26 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=85020
date: Wed, 09 Nov 2022 04:46:56 GMT
content-length: 3063
x-cdn: AKAM
X-Firefox-Spdy: h2
bat.bing.com/bat.js
13.107.21.200200 OK 11 kB IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (38826), with no line terminators
Hash 293ae3e0fc8b0d5c143fdf9d8490228d
3976c659b908e70818a3a1ac71860b497fe2d1a9
04a840d967ae836e14179bde574cabf14a1fc871182ca0f8193e7a0b06c727ab
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11367
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ranges: bytes
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
set-cookie: MUID=23C9E2A961BE6A1318D4F0FE60E96B3E; domain=.bing.com; expires=Mon, 04-Dec-2023 04:46:56 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 070B9F3D831646BDBE05FA9B57D726AD Ref B: OSL30EDGE0419 Ref C: 2022-11-09T04:46:56Z
date: Wed, 09 Nov 2022 04:46:56 GMT
X-Firefox-Spdy: h2
fullstory.com/s/fs.js
147.75.40.150301 Moved Permanently 48 B IP 147.75.40.150:0
File type ASCII text, with no line terminators
Hash 7b12595d471f02dde9ebc1b7c701e936
77abfc06684d022f59656235c475fbe61775da94
7bc37f83786f13fe81ada038f604a9256dd3da7722b885ee8fdace203fbc5752
GET /s/fs.js HTTP/1.1
Host: fullstory.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://randfordsecurex.run.place
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
location: https://www.fullstory.com/s/fs.js
server: Netlify
strict-transport-security: max-age=31536000
x-nf-request-id: 01GHDBCVV9CGJ2YT6WJAXYTTRG
content-type: text/plain; charset=utf-8
content-length: 48
date: Wed, 09 Nov 2022 04:46:56 GMT
X-Firefox-Spdy: h2
bat.bing.com/action/0?ti=4031169&Ver=2&mid=54ea5141-fd01-4051-8ab6-2ae5a25a7382&sid=b107f1305fd111ed972c47cc23343ca4&vid=b107e6905fd111ed9f5283aef1d8e645&vids=0&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=RBFCU%3A%20Online%20Banking%20Logon&p=https%3A%2F%2Frandfordsecurex.run.place%2Frbfcsecure%2F&r=<=3419&evt=pageLoad&sv=1&rn=971321
13.107.21.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=4031169&Ver=2&mid=54ea5141-fd01-4051-8ab6-2ae5a25a7382&sid=b107f1305fd111ed972c47cc23343ca4&vid=b107e6905fd111ed9f5283aef1d8e645&vids=0&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=RBFCU%3A%20Online%20Banking%20Logon&p=https%3A%2F%2Frandfordsecurex.run.place%2Frbfcsecure%2F&r=<=3419&evt=pageLoad&sv=1&rn=971321
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=4031169&Ver=2&mid=54ea5141-fd01-4051-8ab6-2ae5a25a7382&sid=b107f1305fd111ed972c47cc23343ca4&vid=b107e6905fd111ed9f5283aef1d8e645&vids=0&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=RBFCU%3A%20Online%20Banking%20Logon&p=https%3A%2F%2Frandfordsecurex.run.place%2Frbfcsecure%2F&r=<=3419&evt=pageLoad&sv=1&rn=971321 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=171FB0D5BE4D6E0839A3A282BF1A6FE0; domain=.bing.com; expires=Mon, 04-Dec-2023 04:46:56 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9EF8D7CDF89F4C63AC17589BA1F48D09 Ref B: OSL30EDGE0419 Ref C: 2022-11-09T04:46:56Z
date: Wed, 09 Nov 2022 04:46:56 GMT
X-Firefox-Spdy: h2
randfordsecurex.run.place/favicon.ico
210.16.120.243404 Not Found 729 B URL HTTP/1.1 randfordsecurex.run.place/favicon.ico
IP 210.16.120.243:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a484b23063e38b47056ec9fed74dabbd
b10da299e767acd87e02107789121818520aaae6
df550d2e505a45f8dc2f2f33beb07dc0fae38e4e60d09fec84f67c28021d3b63
GET /favicon.ico HTTP/1.1
Host: randfordsecurex.run.place
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/rbfcsecure/
Cookie: _ga=GA1.2.1198812089.1667958974; _gid=GA1.2.592565797.1667958974; _uetsid=b107f1305fd111ed972c47cc23343ca4; _uetvid=b107e6905fd111ed9f5283aef1d8e645
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 09 Nov 2022 04:46:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 08 Nov 2022 15:06:50 GMT
ETag: W/"5aa-5ecf6e3b78d92"
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash d044f3e2fc14a96cc5752446b440b143
d0d278c9eee46eb43a3f91e8fa55db206a78c93a
a0aa7ecc56cdd27079c14e17f3f790b3c01584379a519e8f7760eb81a781a02a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 04:46:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bat.bing.com/p/action/4031169.js
13.107.21.200204 No Content 0 B URL HTTP/2 bat.bing.com/p/action/4031169.js
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/4031169.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=227F51EF09C865123A2943B8089F644B; domain=.bing.com; expires=Mon, 04-Dec-2023 04:46:56 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E14B9A5B6E1A4DFE9AB4415529AD8632 Ref B: OSL30EDGE0419 Ref C: 2022-11-09T04:46:56Z
