r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2d2e7649ce9e9ba6fc8b68aa89352e3c
0153d1d3d830a457043e16bb40d48a0b9ddef4b8
8eed57c91b42ef7b2d5eff1309e306e23e13c3de21219af24a693cbf3e8977fc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8EED57C91B42EF7B2D5EFF1309E306E23E13C3DE21219AF24A693CBF3E8977FC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3885
Expires: Wed, 30 Nov 2022 21:51:59 GMT
Date: Wed, 30 Nov 2022 20:47:14 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f3cf023c797da81728c0ac84c8759331
fa07c5e39e4b0741ea484101cccb2202acea9d9c
5206a0bac8bf78d6b84322519271a1ece2c1039a0090e583de6d6192d88873d0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6327
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:47:14 GMT
Last-Modified: Wed, 30 Nov 2022 19:01:47 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9fce5679881bf302a8978a0b462f01a9
b699fe030ea13ac73813e655c42ed9b531925e2b
a3ec545a8f9364ac9062eddb41279e1465687a1b60f9c1dec6b3a3df8b033eb3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9238
Expires: Wed, 30 Nov 2022 23:21:12 GMT
Date: Wed, 30 Nov 2022 20:47:14 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 30 Nov 2022 20:19:43 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1651
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: GwEVMpD4fXdmhfvqHAhvYyerY9q1+YHv1wGECXbWggP6UcFSalBomHhfKQNXtvXTUJDQa+krXDc=
x-amz-request-id: RS6FK81DMRGWDDFW
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 30 Nov 2022 20:46:00 GMT
age: 74
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:14 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 30 Nov 2022 20:08:56 GMT
cache-control: public,max-age=3600
age: 2298
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c49831a4c0a8c7f21d67b6284afb992e
86e0b784ab6cd830d136307e709f08a1e39534e5
bbb0509412a0b0d3867321468f64587b146be6309c0637afaf3e7d6905538f6d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BBB0509412A0B0D3867321468F64587B146BE6309C0637AFAF3E7D6905538F6D"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21571
Expires: Thu, 01 Dec 2022 02:46:45 GMT
Date: Wed, 30 Nov 2022 20:47:14 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cfdd00e67ee6ca21712b867eb5288ab6
b61d5d6ec3b7ad71619e13e32c87f2d01871b88a
f740cac6dfedc1bf0f82efb10dac4f6ffb22f9bb5d4a9b68a4cd971dd2f65793
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6373
Cache-Control: max-age=137149
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:47:15 GMT
Etag: "63871d2b-1d7"
Expires: Fri, 02 Dec 2022 10:53:04 GMT
Last-Modified: Wed, 30 Nov 2022 09:06:51 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.188.211.138101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.188.211.138:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ve7sLF089m2sSCe1LJtz9w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tfyRH6QnQPY7wYo8IGObAEUvHcg=
primeequitygroup.com.au/acces/?entity=1073444
122.201.80.182200 OK 12 kB URL HTTP/2 primeequitygroup.com.au/acces/?entity=1073444
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6168)
Hash c3efe83741a31102819cb5bfbc70a164
f175bc04b9c902e4ad394955aeaec1a6947672d3
393e784229e9e51ee9a0deabe8213c6407e1cbc146cc35b2c46ee36458c38786
Analyzer Verdict Alert fortinet Phishing
GET /acces/?entity=1073444 HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:15 GMT
content-type: text/html
content-length: 12476
last-modified: Tue, 25 Oct 2022 11:04:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/rta.js
122.201.80.182200 OK 159 B URL HTTP/2 primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/rta.js
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type Unicode text, UTF-8 (with BOM) text, with no line terminators
Hash a66a008566af0e3807b90760012863c2
e09466fb3c0b0d2b94f6233b54321d179903eb17
3ee657e09030047c5792c02cf0f206708cfd3f33aa98b0ccf28cd9c4b098f610
Analyzer Verdict Alert fortinet Phishing
GET /acces/Sign%20in%20to%20XFINITY_files/rta.js HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/?entity=1073444
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:15 GMT
content-type: application/javascript
content-length: 159
last-modified: Tue, 25 Oct 2022 11:04:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/event
122.201.80.182200 OK 191 B URL HTTP/2 primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/event
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type ASCII text, with no line terminators
Hash 2d5d169b7afabb783f8994c576f005cb
d3c1f326303b3cd98f892a5ab28cea82222d058b
384d036f62eab523e123b0e2c033bdee06077fdf041c564ce56f956e6219fb24
Analyzer Verdict Alert fortinet Phishing
GET /acces/Sign%20in%20to%20XFINITY_files/event HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/?entity=1073444
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:15 GMT
content-length: 191
last-modified: Tue, 25 Oct 2022 11:04:17 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/1203273213x32.js
122.201.80.182200 OK 772 B URL HTTP/2 primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/1203273213x32.js
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (403)
Hash 7c2c39d578f8a54322d2f1084bf458db
b9da3c835240b6217ced4d7f8d792de9faafea74
8210268d9c4641543fffbd2394c23a7585408a90e94fcc58f84e6ae4b568936d
Analyzer Verdict Alert fortinet Phishing
GET /acces/Sign%20in%20to%20XFINITY_files/1203273213x32.js HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/?entity=1073444
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:15 GMT
content-type: application/javascript
content-length: 772
last-modified: Tue, 25 Oct 2022 11:04:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/comcastVisIDAthena.js
122.201.80.182200 OK 8.4 kB URL HTTP/2 primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/comcastVisIDAthena.js
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type ASCII text, with very long lines (815), with CRLF line terminators
Hash 79940589e33f37f68f9a80ce5e13c037
d7572fb9ef61134c9cb335a6db3740468b93b36f
6fff922e860e02fb4bc322b3807ab5e37dd8079072929c2b233c3ae9cdd21d8f
Analyzer Verdict Alert fortinet Phishing
GET /acces/Sign%20in%20to%20XFINITY_files/comcastVisIDAthena.js HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/?entity=1073444
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:15 GMT
content-type: application/javascript
content-length: 8409
last-modified: Tue, 25 Oct 2022 11:04:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/segments.js
122.201.80.182200 OK 39 B URL HTTP/2 primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/segments.js
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
Hash 9c5453ce3943ebf709c68c4358907916
25c057fa107fca0917c7dca9f432cdce93ce2316
c47bb8af6317ddc64116b9fa30f3d2d46ea6b759789556c003a08fd57c0f6e8a
Analyzer Verdict Alert fortinet Phishing
GET /acces/Sign%20in%20to%20XFINITY_files/segments.js HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/?entity=1073444
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:15 GMT
content-type: application/javascript
content-length: 39
last-modified: Tue, 25 Oct 2022 11:04:17 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/11648.js
122.201.80.182200 OK 8.5 kB URL HTTP/2 primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/11648.js
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type HTML document text\012- C source, ASCII text, with very long lines (25399)
Hash c540292a1c3d83602949e4f4af9272cd
2695d7e1ae9dd40ab88d9e7a45cc8a8930623e74
867f02cd87490f12f458ec91eb03ba6f23f94c585c26746a2b60937b3fa3bbd3
Analyzer Verdict Alert fortinet Phishing
GET /acces/Sign%20in%20to%20XFINITY_files/11648.js HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/?entity=1073444
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:15 GMT
content-type: application/javascript
content-length: 8455
last-modified: Tue, 25 Oct 2022 11:04:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/150582-10.js
122.201.80.182200 OK 477 B URL HTTP/2 primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/150582-10.js
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type HTML document text\012- exported SGML document, ASCII text, with very long lines (728)
