Report - chartwellfavdr.securevdr.com/f/foc187ba-44bb-424e-9679-408f0c34e5ea

Report Overview

Visited public
2023-11-10 16:44:46
Tags
URL
chartwellfavdr.securevdr.com/f/foc187ba-44bb-424e-9679-408f0c34e5ea
Finishing URL
chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr#/Credentials
IP / ASN
76.223.1.166
#16509 AMAZON-02
Title
ShareFile Login

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
chartwellfavdr.sf-api.com	unknown	unknown	No data	No data	3.4 kB	13 kB	13.248.193.251
piletfeed-cdn.sharefile.io	unknown	2015-10-30	2023-05-06 05:35:19	2023-11-03 08:06:51	2.8 kB	528 kB	54.230.111.68
ocsp.e2m02.amazontrust.com	unknown	2007-05-11	2022-12-07 11:11:00	2023-11-10 14:09:58	680 B	1.5 kB	108.157.233.112
auth.sharefile.io	unknown	2015-10-30	2023-05-05 23:17:05	2023-11-05 19:05:24	2.7 kB	2.4 kB	3.230.100.127
citrix-sharefile-data.customer.pendo.io	20931	2013-06-17	2020-05-06 19:23:19	2023-11-03 06:21:39	4.2 kB	34 kB	142.250.74.147
chartwellfavdr.securevdr.com	unknown	2010-01-27	2017-05-12 00:37:41	2023-11-01 16:46:59	62 kB	4.2 MB	13.248.193.251
app.launchdarkly.com	1861	2014-07-15	2015-06-15 07:36:08	2023-11-10 05:18:13	1.0 kB	1.7 kB	151.101.66.217
citrix-sharefile-content.customer.pendo.io	24563	2013-06-17	2020-05-06 19:23:20	2023-11-06 20:26:09	1.9 kB	318 kB	34.107.168.21
events.launchdarkly.com	1653	2014-07-15	2016-02-06 08:13:26	2023-11-10 09:18:14	562 B	472 B	54.205.230.48

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing
2023-11-01	medium	chartwellfavdr.securevdr.com/	Generic/Spear Phishing

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (17)

	URL	From	Size	First Seen	Last Seen
	chartwellfavdr.securevdr.com/AuthUI/build/static/js/258.9fe7f494.chunk.js?v=qkJYM3SAz8gTmIzYTSIWorGIlT9T5BkKrWIyyRL-MtY	ScriptElement	48 kB	2023-08-02	2024-08-21
Pretty URL chartwellfavdr.securevdr.com/AuthUI/build/static/js/258.9fe7f494.chunk.js?v=qkJYM3SAz8gTmIzYTSIWorGIlT9T5BkKrWIyyRL-MtY IP 13.248.193.251 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-02 21:29 Last Seen2024-08-21 09:37 Times Seen55 Hash 5f2ebf48082954adf2a45821462e5146 8919c74944d0f001bddae96b397e06f741a1e9de aa4258337480cfc813988cd84d2216a2b188953f53e4190aad6232c912fe32d6 Loading...

	chartwellfavdr.securevdr.com/AuthUI/build/static/js/658.7d9c3b6f.chunk.js?v=q8K9C-6S9AydAfHdZZDLIo6ozjjxsViHdZo-nsxXuOM	ScriptElement	26 kB	2023-08-02	2024-08-21
Pretty URL chartwellfavdr.securevdr.com/AuthUI/build/static/js/658.7d9c3b6f.chunk.js?v=q8K9C-6S9AydAfHdZZDLIo6ozjjxsViHdZo-nsxXuOM IP 13.248.193.251 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-02 21:29 Last Seen2024-08-21 09:37 Times Seen55 Hash 6a115004753430b782a32781d4adcfef 76cf81af930cd29b532cd03844ee6410433fa7ce abc2bd0bee92f40c9d01f1dd6590cb228ea8ce38f1b15887759a3e9ecc57b8e3 Loading...