date: Wed, 09 Nov 2022 04:46:56 GMT
X-Firefox-Spdy: h2
randfordsecurex.run.place/NBO/assets/js/header-footer-redesign.js?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
210.16.120.243404 Not Found 729 B URL HTTP/1.1 randfordsecurex.run.place/NBO/assets/js/header-footer-redesign.js?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8
IP 210.16.120.243:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a484b23063e38b47056ec9fed74dabbd
b10da299e767acd87e02107789121818520aaae6
df550d2e505a45f8dc2f2f33beb07dc0fae38e4e60d09fec84f67c28021d3b63
GET /NBO/assets/js/header-footer-redesign.js?upd=4a11822c71c3cb970dbd68c3707a3ee251dbf8c8 HTTP/1.1
Host: randfordsecurex.run.place
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://randfordsecurex.run.place/rbfcsecure/
Cookie: _ga=GA1.2.1198812089.1667958974; _gid=GA1.2.592565797.1667958974; _uetsid=b107f1305fd111ed972c47cc23343ca4; _uetvid=b107e6905fd111ed9f5283aef1d8e645
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 09 Nov 2022 04:46:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 08 Nov 2022 15:06:50 GMT
ETag: W/"5aa-5ecf6e3b78d92"
Content-Encoding: gzip
px.ads.linkedin.com/collect?v=2&fmt=js&pid=2367698&time=1667969213147&url=https%3A%2F%2Frandfordsecurex.run.place%2Frbfcsecure%2F
13.107.42.14302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=2367698&time=1667969213147&url=https%3A%2F%2Frandfordsecurex.run.place%2Frbfcsecure%2F
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=2367698&time=1667969213147&url=https%3A%2F%2Frandfordsecurex.run.place%2Frbfcsecure%2F HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2367698%26time%3D1667969213147%26url%3Dhttps%253A%252F%252Frandfordsecurex.run.place%252Frbfcsecure%252F%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQLmnAFwRXyUOAAAAYRatm_OS8_t-g8sDnyDglf2IRmkEoWqv8PdUWAZHCV28bVI4BD7UPPHBFaW8w; Max-Age=2592000; Expires=Fri, 09 Dec 2022 04:46:56 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQKz4B_O8wlA7AAAAYRatm_OG4vCjslTp7vFV-FzOwg1uVuXyRW5PsBi_ZhqvvHWYqxRnwoIUVHZN_QUT5O-6w; Max-Age=2592000; Expires=Fri, 09 Dec 2022 04:46:56 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&9e580d47-3ab0-4e98-8fa4-115b9d21aafe"; domain=.linkedin.com; Path=/; Secure; Expires=Thu, 09-Nov-2023 04:46:56 GMT; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2426:u=1:x=1:i=1667969216:t=1668055616:v=2:sig=AQHO0NpdY9Gv9lR-8qunzY0TGg52IUMz"; Expires=Thu, 10 Nov 2022 04:46:56 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXtAlikkx6ZOKXN0Oc90A==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 36911833D9DB4AFC8E2B9D3D2892233B Ref B: OSL30EDGE0220 Ref C: 2022-11-09T04:46:56Z
date: Wed, 09 Nov 2022 04:46:55 GMT
content-length: 0
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-6286893-1&cid=1198812089.1667958974&jid=543370477&gjid=1198454830&_gid=592565797.1667958974&_u=QACAAEAAAAAAACAAI~&z=562660590
64.233.165.156200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-6286893-1&cid=1198812089.1667958974&jid=543370477&gjid=1198454830&_gid=592565797.1667958974&_u=QACAAEAAAAAAACAAI~&z=562660590
IP 64.233.165.156:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-6286893-1&cid=1198812089.1667958974&jid=543370477&gjid=1198454830&_gid=592565797.1667958974&_u=QACAAEAAAAAAACAAI~&z=562660590 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://randfordsecurex.run.place
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://randfordsecurex.run.place
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 09 Nov 2022 04:46:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash d044f3e2fc14a96cc5752446b440b143
d0d278c9eee46eb43a3f91e8fa55db206a78c93a
a0aa7ecc56cdd27079c14e17f3f790b3c01584379a519e8f7760eb81a781a02a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 04:46:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2367698%26time%3D1667969213147%26url%3Dhttps%253A%252F%252Frandfordsecurex.run.place%252Frbfcsecure%252F%26liSync%3Dtrue
13.107.42.14302 Found 0 B URL HTTP/2 www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2367698%26time%3D1667969213147%26url%3Dhttps%253A%252F%252Frandfordsecurex.run.place%252Frbfcsecure%252F%26liSync%3Dtrue