Hash daef3004cc94546e9cd07c793db655a6
286c98c28b3e7a628f8a5eb28134c13f58e1f779
a5bb938bc07b3bf08ae755ba4494f285c7684fef6c0dc9349e7d52f2366ad88e
Analyzer Verdict Alert fortinet Phishing
GET /acces/Sign%20in%20to%20XFINITY_files/150582-10.js HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/?entity=1073444
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:15 GMT
content-type: application/javascript
content-length: 477
last-modified: Tue, 25 Oct 2022 11:04:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/data.json
122.201.80.182200 OK 295 B URL HTTP/2 primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/data.json
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
Hash c4e699111d8c5ee41a03610b94ff02d5
7b4ec667ab9d73b69d752931fa675eca988ac1be
f1aa6a629871c08a077cba94a653cb0c2ace627617e442adccbf6712972bf0df
Analyzer Verdict Alert fortinet Phishing
GET /acces/Sign%20in%20to%20XFINITY_files/data.json HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/?entity=1073444
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:15 GMT
content-type: application/json
content-length: 295
last-modified: Tue, 25 Oct 2022 11:04:17 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/150582-15.js
122.201.80.182200 OK 1.4 kB URL HTTP/2 primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/150582-15.js
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type HTML document text\012- exported SGML document, ASCII text, with very long lines (2808)
Hash 1247a38a9cdacf0e00ed543c62127fe5
940c71c36b5a0f6bee39a4f89555b43f7dd668cd
da8f696dae05fbc2ecf74b9dcb6aadb94d1bcd7192ffe2d4528c825d43a52193
Analyzer Verdict Alert fortinet Phishing
GET /acces/Sign%20in%20to%20XFINITY_files/150582-15.js HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/?entity=1073444
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:15 GMT
content-type: application/javascript
content-length: 1382
last-modified: Tue, 25 Oct 2022 11:04:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/event.gif
122.201.80.182200 OK 42 B URL HTTP/2 primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/event.gif
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /acces/Sign%20in%20to%20XFINITY_files/event.gif HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/?entity=1073444
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:15 GMT
content-type: image/gif
content-length: 42
last-modified: Tue, 25 Oct 2022 11:04:17 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/u.gif
122.201.80.182200 OK 42 B URL HTTP/2 primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/u.gif
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /acces/Sign%20in%20to%20XFINITY_files/u.gif HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/?entity=1073444
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:15 GMT
content-type: image/gif
content-length: 42
last-modified: Tue, 25 Oct 2022 11:04:17 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/scripts-responsive.js
122.201.80.182200 OK 1.7 kB URL HTTP/2 primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/scripts-responsive.js
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type ASCII text, with very long lines (3906), with no line terminators
Hash 0b5a2ee34ecb1141a47f9d569ff54893
a7685dbc86190a3d8161bab891ad4489a493e21f
4294186559939218bf8494573b4dce94cc722bb52f54756832bef1423d873a37
Analyzer Verdict Alert fortinet Phishing
GET /acces/Sign%20in%20to%20XFINITY_files/scripts-responsive.js HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/?entity=1073444
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:15 GMT
content-type: application/javascript
content-length: 1698
last-modified: Tue, 25 Oct 2022 11:04:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/1647526060x32.js
122.201.80.182200 OK 556 B URL HTTP/2 primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/1647526060x32.js
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (433)
Hash fe32fbe869ac4a88f764abd1bc438cf1
b1b4f1a0581746de7a45e1f0663220da83d02af1
ce02fcf5ec2a7c9caa9aeed72f1fbdd4581a4745da89c9dfba7e84137dcd96a6
Analyzer Verdict Alert fortinet Phishing
GET /acces/Sign%20in%20to%20XFINITY_files/1647526060x32.js HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/?entity=1073444
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:15 GMT
content-type: application/javascript
content-length: 556
last-modified: Tue, 25 Oct 2022 11:04:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/Oscars_SignIn_300x250.jpg
122.201.80.182200 OK 36 kB URL HTTP/2 primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/Oscars_SignIn_300x250.jpg
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, components 3\012- data
Hash a98fbe346dd7c66a4ca5f1f77aa75e44
ee1c12063d821ba884efe2afedd6cab81c825363
de3e0d54441cd6afe0d7d2afcb95eadf8fec5cb23ecd47a796c3818fe7fb8f4d
GET /acces/Sign%20in%20to%20XFINITY_files/Oscars_SignIn_300x250.jpg HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/?entity=1073444
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:15 GMT
content-type: image/jpeg
content-length: 35514
last-modified: Tue, 25 Oct 2022 11:04:17 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/seal.png
122.201.80.182200 OK 3.1 kB URL HTTP/2 primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/seal.png
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type PNG image data, 142 x 45, 8-bit/color RGBA, non-interlaced\012- data
Hash be19bc645a5d70db58e4317fb1f7f791
8c38f471f3e6d17af148acaab219db7e3e4a8d23
6ab85bc152133401e0ad5ca069990f4a76413499820d4ba95a0dadb063bcc8b8
GET /acces/Sign%20in%20to%20XFINITY_files/seal.png HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/?entity=1073444
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:15 GMT
content-type: image/png
content-length: 3091
last-modified: Tue, 25 Oct 2022 11:04:17 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/asc.txt
122.201.80.182200 OK 17 B URL HTTP/2 primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/asc.txt
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type ASCII text, with no line terminators
Hash 92ecce91e58ca501e89410701805ffd2
fbc2f9374e8f5aebbc0a9ebeaeb836dfe2ee8803
af2d3351d5bb6b63e81eb19140f27324fd7b0ba94dc7c39b6154461243e4986e
Analyzer Verdict Alert fortinet Phishing
GET /acces/Sign%20in%20to%20XFINITY_files/asc.txt HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/?entity=1073444
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:15 GMT
content-type: text/plain
content-length: 17
last-modified: Tue, 25 Oct 2022 11:04:17 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8380
Expires: Wed, 30 Nov 2022 23:06:56 GMT
Date: Wed, 30 Nov 2022 20:47:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8380
Expires: Wed, 30 Nov 2022 23:06:56 GMT
Date: Wed, 30 Nov 2022 20:47:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8380
Expires: Wed, 30 Nov 2022 23:06:56 GMT
Date: Wed, 30 Nov 2022 20:47:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8380
Expires: Wed, 30 Nov 2022 23:06:56 GMT
Date: Wed, 30 Nov 2022 20:47:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8380
Expires: Wed, 30 Nov 2022 23:06:56 GMT
Date: Wed, 30 Nov 2022 20:47:16 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5508d05a290b663fd89ead9b58f2efd8
53650399f9a986ba54addd668b4557109d12003b
65704a961410fdd318c491fedf002c8e9b184cd34b76fe1b67026d42ce21be3f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9674
x-amzn-requestid: 7e7d0183-9667-462a-8d44-d125998c1ae3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEoHVAoAMFvAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1d-280ba97e3fe1bf7244cbde35;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ym_L3s5E6MLy6BxqNkVxok6L6hA4c-ilSsEqt42j2IbiXYPb4c6-VQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:51 GMT
age: 82465
etag: "53650399f9a986ba54addd668b4557109d12003b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 59baec8db5ced0210ab766ea5636a5fd
f7cf3a0f89751a02fbcf8d21f505f24a74e8b30b
33ff55891f18c22970804f1b8b2ba6821ddfd7426b01486410bd43f2b4295a8d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5785
x-amzn-requestid: ee77265b-8e90-4035-8ef1-92a2d26aaefa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDaHdWoAMFqmw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-0d10d74030e7aee74804b654;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QhUrNKIJUxXTYFTgfCwizAd9L4PdLMVLbqv1sHmmnrWya0xz1MTSiw==
via: 1.1 38eecd3ca21bf068d69a2f9cfe668d14.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:08:46 GMT
etag: "f7cf3a0f89751a02fbcf8d21f505f24a74e8b30b"
content-type: image/jpeg
age: 81510
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c269b8c-3d4d-44ba-8e91-4a2a42d194b9.png
34.120.237.76200 OK 3.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c269b8c-3d4d-44ba-8e91-4a2a42d194b9.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 89e1a735e16f55c78fa75ae434294029
6c56f4015305eff04a99cec9758cd40bf4e5f704
26e8b042c0bbef2c7f93f77451563cf6e12af282251ef864652574be2b2c5b15
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c269b8c-3d4d-44ba-8e91-4a2a42d194b9.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3711
x-amzn-requestid: 502d7eed-f24a-49e8-b14e-759778b717ed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbWQSFNnIAMFpxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63879d9b-5eb88e757ff3eeaa26dd7de2;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 18:14:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hrGJk_aF0hgdEXNUAqj74wYkXby2ptGRqWKFi4sxlvs_QN9WhC6vOw==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 18:25:55 GMT
age: 8481
etag: "6c56f4015305eff04a99cec9758cd40bf4e5f704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd170538c-f8cf-4acb-ba33-2ead00b9db73.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd170538c-f8cf-4acb-ba33-2ead00b9db73.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 777ce44582c70bf01a31da4cab366f36
57e1d34f146d5ccd9943aa97bcc3158f7103bb07
fbdc8f65ae74dc13b7aafec464f08fdc9902af519946200ec52432ac3ca55982
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd170538c-f8cf-4acb-ba33-2ead00b9db73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10958
x-amzn-requestid: abfea5b0-58f5-49e1-b78e-7cf456d03cb3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgFHF9oIAMF5lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a20-5ab719292d440d083b07a478;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: gCt9oHpZ68tLCYHIYpI1XLtADkScxwf12kDFnU0o5WoQIVSzWlqozw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:16:52 GMT
etag: "57e1d34f146d5ccd9943aa97bcc3158f7103bb07"
content-type: image/jpeg
age: 81024
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 03014221d7f49b50ffc2d1b0a0e75457
772d86ad983042a728ee3490630a9cf1134ad0dd
81fb954fa569955907952987e9d8efd1dac80e0e4a682826abf3c5d90eb31771
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10176
x-amzn-requestid: 768fc69c-e91b-4dd9-8add-63634762b2d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMpbgEFOIAMF71A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bc49-21756db31c4714af0553f21b;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:12:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jS-AS3x8V3XacXRNkU63UJjBxA6unvBer5WcxUYseR5p4eZPK64o2g==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 04:55:46 GMT
age: 57090
etag: "772d86ad983042a728ee3490630a9cf1134ad0dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e00769bd1391b8f4f5b8ab128a825355
e4ddf955e8ac1986045ed55880c43c69e588a021
81ca4d20c28fed8fd3135515daadc1fdbfb4198535d7c46021b418b8b98e59a5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7298
x-amzn-requestid: 381e55bb-876b-46ad-84b6-1ddf9f876f56
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDcE3poAMFaAA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-7c12394600900afc7281e858;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8heT2eN5oLbO14R9qLq78Vma_TkteufTyKM5i3K2XoJYXfWNwLMEwQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:56:25 GMT
age: 82251
etag: "e4ddf955e8ac1986045ed55880c43c69e588a021"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-Regular.woff2
122.201.80.182404 Not Found 315 B URL HTTP/2 primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-Regular.woff2
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Regular.woff2 HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/styles-light.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 30 Nov 2022 20:47:16 GMT
content-type: text/html; charset=iso-8859-1
content-length: 315
X-Firefox-Spdy: h2
primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/styles-light.css
122.201.80.182200 OK 19 kB URL HTTP/2 primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/styles-light.css
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
Hash fffc92c57bacd22c302bf932f9b9fd12
3ff4661c0192b1af7b57df74c626673dd75f35d2
70bbd787ad83fef654cfcc9c9b6fbff5823a1aa0ce2202a057d994808181e908
GET /acces/Sign%20in%20to%20XFINITY_files/styles-light.css HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/?entity=1073444
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:15 GMT
content-type: text/css
last-modified: Tue, 25 Oct 2022 11:04:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash af179c4b3764216ebea916fd3c1c02ea
cd526e451e0f46aece45ad2fbb3078389876e965
624f09ce51170b7946275ffd9464f31185c0f6f18acc91ae394de6d018d24749
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6367
Cache-Control: max-age=158017
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:47:16 GMT
Etag: "63876eb6-1d7"
Expires: Fri, 02 Dec 2022 16:40:53 GMT
Last-Modified: Wed, 30 Nov 2022 14:54:46 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
us-ads.openx.net/w/1.0/jstag
35.244.159.8200 OK 18 kB URL HTTP/2 us-ads.openx.net/w/1.0/jstag
IP 35.244.159.8:0
File type ASCII text, with very long lines (12594)
Hash 05525b80dfb63ccb8a208fc06a362055
e206752727d1fd3481e7b5e6d557e80bf27e8f70
c483358af5169332e732380d5a1a90deb139a9ed82fb231734bd851e8df2afe2
GET /w/1.0/jstag HTTP/1.1
Host: us-ads.openx.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
server: OXGW/0.0.0
p3p: CP="CUR ADM OUR NOR STA NID"
expires: Wed, 30 Nov 2022 21:47:16 GMT
date: Wed, 30 Nov 2022 20:47:16 GMT
content-type: text/javascript
content-length: 18071
content-encoding: gzip
cache-control: max-age=3600
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash af179c4b3764216ebea916fd3c1c02ea
cd526e451e0f46aece45ad2fbb3078389876e965
624f09ce51170b7946275ffd9464f31185c0f6f18acc91ae394de6d018d24749
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6369
Cache-Control: max-age=158019
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:47:16 GMT
Etag: "63876eb6-1d7"
Expires: Fri, 02 Dec 2022 16:40:55 GMT
Last-Modified: Wed, 30 Nov 2022 14:54:46 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
us-ads.openx.net/w/1.0/acj?ai=9a8914f9-8202-443e-858f-baf3f3fbe5bf&o=8495380042&callback=OX_8495380042&ju=https%3A//primeequitygroup.com.au/acces/%3Fentity%3D1073444&jr=&auid=538020939&dims=1280x939&adxy=620%2C69&res=1280x1024x24&plg=pm&ch=UTF-8&tz=0&ws=1280x939&ifr=0&tws=1280x939&vmt=1&sd=1&mt=1
35.244.159.8200 OK 242 B URL HTTP/2 us-ads.openx.net/w/1.0/acj?ai=9a8914f9-8202-443e-858f-baf3f3fbe5bf&o=8495380042&callback=OX_8495380042&ju=https%3A//primeequitygroup.com.au/acces/%3Fentity%3D1073444&jr=&auid=538020939&dims=1280x939&adxy=620%2C69&res=1280x1024x24&plg=pm&ch=UTF-8&tz=0&ws=1280x939&ifr=0&tws=1280x939&vmt=1&sd=1&mt=1
IP 35.244.159.8:0
Hash 5b3613263d2d15c7d8b27f042a8e0da2
c31d06c5d93133c9c3e15425f30c37406569789b
3d26affc95b3dd4c481a41b760a0e02ceea435f515359d9a0f6286c662645b2c
GET /w/1.0/acj?ai=9a8914f9-8202-443e-858f-baf3f3fbe5bf&o=8495380042&callback=OX_8495380042&ju=https%3A//primeequitygroup.com.au/acces/%3Fentity%3D1073444&jr=&auid=538020939&dims=1280x939&adxy=620%2C69&res=1280x1024x24&plg=pm&ch=UTF-8&tz=0&ws=1280x939&ifr=0&tws=1280x939&vmt=1&sd=1&mt=1 HTTP/1.1
Host: us-ads.openx.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept, Accept-Encoding
server: OXGW/0.0.0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
expires: Mon, 26 Jul 1997 05:00:00 GMT
date: Wed, 30 Nov 2022 20:47:16 GMT
content-type: application/json