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2367698%26time%3D1667969213147%26url%3Dhttps%253A%252F%252Frandfordsecurex.run.place%252Frbfcsecure%252F%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://randfordsecurex.run.place/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2367698&time=1667969213147&url=https%3A%2F%2Frandfordsecurex.run.place%2Frbfcsecure%2F&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&7be6faa6-1b36-41b2-867c-4b1cf81d783c"; Domain=.linkedin.com; Expires=Thu, 09-Nov-2023 04:46:56 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&20221109044656f92f74c2-535c-448b-857a-4e91ca37aac8AQFI0Ohu-d-sZ1e4OKAcnQX4do2QkPam"; Domain=.www.linkedin.com; Expires=Thu, 09-Nov-2023 04:46:56 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2Njc5NjkyMTY7MjswMjE3iFmHSLRbpKzqnJZwI/OAb/h+q0IlI0HnoXWr60sFsQ==; Domain=.linkedin.com; Expires=Mon, 08 May 2023 04:46:56 GMT; Path=/; Secure; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2413:u=1:x=1:i=1667969216:t=1668055616:v=2:sig=AQHXYdlJz005aQAQ8BFjPoDMHZnMXQZ6"; Expires=Thu, 10 Nov 2022 04:46:56 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/status linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com *.qualtrics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self' teams.microsoft.com client.learningapp.microsoft.com; report-uri /security/csp?e=p&f=t
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXtAlim2T3N34RreXERow==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: BFCDC4185C5A4FD285A573DB4C65D753 Ref B: OSL30EDGE0220 Ref C: 2022-11-09T04:46:56Z
date: Wed, 09 Nov 2022 04:46:55 GMT
content-length: 0
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=2367698&time=1667969213147&url=https%3A%2F%2Frandfordsecurex.run.place%2Frbfcsecure%2F&liSync=true
13.107.42.14200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=2367698&time=1667969213147&url=https%3A%2F%2Frandfordsecurex.run.place%2Frbfcsecure%2F&liSync=true
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=2367698&time=1667969213147&url=https%3A%2F%2Frandfordsecurex.run.place%2Frbfcsecure%2F&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://randfordsecurex.run.place/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&2d0bc4c0-a848-44f0-8111-eb2cdfa933d9"; domain=.linkedin.com; Path=/; Secure; Expires=Thu, 09-Nov-2023 04:46:56 GMT; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2413:u=1:x=1:i=1667969216:t=1668055616:v=2:sig=AQHXYdlJz005aQAQ8BFjPoDMHZnMXQZ6"; Expires=Thu, 10 Nov 2022 04:46:56 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXtAlipgV+OlRRRPPz/hg==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 7F96F8A0EC474EF6AB4D6A3ED4923963 Ref B: OSL30EDGE0220 Ref C: 2022-11-09T04:46:56Z
date: Wed, 09 Nov 2022 04:46:56 GMT
content-length: 0
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F279f7462-fb18-450d-9aa4-9167af2f9e3a.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F279f7462-fb18-450d-9aa4-9167af2f9e3a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 72636ec65cb199dbc4efa2b7eda450cb
a75c5224b4918c2b0db2cf8bddcb509bbc7909ba
dd2b43d2189ac8dd0369a32cad3c3c746a282f06783ca2666eab350ce7bcffbe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F279f7462-fb18-450d-9aa4-9167af2f9e3a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 13684
x-amzn-requestid: 014aff7c-c59a-43ef-bd22-aa09f24c514d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bA1h3EtKoAMFpGw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6363693e-2dfb305543140ca8031b2b0d;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 07:09:51 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Vx2TzHAu1i_ssXsmaDhTnmWI3ZggvRUZgY3SOqDd44nMcihgj9U-Yw==
via: 1.1 1570d93226c1bbca2ebaad510cff3e0c.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 00:22:21 GMT
age: 15880
etag: "a75c5224b4918c2b0db2cf8bddcb509bbc7909ba"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.0.12/css/all.css
172.64.133.15200 OK 0 B URL HTTP/2 use.fontawesome.com/releases/v5.0.12/css/all.css
IP 172.64.133.15:0
GET /releases/v5.0.12/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://randfordsecurex.run.place/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 09 Nov 2022 04:46:54 GMT
content-type: text/css
x-amz-id-2: I0Lm2VCdrSpdIHeAIrkWu5SU5nkW8KnJ4EV+K6IU2O0jQWW6/C00Hn53L/H2hxgomNiLLlFORL0=
x-amz-request-id: F0PP8KQN4FATFHJG
last-modified: Wed, 30 Jun 2021 15:27:17 GMT
etag: W/"d896a88b71aa2ba5d6bd670429bf1bad"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 1179306
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1CSjoqZhFZ8kdzu5uQwQ115TY3NQc32GwzbN2SnKL2oMNNzbc5QH28Y4kU5g7P1z4GzA1dhWUvDGvtWDxiOrW0V9gzO7bp0doAYq1QV6rpm%2BFhLXlkCyq8Bx6fogyk8weKdJs2zE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7673e846e9b974c5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2