content-length: 242
content-encoding: gzip
cache-control: private, max-age=0, no-cache
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
z.moatads.com/comcastapn56341864860/moatad.js
2.18.173.140200 OK 0 B URL HTTP/2 z.moatads.com/comcastapn56341864860/moatad.js
IP 2.18.173.140:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /comcastapn56341864860/moatad.js HTTP/1.1
Host: z.moatads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: iNOl1G7caF+4F0KjCYi8LROSIJDzen5qwVKxO9qb70np0Ib7E8xnZvs9UYc5c1RxmbTyX0e7zg8=
x-amz-request-id: 011D4RFHBA3563FE
last-modified: Mon, 11 May 2020 15:59:42 GMT
etag: "d41d8cd98f00b204e9800998ecf8427e"
accept-ranges: bytes
content-type: application/x-javascript
server: AmazonS3
content-length: 0
cache-control: max-age=64789
date: Wed, 30 Nov 2022 20:47:16 GMT
X-Firefox-Spdy: h2
primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-Regular.woff
122.201.80.182404 Not Found 315 B URL HTTP/2 primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-Regular.woff
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Regular.woff HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/styles-light.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 30 Nov 2022 20:47:16 GMT
content-type: text/html; charset=iso-8859-1
content-length: 315
X-Firefox-Spdy: h2
primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.woff
122.201.80.182404 Not Found 315 B URL HTTP/2 primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.woff
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.woff HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/styles-light.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 30 Nov 2022 20:47:16 GMT
content-type: text/html; charset=iso-8859-1
content-length: 315
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ad24f872846f58c28c94dba770fd9bff
346ee4427235f4fd2313f2d2bf0a6e355da8eb50
e8b60be8f2b23158324c850cdf19d90d902edd72d474d42f51f2947340d92627
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6347
Cache-Control: max-age=108328
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:47:17 GMT
Etag: "6386acb2-1d7"
Expires: Fri, 02 Dec 2022 02:52:45 GMT
Last-Modified: Wed, 30 Nov 2022 01:06:58 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
optimized-by.rubiconproject.com/a/11648/36314/150582-10.js?&cb=0.4179967052582604&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
35.157.163.64307 Temporary Redirect 0 B URL HTTP/2 optimized-by.rubiconproject.com/a/11648/36314/150582-10.js?&cb=0.4179967052582604&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
IP 35.157.163.64:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a/11648/36314/150582-10.js?&cb=0.4179967052582604&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10 HTTP/1.1
Host: optimized-by.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
date: Wed, 30 Nov 2022 20:47:17 GMT
content-length: 0
location: https://vast.rubiconproject.com/a/11648/36314/150582-10.js?tk_vps=2&&cb=0.4179967052582604&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-forwarded-for: 91.90.42.154
x-forwarded-proto: https
x-forwarded-port: 443
x-amzn-trace-id: Root=1-6387c155-0969b32c148d37fa2a2d91e4
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
referer: https://primeequitygroup.com.au/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
X-Firefox-Spdy: h2
primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.ttf
122.201.80.182404 Not Found 315 B URL HTTP/2 primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.ttf
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-ExtraLight.ttf HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 30 Nov 2022 20:47:17 GMT
content-type: text/html; charset=iso-8859-1
content-length: 315
X-Firefox-Spdy: h2
primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-Regular.ttf
122.201.80.182404 Not Found 315 B URL HTTP/2 primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-Regular.ttf
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Regular.ttf HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 30 Nov 2022 20:47:17 GMT
content-type: text/html; charset=iso-8859-1
content-length: 315
X-Firefox-Spdy: h2
vast.rubiconproject.com/a/11648/36314/150582-10.js?tk_vps=2&&cb=0.4179967052582604&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
213.19.162.21200 OK 147 B URL HTTP/2 vast.rubiconproject.com/a/11648/36314/150582-10.js?tk_vps=2&&cb=0.4179967052582604&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
IP 213.19.162.21:0
Hash 7bdda9f1de292e7e006306b2d85c9cb1
36a60514a49f5f2d58deb949fdf037ed29a067cc
83ea4cc1abe0489b72d792344ff8e08c2749d8bd6933a61ab0bdbd7e07c447ca
GET /a/11648/36314/150582-10.js?tk_vps=2&&cb=0.4179967052582604&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10 HTTP/1.1
Host: vast.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primeequitygroup.com.au/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.21.4
date: Wed, 30 Nov 2022 20:47:17 GMT
content-type: text/javascript
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LB44CWW8-1T-6KH2; Domain=.rubiconproject.com; Path=/; Expires=Thu, 30-Nov-2023 20:47:17 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qo1kfp2BEw/2O9DtVM30fCgeJct9d5f2ulqfmqp0mbxQpS6nMq0PgUqOAp/632AyDdumcZlz7yr2IAXuoDlYL8AabSclL0N2+o=; Domain=.rubiconproject.com; Path=/; Expires=Thu, 30-Nov-2023 20:47:17 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 147
X-Firefox-Spdy: h2
optimized-by.rubiconproject.com/a/11648/36314/150582-10.js?&cb=0.4179967052582604&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
35.157.163.64307 Temporary Redirect 0 B URL HTTP/2 optimized-by.rubiconproject.com/a/11648/36314/150582-10.js?&cb=0.4179967052582604&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
IP 35.157.163.64:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a/11648/36314/150582-10.js?&cb=0.4179967052582604&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10 HTTP/1.1
Host: optimized-by.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
date: Wed, 30 Nov 2022 20:47:17 GMT
content-length: 0
location: https://vast.rubiconproject.com/a/11648/36314/150582-10.js?tk_vps=2&&cb=0.4179967052582604&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-forwarded-for: 91.90.42.154
x-forwarded-proto: https
x-forwarded-port: 443
x-amzn-trace-id: Root=1-6387c155-168d433422b8a8585cf1950c
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
referer: https://primeequitygroup.com.au/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
X-Firefox-Spdy: h2
vast.rubiconproject.com/a/11648/36314/150582-10.js?tk_vps=2&&cb=0.4179967052582604&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
213.19.162.21200 OK 147 B URL HTTP/2 vast.rubiconproject.com/a/11648/36314/150582-10.js?tk_vps=2&&cb=0.4179967052582604&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10
IP 213.19.162.21:0
Hash 7bdda9f1de292e7e006306b2d85c9cb1
36a60514a49f5f2d58deb949fdf037ed29a067cc
83ea4cc1abe0489b72d792344ff8e08c2749d8bd6933a61ab0bdbd7e07c447ca
GET /a/11648/36314/150582-10.js?tk_vps=2&&cb=0.4179967052582604&tk_st=1&rp_s=c&p_exp=1&p_pos=atf&p_screen_res=1280x1024&ad_slot=36314_10 HTTP/1.1
Host: vast.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primeequitygroup.com.au/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.4
date: Wed, 30 Nov 2022 20:47:17 GMT
content-type: text/javascript
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LB44CWYU-1M-GWF5; Domain=.rubiconproject.com; Path=/; Expires=Thu, 30-Nov-2023 20:47:17 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|SDziDG3X/EiwpvzPWfUoG+9DtVM30fCgeJct9d5f2ulqfmqp0mbxQpS6nMq0PgUqOAp/632AyDdumcZlz7yr2IAXuoDlYL8AabSclL0N2+o=; Domain=.rubiconproject.com; Path=/; Expires=Thu, 30-Nov-2023 20:47:17 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 147
X-Firefox-Spdy: h2
ads.rubiconproject.com/ad/11648.js
2.21.206.244200 OK 8.9 kB URL HTTP/2 ads.rubiconproject.com/ad/11648.js
IP 2.21.206.244:0
File type C source, ASCII text, with very long lines (26545)
Hash 5aecf12e8c3cb1d14458bc71c6b8cf0c
b0cedce6e8165041981ba59a9b7277053a37ba89
69dd3510681bc16e17f107ac8f2fa504aa7ce59d75ebf3248b6f85f02a6409aa
GET /ad/11648.js HTTP/1.1
Host: ads.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
x-powered-by: PHP/5.3.3
content-encoding: gzip
content-length: 8946
content-type: text/javascript
cache-control: max-age=5674
expires: Wed, 30 Nov 2022 22:21:51 GMT
date: Wed, 30 Nov 2022 20:47:17 GMT
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: *
X-Firefox-Spdy: h2
smarttag.rubiconproject.com/a/11648/36314/150582-15.js?&cb=0.21999246752228252&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15&rp_secure=1
213.19.162.21200 OK 147 B URL HTTP/2 smarttag.rubiconproject.com/a/11648/36314/150582-15.js?&cb=0.21999246752228252&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15&rp_secure=1
IP 213.19.162.21:0
Hash 9441d4459f9bdf15aad152e66fc88643
e97b5816d440de61a5d5a7f47bb921cec240580b
9983e07b9631af361911c4abfcddf64df4a51003d916415dfab1e19c9cd16749
GET /a/11648/36314/150582-15.js?&cb=0.21999246752228252&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15&rp_secure=1 HTTP/1.1
Host: smarttag.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.4
date: Wed, 30 Nov 2022 20:47:17 GMT
content-type: text/javascript
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LB44CX4Q-Z-5W8W; Domain=.rubiconproject.com; Path=/; Expires=Thu, 30-Nov-2023 20:47:17 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qrvndL0Y85a9O9DtVM30fCgeJct9d5f2ulqfmqp0mbxQpS6nMq0PgUqOAp/632AyDdumcZlz7yr2IAXuoDlYL8AabSclL0N2+o=; Domain=.rubiconproject.com; Path=/; Expires=Thu, 30-Nov-2023 20:47:17 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 147
X-Firefox-Spdy: h2
optimized-by.rubiconproject.com/a/11648/36314/150582-15.js?&cb=0.04515780405410996&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
35.157.163.64307 Temporary Redirect 0 B URL HTTP/2 optimized-by.rubiconproject.com/a/11648/36314/150582-15.js?&cb=0.04515780405410996&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
IP 35.157.163.64:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a/11648/36314/150582-15.js?&cb=0.04515780405410996&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15 HTTP/1.1
Host: optimized-by.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
date: Wed, 30 Nov 2022 20:47:17 GMT
content-length: 0
location: https://vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.04515780405410996&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-forwarded-for: 91.90.42.154
x-forwarded-proto: https
x-forwarded-port: 443
x-amzn-trace-id: Root=1-6387c155-10678de35cfcff6764d9b76e
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
referer: https://primeequitygroup.com.au/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
X-Firefox-Spdy: h2
vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.04515780405410996&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
213.19.162.21200 OK 147 B URL HTTP/2 vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.04515780405410996&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
IP 213.19.162.21:0
Hash 9441d4459f9bdf15aad152e66fc88643
e97b5816d440de61a5d5a7f47bb921cec240580b
9983e07b9631af361911c4abfcddf64df4a51003d916415dfab1e19c9cd16749
GET /a/11648/36314/150582-15.js?tk_vps=2&&cb=0.04515780405410996&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15 HTTP/1.1
Host: vast.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primeequitygroup.com.au/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.4
date: Wed, 30 Nov 2022 20:47:17 GMT
content-type: text/javascript
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LB44CX6T-6-9PZZ; Domain=.rubiconproject.com; Path=/; Expires=Thu, 30-Nov-2023 20:47:17 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qoo4eO/7iF/C+9DtVM30fCgeJct9d5f2ulqfmqp0mbxQpS6nMq0PgUqOAp/632AyDdumcZlz7yr2IAXuoDlYL8AabSclL0N2+o=; Domain=.rubiconproject.com; Path=/; Expires=Thu, 30-Nov-2023 20:47:17 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 147
X-Firefox-Spdy: h2
optimized-by.rubiconproject.com/a/11648/36314/150582-15.js?&cb=0.04515780405410996&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
35.157.163.64307 Temporary Redirect 0 B URL HTTP/2 optimized-by.rubiconproject.com/a/11648/36314/150582-15.js?&cb=0.04515780405410996&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
IP 35.157.163.64:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a/11648/36314/150582-15.js?&cb=0.04515780405410996&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15 HTTP/1.1
Host: optimized-by.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
date: Wed, 30 Nov 2022 20:47:17 GMT
content-length: 0
location: https://vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.04515780405410996&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-forwarded-for: 91.90.42.154
x-forwarded-proto: https
x-forwarded-port: 443
x-amzn-trace-id: Root=1-6387c155-3ee541286cf43f4f2f440d14
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
referer: https://primeequitygroup.com.au/
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
X-Firefox-Spdy: h2
vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.04515780405410996&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
213.19.162.21200 OK 147 B URL HTTP/2 vast.rubiconproject.com/a/11648/36314/150582-15.js?tk_vps=2&&cb=0.04515780405410996&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15
IP 213.19.162.21:0
Hash 9441d4459f9bdf15aad152e66fc88643
e97b5816d440de61a5d5a7f47bb921cec240580b
9983e07b9631af361911c4abfcddf64df4a51003d916415dfab1e19c9cd16749
GET /a/11648/36314/150582-15.js?tk_vps=2&&cb=0.04515780405410996&tk_st=1&rp_s=c&p_exp=1&p_pos=btf&p_screen_res=1280x1024&ad_slot=36314_15 HTTP/1.1
Host: vast.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primeequitygroup.com.au/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.4
date: Wed, 30 Nov 2022 20:47:17 GMT
content-type: text/javascript
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LB44CX8P-1V-744K; Domain=.rubiconproject.com; Path=/; Expires=Thu, 30-Nov-2023 20:47:17 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qrKzA2+pgH1Zu9DtVM30fCgeJct9d5f2ulqfmqp0mbxQpS6nMq0PgUqOAp/632AyDdumcZlz7yr2IAXuoDlYL8AabSclL0N2+o=; Domain=.rubiconproject.com; Path=/; Expires=Thu, 30-Nov-2023 20:47:17 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 147
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash db5ed5146ed908db4a714cf0829e490f
861d0a6ba8200145c78ab706e2eb07eed758571e
7d402eca704c618b1a47920eec7291c3f207eb2db3425160e078212529d8b62b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6229
Cache-Control: max-age=169399
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:47:18 GMT
Etag: "63879bb8-1d7"
Expires: Fri, 02 Dec 2022 19:50:37 GMT
Last-Modified: Wed, 30 Nov 2022 18:06:48 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
pixel.quantserve.com/api/segments.json?a=p-9eJ8k4iSzux46&callback=qc_results&ttl=86400
91.228.74.159200 OK 39 B URL HTTP/2 pixel.quantserve.com/api/segments.json?a=p-9eJ8k4iSzux46&callback=qc_results&ttl=86400
IP 91.228.74.159:0
Hash 9c5453ce3943ebf709c68c4358907916
25c057fa107fca0917c7dca9f432cdce93ce2316
c47bb8af6317ddc64116b9fa30f3d2d46ea6b759789556c003a08fd57c0f6e8a
GET /api/segments.json?a=p-9eJ8k4iSzux46&callback=qc_results&ttl=86400 HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 20:47:18 GMT
content-type: application/x-javascript
content-length: 39
cache-control: private, no-transform, must-revalidate, max-age=86400
expires: Thu, 01 Dec 2022 20:47:18 GMT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
set-cookie: mc=6387c156-08686-4242d-ece20; expires=Sun, 31-Dec-2023 20:47:18 GMT; path=/; domain=.quantserve.com
X-Firefox-Spdy: h2
primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff2
122.201.80.182404 Not Found 315 B URL HTTP/2 primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff2
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff2 HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 30 Nov 2022 20:47:18 GMT
content-type: text/html; charset=iso-8859-1
content-length: 315
X-Firefox-Spdy: h2
primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/moatad_002.js
122.201.80.182200 OK 73 kB URL HTTP/2 primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/moatad_002.js
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
Hash f2254dd74129cb5139eb154061a2bf4d
e1c80924bf405fde1a48ff7dd8e09ae3a3d9e760
6598a393c0d9281336fd508a84897441f43333c8c3088b60d320f475529afcf4
Analyzer Verdict Alert fortinet Phishing
GET /acces/Sign%20in%20to%20XFINITY_files/moatad_002.js HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/?entity=1073444
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:15 GMT
content-type: application/javascript
last-modified: Tue, 25 Oct 2022 11:04:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-Light.woff2
122.201.80.182404 Not Found 315 B URL HTTP/2 primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-Light.woff2
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Light.woff2 HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 30 Nov 2022 20:47:18 GMT
content-type: text/html; charset=iso-8859-1
content-length: 315
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9c70aeb1d5dc937cb0f0668addc0d185
b14b223e8bd64f17784185266edf0b52d9a1e6c5
1257c74d178fb6425525857d02bdf15acf116fa7cf25521c7dd5e10b6269ab54
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6545
Cache-Control: max-age=89107
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:47:18 GMT
Etag: "638660d8-1d7"
Expires: Thu, 01 Dec 2022 21:32:25 GMT
Last-Modified: Tue, 29 Nov 2022 19:43:20 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/all.js
122.201.80.182200 OK 82 kB URL HTTP/2 primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/all.js
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
Hash 38cfe84e6661c017ec4e7f4e9d3594e7
f5ecad92819d5ab5a675c401c061d37f6c6dd09d
3bc34d1add139a939292df86df6472e566f66a7f63e205fe88d9aca9810b49b0
Analyzer Verdict Alert fortinet Phishing
GET /acces/Sign%20in%20to%20XFINITY_files/all.js HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/?entity=1073444
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:15 GMT
content-type: application/javascript
last-modified: Tue, 25 Oct 2022 11:04:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/ao6eUeuGXQq.htm
122.201.80.182200 OK 17 kB URL HTTP/2 primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/ao6eUeuGXQq.htm
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6078), with CRLF line terminators
Hash 9922458cb6254769b56591dbc1dc09fe
9e5e45878fd2024b41bc47dcb59a096fb65bc65d
686657c40c7df232e408c1bb2ee85b6d7bdb256581ecd22686d23bd178befc9a
Analyzer Verdict Alert fortinet Phishing
GET /acces/Sign%20in%20to%20XFINITY_files/ao6eUeuGXQq.htm HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/?entity=1073444
Cookie: OX_sd=1; OX_plg=pm
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:18 GMT
content-type: text/html
content-length: 16871
last-modified: Tue, 25 Oct 2022 11:04:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/dest5.htm
122.201.80.182200 OK 4.2 kB URL HTTP/2 primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/dest5.htm
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (581), with CRLF line terminators
Hash bca5675fe990e0cf10ada92892b4469b
fe22bdb21a46264c5d41dd0a032f26cfcd9314bf
ac3af5d86b1b86bed0c272d4bee25d13f4993322fce9906018c299a764365d6b
Analyzer Verdict Alert fortinet Phishing
GET /acces/Sign%20in%20to%20XFINITY_files/dest5.htm HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/?entity=1073444
Cookie: OX_sd=1; OX_plg=pm
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:18 GMT
content-type: text/html
content-length: 4199
last-modified: Tue, 25 Oct 2022 11:04:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
staticxx.facebook.com/connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42
31.13.72.12404 Not Found 9 B URL HTTP/2 staticxx.facebook.com/connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42
IP 31.13.72.12:0
File type ASCII text, with no line terminators
Hash 9d1ead73e678fa2f51a70a933b0bf017
d205cbd6783332a212c5ae92d73c77178c2d2f28
0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5
GET /connect/xd_arbiter/r/ao6eUeuGXQq.js?version=42 HTTP/1.1
Host: staticxx.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: yV8uTBpQG0gNtupSz1WZcTYQCIK7Zfy0UHKQgpBWNeaoJOgybWY1HNf5h/Qwrnikf4NhOXwbK6T1nrXAIi5NjA==
content-length: 9
priority: u=3,i
x-fb-trip-id: 1904183273
date: Wed, 30 Nov 2022 20:47:18 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1601a7c8a96ebe5b2af6fe1abcb6b90b
fb19f5121052f37c9cef4640791964583618560c
893364204eb010f01c891762b80db20df137be75ecb85fa4e22dbc68143b53fb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3359
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:47:18 GMT
Last-Modified: Wed, 30 Nov 2022 19:51:19 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff
122.201.80.182404 Not Found 315 B URL HTTP/2 primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Medium.woff HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 30 Nov 2022 20:47:18 GMT
content-type: text/html; charset=iso-8859-1
content-length: 315
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ebaa9692e77ef97a29d8c5b5bedd135c
8db0072c0d6c1a02289b8f66b4fb606acf990705
0898efc9cb9ea243e7fc3def241a75f7595268d2c1eaa29d7103b3acf563639b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=167530
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:47:18 GMT
Etag: "6387acc0-1d7"
Expires: Fri, 02 Dec 2022 19:19:28 GMT
Last-Modified: Wed, 30 Nov 2022 19:19:28 GMT
Server: nginx
Content-Length: 471
primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-Light.woff
122.201.80.182404 Not Found 315 B URL HTTP/2 primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-Light.woff
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Light.woff HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 30 Nov 2022 20:47:18 GMT
content-type: text/html; charset=iso-8859-1
content-length: 315
X-Firefox-Spdy: h2
primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-Thin.woff
122.201.80.182404 Not Found 315 B URL HTTP/2 primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-Thin.woff
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Thin.woff HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 30 Nov 2022 20:47:18 GMT
content-type: text/html; charset=iso-8859-1
content-length: 315
X-Firefox-Spdy: h2
serviceos.comcast.net/b/ss/comcastnetdev/1/H.27.5/s42734518223423?AQB=1&ndh=1&t=30%2F10%2F2022%2020%3A47%3A16%203%200&ce=UTF-8&ns=comcast&pageName=sign%20in&g=https%3A%2F%2Fprimeequitygroup.com.au%2Facces%2F%3Fentity%3D1073444&cc=USD&ch=sign%20in&events=event11&c1=%2Facces%2F%2F%3Asign%20in&v1=%2Facces%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Facces%2F&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1280&bh=939&AQE=1
15.188.95.229302 Found 0 B URL HTTP/2 serviceos.comcast.net/b/ss/comcastnetdev/1/H.27.5/s42734518223423?AQB=1&ndh=1&t=30%2F10%2F2022%2020%3A47%3A16%203%200&ce=UTF-8&ns=comcast&pageName=sign%20in&g=https%3A%2F%2Fprimeequitygroup.com.au%2Facces%2F%3Fentity%3D1073444&cc=USD&ch=sign%20in&events=event11&c1=%2Facces%2F%2F%3Asign%20in&v1=%2Facces%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Facces%2F&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1280&bh=939&AQE=1
IP 15.188.95.229:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/ss/comcastnetdev/1/H.27.5/s42734518223423?AQB=1&ndh=1&t=30%2F10%2F2022%2020%3A47%3A16%203%200&ce=UTF-8&ns=comcast&pageName=sign%20in&g=https%3A%2F%2Fprimeequitygroup.com.au%2Facces%2F%3Fentity%3D1073444&cc=USD&ch=sign%20in&events=event11&c1=%2Facces%2F%2F%3Asign%20in&v1=%2Facces%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Facces%2F&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1280&bh=939&AQE=1 HTTP/1.1
Host: serviceos.comcast.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
access-control-allow-origin: *
vary: Origin
date: Wed, 30 Nov 2022 20:47:18 GMT
content-type: text/plain;charset=utf-8
expires: Tue, 29 Nov 2022 20:47:18 GMT
last-modified: Thu, 01 Dec 2022 20:47:18 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|31C3E0AB43B9EA6D-600003CF14DA3548[CE]; Path=/; Domain=comcast.net; Max-Age=63072000; Expires=Fri, 29 Nov 2024 20:47:47 GMT;
location: https://serviceos.comcast.net/b/ss/comcastnetdev/1/H.27.5/s42734518223423?AQB=1&pccr=true&vidn=31C3E0AB43B9EA6D-600003CF14DA3548&ndh=1&t=30%2F10%2F2022%2020%3A47%3A16%203%200&ce=UTF-8&ns=comcast&pageName=sign%20in&g=https%3A%2F%2Fprimeequitygroup.com.au%2Facces%2F%3Fentity%3D1073444&cc=USD&ch=sign%20in&events=event11&c1=%2Facces%2F%2F%3Asign%20in&v1=%2Facces%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Facces%2F&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1280&bh=939&AQE=1
content-length: 0
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
serviceos.comcast.net/b/ss/comcastnetdev/1/H.27.5/s42734518223423?AQB=1&pccr=true&vidn=31C3E0AB43B9EA6D-600003CF14DA3548&ndh=1&t=30%2F10%2F2022%2020%3A47%3A16%203%200&ce=UTF-8&ns=comcast&pageName=sign%20in&g=https%3A%2F%2Fprimeequitygroup.com.au%2Facces%2F%3Fentity%3D1073444&cc=USD&ch=sign%20in&events=event11&c1=%2Facces%2F%2F%3Asign%20in&v1=%2Facces%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Facces%2F&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1280&bh=939&AQE=1
15.188.95.229200 OK 43 B URL HTTP/2 serviceos.comcast.net/b/ss/comcastnetdev/1/H.27.5/s42734518223423?AQB=1&pccr=true&vidn=31C3E0AB43B9EA6D-600003CF14DA3548&ndh=1&t=30%2F10%2F2022%2020%3A47%3A16%203%200&ce=UTF-8&ns=comcast&pageName=sign%20in&g=https%3A%2F%2Fprimeequitygroup.com.au%2Facces%2F%3Fentity%3D1073444&cc=USD&ch=sign%20in&events=event11&c1=%2Facces%2F%2F%3Asign%20in&v1=%2Facces%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Facces%2F&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1280&bh=939&AQE=1
IP 15.188.95.229:0
File type GIF image data, version 89a, 2 x 2\012- data
Hash ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
GET /b/ss/comcastnetdev/1/H.27.5/s42734518223423?AQB=1&pccr=true&vidn=31C3E0AB43B9EA6D-600003CF14DA3548&ndh=1&t=30%2F10%2F2022%2020%3A47%3A16%203%200&ce=UTF-8&ns=comcast&pageName=sign%20in&g=https%3A%2F%2Fprimeequitygroup.com.au%2Facces%2F%3Fentity%3D1073444&cc=USD&ch=sign%20in&events=event11&c1=%2Facces%2F%2F%3Asign%20in&v1=%2Facces%2F%2F%3Asign%20in&c4=sign%20in&c7=my-xfinity&v7=my-xfinity&c23=large&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=large&c44=anonymous%3Asign%20in&v47=anonymous&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=%2Facces%2F&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1280&bh=939&AQE=1 HTTP/1.1
Host: serviceos.comcast.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primeequitygroup.com.au/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
date: Wed, 30 Nov 2022 20:47:18 GMT
expires: Tue, 29 Nov 2022 20:47:18 GMT
last-modified: Thu, 01 Dec 2022 20:47:18 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|31C3E0AB46FB955C-60001E472A5ED533[CE]; Path=/; Domain=comcast.net; Max-Age=63072000; Expires=Fri, 29 Nov 2024 20:47:47 GMT;
etag: 3585956754551963648-4619389502545122610
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-Medium.ttf
122.201.80.182404 Not Found 315 B URL HTTP/2 primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-Medium.ttf
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Medium.ttf HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 30 Nov 2022 20:47:18 GMT
content-type: text/html; charset=iso-8859-1
content-length: 315
X-Firefox-Spdy: h2
primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-Light.ttf
122.201.80.182404 Not Found 315 B URL HTTP/2 primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-Light.ttf
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Light.ttf HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 30 Nov 2022 20:47:18 GMT
content-type: text/html; charset=iso-8859-1
content-length: 315
X-Firefox-Spdy: h2
primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-Thin.ttf
122.201.80.182404 Not Found 315 B URL HTTP/2 primeequitygroup.com.au/static/fonts/Xfinity-Standard/XfinityStandard-Thin.ttf
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /static/fonts/Xfinity-Standard/XfinityStandard-Thin.ttf HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/styles-light.css
Cookie: OX_sd=1; OX_plg=pm
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 30 Nov 2022 20:47:18 GMT
content-type: text/html; charset=iso-8859-1
content-length: 315
X-Firefox-Spdy: h2
secure-assets.rubiconproject.com/static/psa/blank/1x1.png
2.21.206.244200 OK 155 B URL HTTP/2 secure-assets.rubiconproject.com/static/psa/blank/1x1.png
IP 2.21.206.244:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 0fed6b76619acefb38a43867d5fbbd65
b4881fe00376089907ce39fb43398fe2b9d55b8a
172f8ce100094feaee2d292f56c5a847b0a89852a43e79ef7743d28d06dec7d7
GET /static/psa/blank/1x1.png HTTP/1.1
Host: secure-assets.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Tue, 01 Oct 2019 16:53:58 GMT
accept-ranges: bytes
content-type: image/png
content-encoding: gzip
unused62: 8096267
content-length: 155
date: Wed, 30 Nov 2022 20:47:19 GMT
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 8084f7c0c28956fcf9a6ff20649067c6
2152ee24020739139bf1f185ca34d215b5500032
85e7af2423ee2d4b3f6ae13762dd5fe182b8cbfb9800a0a84ddebbf60ba45835
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6369
Cache-Control: max-age=144335
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:47:19 GMT
Etag: "63873945-139"
Expires: Fri, 02 Dec 2022 12:52:54 GMT
Last-Modified: Wed, 30 Nov 2022 11:06:45 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 313
rtax.criteo.com/delivery/rta/rta.js?netId=2528&cookieName=crtg_comcast&rnd=29976452716&varName=crtg_content
178.250.2.157204 No Content 0 B URL HTTP/2 rtax.criteo.com/delivery/rta/rta.js?netId=2528&cookieName=crtg_comcast&rnd=29976452716&varName=crtg_content
IP 178.250.2.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /delivery/rta/rta.js?netId=2528&cookieName=crtg_comcast&rnd=29976452716&varName=crtg_content HTTP/1.1
Host: rtax.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.20.1
date: Wed, 30 Nov 2022 20:47:19 GMT
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f63c071f661813d5657ca867b0f91b97
11987be75d28b797d903d64ffc4f66c48d6a8547
5c074f044e8cf10dd486fe253534842e77b316ff232574d9cc3db761f9e5ce33
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6363
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 20:47:19 GMT
Etag: "6386f2ff-1d7"
Last-Modified: Wed, 30 Nov 2022 19:01:16 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
comcastathena.demdex.net/event?d_nsid=1&d_ld=_ts%3D1669841236910&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_1_1669841236910&c_pageName=sign%20in&c_channel=sign%20in&c_events=event11&c_prop1=%2Facces%2F%2F%3Asign%20in&c_eVar1=%2Facces%2F%2F%3Asign%20in&c_prop4=sign%20in&c_prop7=my-xfinity&c_eVar7=my-xfinity&c_prop23=large&c_prop31=comcast&c_eVar31=sign%20in&c_prop32=cim&c_eVar32=cim&c_prop33=comcast%20net&c_eVar33=comcast%20net&c_prop34=comcast%20net%3Asign%20in&c_prop35=authentication&c_eVar35=authentication&c_prop36=site%3Ahome&c_eVar36=site%3Ahome&c_eVar41=large&c_prop44=anonymous%3Asign%20in&c_eVar47=anonymous&c_hier1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&c_hier2=%2Facces%2F
99.81.119.147302 Found 0 B URL HTTP/1.1 comcastathena.demdex.net/event?d_nsid=1&d_ld=_ts%3D1669841236910&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_1_1669841236910&c_pageName=sign%20in&c_channel=sign%20in&c_events=event11&c_prop1=%2Facces%2F%2F%3Asign%20in&c_eVar1=%2Facces%2F%2F%3Asign%20in&c_prop4=sign%20in&c_prop7=my-xfinity&c_eVar7=my-xfinity&c_prop23=large&c_prop31=comcast&c_eVar31=sign%20in&c_prop32=cim&c_eVar32=cim&c_prop33=comcast%20net&c_eVar33=comcast%20net&c_prop34=comcast%20net%3Asign%20in&c_prop35=authentication&c_eVar35=authentication&c_prop36=site%3Ahome&c_eVar36=site%3Ahome&c_eVar41=large&c_prop44=anonymous%3Asign%20in&c_eVar47=anonymous&c_hier1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&c_hier2=%2Facces%2F
IP 99.81.119.147:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?d_nsid=1&d_ld=_ts%3D1669841236910&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_1_1669841236910&c_pageName=sign%20in&c_channel=sign%20in&c_events=event11&c_prop1=%2Facces%2F%2F%3Asign%20in&c_eVar1=%2Facces%2F%2F%3Asign%20in&c_prop4=sign%20in&c_prop7=my-xfinity&c_eVar7=my-xfinity&c_prop23=large&c_prop31=comcast&c_eVar31=sign%20in&c_prop32=cim&c_eVar32=cim&c_prop33=comcast%20net&c_eVar33=comcast%20net&c_prop34=comcast%20net%3Asign%20in&c_prop35=authentication&c_eVar35=authentication&c_prop36=site%3Ahome&c_eVar36=site%3Ahome&c_eVar41=large&c_prop44=anonymous%3Asign%20in&c_eVar47=anonymous&c_hier1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&c_hier2=%2Facces%2F HTTP/1.1
Host: comcastathena.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-0f822ad5b.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://comcastathena.demdex.net/firstevent?d_nsid=1&d_ld=_ts%3D1669841236910&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_1_1669841236910&c_pageName=sign%20in&c_channel=sign%20in&c_events=event11&c_prop1=%2Facces%2F%2F%3Asign%20in&c_eVar1=%2Facces%2F%2F%3Asign%20in&c_prop4=sign%20in&c_prop7=my-xfinity&c_eVar7=my-xfinity&c_prop23=large&c_prop31=comcast&c_eVar31=sign%20in&c_prop32=cim&c_eVar32=cim&c_prop33=comcast%20net&c_eVar33=comcast%20net&c_prop34=comcast%20net%3Asign%20in&c_prop35=authentication&c_eVar35=authentication&c_prop36=site%3Ahome&c_eVar36=site%3Ahome&c_eVar41=large&c_prop44=anonymous%3Asign%20in&c_eVar47=anonymous&c_hier1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&c_hier2=%2Facces%2F
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=50069073080443402801753333177112078342; Max-Age=15552000; Expires=Mon, 29 May 2023 20:47:19 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: I3teosgxQQ4=
Content-Length: 0
Connection: keep-alive
comcastathena.demdex.net/firstevent?d_nsid=1&d_ld=_ts%3D1669841236910&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_1_1669841236910&c_pageName=sign%20in&c_channel=sign%20in&c_events=event11&c_prop1=%2Facces%2F%2F%3Asign%20in&c_eVar1=%2Facces%2F%2F%3Asign%20in&c_prop4=sign%20in&c_prop7=my-xfinity&c_eVar7=my-xfinity&c_prop23=large&c_prop31=comcast&c_eVar31=sign%20in&c_prop32=cim&c_eVar32=cim&c_prop33=comcast%20net&c_eVar33=comcast%20net&c_prop34=comcast%20net%3Asign%20in&c_prop35=authentication&c_eVar35=authentication&c_prop36=site%3Ahome&c_eVar36=site%3Ahome&c_eVar41=large&c_prop44=anonymous%3Asign%20in&c_eVar47=anonymous&c_hier1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&c_hier2=%2Facces%2F
99.81.119.147200 OK 67 B URL HTTP/1.1 comcastathena.demdex.net/firstevent?d_nsid=1&d_ld=_ts%3D1669841236910&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_1_1669841236910&c_pageName=sign%20in&c_channel=sign%20in&c_events=event11&c_prop1=%2Facces%2F%2F%3Asign%20in&c_eVar1=%2Facces%2F%2F%3Asign%20in&c_prop4=sign%20in&c_prop7=my-xfinity&c_eVar7=my-xfinity&c_prop23=large&c_prop31=comcast&c_eVar31=sign%20in&c_prop32=cim&c_eVar32=cim&c_prop33=comcast%20net&c_eVar33=comcast%20net&c_prop34=comcast%20net%3Asign%20in&c_prop35=authentication&c_eVar35=authentication&c_prop36=site%3Ahome&c_eVar36=site%3Ahome&c_eVar41=large&c_prop44=anonymous%3Asign%20in&c_eVar47=anonymous&c_hier1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&c_hier2=%2Facces%2F
IP 99.81.119.147:0
File type ASCII text, with no line terminators
Hash 39f9a038014cd7ba24d49fd600caa26a
3b90aa8e27f84b0e117f4faa97c3126c2de563b6
8d6229675237d192c7819fe3b0450ab68133a77e29056650ce6aca34cf14a546
GET /firstevent?d_nsid=1&d_ld=_ts%3D1669841236910&d_rtbd=json&d_jsonv=1&d_dst=1&d_cb=demdexRequestCallback_1_1669841236910&c_pageName=sign%20in&c_channel=sign%20in&c_events=event11&c_prop1=%2Facces%2F%2F%3Asign%20in&c_eVar1=%2Facces%2F%2F%3Asign%20in&c_prop4=sign%20in&c_prop7=my-xfinity&c_eVar7=my-xfinity&c_prop23=large&c_prop31=comcast&c_eVar31=sign%20in&c_prop32=cim&c_eVar32=cim&c_prop33=comcast%20net&c_eVar33=comcast%20net&c_prop34=comcast%20net%3Asign%20in&c_prop35=authentication&c_eVar35=authentication&c_prop36=site%3Ahome&c_eVar36=site%3Ahome&c_eVar41=large&c_prop44=anonymous%3Asign%20in&c_eVar47=anonymous&c_hier1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&c_hier2=%2Facces%2F HTTP/1.1
Host: comcastathena.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primeequitygroup.com.au/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/javascript;charset=utf-8
DCS: dcs-prod-irl1-1-v045-06ebc79ba.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: rYOpgtCIRm8=
Content-Length: 67
Connection: keep-alive
ocsp.comodoca.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash c4e2537392456b64830d0ca5038010b4
7ab4c65ac55c656ac9a4e8f5f9bdcdde323562f6
9d2e3751d7563249fb355388c16cb5a9b2f5caa818d01cb9996b9647962ee39d
POST / HTTP/1.1
Host: ocsp.comodoca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 20:47:19 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 10:07:28 GMT
Expires: Mon, 05 Dec 2022 10:07:27 GMT
Etag: "7ab4c65ac55c656ac9a4e8f5f9bdcdde323562f6"
Cache-Control: max-age=601137,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 909
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 772670049c29fabc-OSL
login.comcast.net/static/images/global/favicon.ico
76.96.69.84200 OK 1.2 kB URL HTTP/1.1 login.comcast.net/static/images/global/favicon.ico
IP 76.96.69.84:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 8591b1e1977be23073d13751a5f203d0
3f549eff3cf641803992d8748202bf0775f4765e
a0307845ad0d4579ae6e7283a02b81403767295ab37cc0b144ac9d60772ebf97
GET /static/images/global/favicon.ico HTTP/1.1
Host: login.comcast.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 20:47:19 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Last-Modified: Tue, 11 Jan 2022 16:05:32 GMT
Accept-Ranges: bytes
Content-Length: 1150
Keep-Alive: timeout=5, max=500
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon
www.facebook.com/impression.php/f16b53efcaece52/?api_key=161991040493541&lid=115&payload=%7B%22source%22%3A%22jssdk%22%7D
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/impression.php/f16b53efcaece52/?api_key=161991040493541&lid=115&payload=%7B%22source%22%3A%22jssdk%22%7D
IP 31.13.72.36:0
GET /impression.php/f16b53efcaece52/?api_key=161991040493541&lid=115&payload=%7B%22source%22%3A%22jssdk%22%7D HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
content-type: image/gif
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
x-fb-debug: XPq1Ht+6RvIkoUzrsB+YEmmxeg1DC1oMw5uTgwgke2CZviuvtA+DFhdbtqAx8UaRih7siCtZMVCXFaaDzdrpQQ==
date: Wed, 30 Nov 2022 20:47:19 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/moatad.js
122.201.80.182200 OK 0 B URL HTTP/2 primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/moatad.js
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
Analyzer Verdict Alert fortinet Phishing
GET /acces/Sign%20in%20to%20XFINITY_files/moatad.js HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/?entity=1073444
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:15 GMT
content-type: application/javascript
last-modified: Tue, 25 Oct 2022 11:04:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/omniture_visId.js
122.201.80.182200 OK 0 B URL HTTP/2 primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/omniture_visId.js
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
Analyzer Verdict Alert fortinet Phishing
GET /acces/Sign%20in%20to%20XFINITY_files/omniture_visId.js HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/?entity=1073444
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:15 GMT
content-type: application/javascript
last-modified: Tue, 25 Oct 2022 11:04:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/jquery-1.js
122.201.80.182200 OK 0 B URL HTTP/2 primeequitygroup.com.au/acces/Sign%20in%20to%20XFINITY_files/jquery-1.js
IP 122.201.80.182:0
ASN #38719 Dreamscape Networks Limited
Analyzer Verdict Alert fortinet Phishing
GET /acces/Sign%20in%20to%20XFINITY_files/jquery-1.js HTTP/1.1
Host: primeequitygroup.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://primeequitygroup.com.au/acces/?entity=1073444
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 20:47:15 GMT
content-type: application/javascript
last-modified: Tue, 25 Oct 2022 11:04:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2