	chartwellfavdr.securevdr.com/AuthUI/build/static/js/124.a5f412cb.chunk.js?v=96OO1-vfmL8IWAHN7v9QMiF2XOqVWqF83J2FC9KNC5s	ScriptElement	25 kB	2023-08-02	2024-08-21
Pretty URL chartwellfavdr.securevdr.com/AuthUI/build/static/js/124.a5f412cb.chunk.js?v=96OO1-vfmL8IWAHN7v9QMiF2XOqVWqF83J2FC9KNC5s IP 13.248.193.251 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-02 21:29 Last Seen2024-08-21 09:37 Times Seen55 Hash 7d13272e58f25fc107fa6566c882d9c1 c8d51d8772e211ca04aba4edd9a6166b1188a62f f7a38ed7ebdf98bf085801cdeeff503221765cea955aa17cdc9d850bd28d0b9b Loading...

	chartwellfavdr.securevdr.com/AuthUI/build/static/js/619.2c2d0d34.chunk.js?v=kyf-PrNXmd-6M3R1w5-2FJ-97RnkDw8n8FsWCJvAclM	ScriptElement	26 kB	2023-08-02	2024-08-21
Pretty URL chartwellfavdr.securevdr.com/AuthUI/build/static/js/619.2c2d0d34.chunk.js?v=kyf-PrNXmd-6M3R1w5-2FJ-97RnkDw8n8FsWCJvAclM IP 13.248.193.251 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-02 21:29 Last Seen2024-08-21 09:37 Times Seen55 Hash 7447c03dc503bdbc1bbb2d992b83c721 6ae9acb86c98b82fda2132b496498d5235d1c5fd 9327fe3eb35799dfba337475c39fb6149fbded19e40f0f27f05b16089bc07253 Loading...

	chartwellfavdr.securevdr.com/AuthUI/build/static/js/787.670bc603.chunk.js?v=BiFKq3qpMFWIoP7RxxIQPSs0sf02kf6bFGIM-K6ERkA	ScriptElement	4.6 kB	2023-08-02	2025-04-14
Pretty URL chartwellfavdr.securevdr.com/AuthUI/build/static/js/787.670bc603.chunk.js?v=BiFKq3qpMFWIoP7RxxIQPSs0sf02kf6bFGIM-K6ERkA IP 13.248.193.251 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-02 21:29 Last Seen2025-04-14 17:56 Times Seen94 Hash bf494c81cc24bb8ec83bac235e392bd4 95c527e08c8278074a4873a727ec31a886ce8888 06214aab7aa9305588a0fed1c712103d2b34b1fd3691fe9b14620cf8ae844640 Loading...

	chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr	ScriptElement	0 B	0001-01-01	2025-05-05
Pretty URL chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr IP 13.248.193.251 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-05 05:06 Times Seen4609244 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	chartwellfavdr.securevdr.com/AuthUI/build/static/js/252.f74271a1.chunk.js?v=uMVv4HJsPFMWWSD7SdzfSfE7xDXvVGRhxSmIGlJseEA	ScriptElement	40 kB	2023-08-02	2024-08-21
Pretty URL chartwellfavdr.securevdr.com/AuthUI/build/static/js/252.f74271a1.chunk.js?v=uMVv4HJsPFMWWSD7SdzfSfE7xDXvVGRhxSmIGlJseEA IP 13.248.193.251 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-02 21:29 Last Seen2024-08-21 09:37 Times Seen34 Hash 640a2a872096db6811450a28a5c493aa 899ce2578fdb7ca4e3736c8d4f8c79e948120706 b8c56fe0726c3c53165920fb49dcdf49f13bc435ef546461c529881a526c7840 Loading...

	chartwellfavdr.securevdr.com/AuthUI/build/static/js/771.65ff3a17.chunk.js?v=xzCabI_w951JxW85RpRvMYy5wDwlz6BhqTClTwa9Jzg	ScriptElement	12 kB	2023-10-13	2023-11-29
Pretty URL chartwellfavdr.securevdr.com/AuthUI/build/static/js/771.65ff3a17.chunk.js?v=xzCabI_w951JxW85RpRvMYy5wDwlz6BhqTClTwa9Jzg IP 13.248.193.251 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 23:52 Last Seen2023-11-29 22:57 Times Seen10 Hash d9a6cf8298a9c92643f58e5fb5964adb 4551fec6cc538c4a4d55a03dec947495a0a7bd2c c7309a6c8ff0f79d49c56f3946946f318cb9c03c25cfa061a930a54f06bd2738 Loading...

	chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr	ScriptElement	0 B	0001-01-01	2025-05-05
Pretty URL chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr IP 13.248.193.251 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-05 05:06 Times Seen4609244 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	chartwellfavdr.securevdr.com/AuthUI/build/static/js/726.b30a96e3.chunk.js?v=ky0qRD1OlxknbNEfITIzE6kTRa-vv9cX-JlI11lNGH4	ScriptElement	23 kB	2023-09-15	2024-08-21
Pretty URL chartwellfavdr.securevdr.com/AuthUI/build/static/js/726.b30a96e3.chunk.js?v=ky0qRD1OlxknbNEfITIzE6kTRa-vv9cX-JlI11lNGH4 IP 13.248.193.251 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-15 21:23 Last Seen2024-08-21 06:47 Times Seen51 Hash 798ceea97025e933d604a127697939ef f63d98843faff32a1c8aed2dad704960bc1a727c 932d2a443d4e9719276cd11f21323313a91345afafbfd717f89948d7594d187e Loading...

	citrix-sharefile-content.customer.pendo.io/agent/static/74b07336-7560-45fc-7cd1-95032a784d52/pendo.js	ScriptElement	455 kB	2023-11-10	2023-11-14
Pretty URL citrix-sharefile-content.customer.pendo.io/agent/static/74b07336-7560-45fc-7cd1-95032a784d52/pendo.js IP 34.107.168.21 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-10 17:44 Last Seen2023-11-14 04:33 Times Seen2 Hash cf375ebab5ec77622d1005b04a884759 078743263234e3c7b20707761c6c44f530d6f719 d087aa37bf32093e82b15ddf717eaab8b29eaf780c1ab0bba0d3e2981112af0a Loading...

	chartwellfavdr.securevdr.com/AuthUI/build/static/js/32.e601914c.chunk.js?v=EOyOS50wMNU8G3Q73ZDv8Z_8jQja0Xm9yj_zYtSFaQ0	ScriptElement	25 kB	2023-08-02	2024-08-21
Pretty URL chartwellfavdr.securevdr.com/AuthUI/build/static/js/32.e601914c.chunk.js?v=EOyOS50wMNU8G3Q73ZDv8Z_8jQja0Xm9yj_zYtSFaQ0 IP 13.248.193.251 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-02 21:29 Last Seen2024-08-21 09:37 Times Seen55 Hash 3310912d906d1dd866862ea65e9c06f6 7c2aa310b3be50b83e577b9ea4015e3d179d638f 10ec8e4b9d3030d53c1b743bdd90eff19ffc8d08dad179bdca3ff362d485690d Loading...

	chartwellfavdr.securevdr.com/AuthUI/build/static/js/599.288c8f29.chunk.js?v=vcYfSBtn9vBiPCaCrQu9EJbHRKTrJaD6y26x0fb2XIU	ScriptElement	35 kB	2023-08-02	2024-08-21
Pretty URL chartwellfavdr.securevdr.com/AuthUI/build/static/js/599.288c8f29.chunk.js?v=vcYfSBtn9vBiPCaCrQu9EJbHRKTrJaD6y26x0fb2XIU IP 13.248.193.251 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-02 21:29 Last Seen2024-08-21 09:37 Times Seen34 Hash 7f262a9306e11adacf6999f8c46ed6d3 2bf8957932ccb554b9e6e54e97dc2775db3db648 bdc61f481b67f6f0623c2682ad0bbd1096c744a4eb25a0facb6eb1d1f6f65c85 Loading...

	chartwellfavdr.securevdr.com/AuthUI/build/static/js/757.1dc93063.chunk.js?v=adK2jcX_vD965aZh50RvY4vm2qPBdYq2uUAGyepO9oA	ScriptElement	27 kB	2023-08-02	2024-08-21
Pretty URL chartwellfavdr.securevdr.com/AuthUI/build/static/js/757.1dc93063.chunk.js?v=adK2jcX_vD965aZh50RvY4vm2qPBdYq2uUAGyepO9oA IP 13.248.193.251 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-02 21:29 Last Seen2024-08-21 09:37 Times Seen55 Hash b4f766e9cc499605c25c99116d2e917a af02225085d031bb623027ee38f6a69aafd65384 69d2b68dc5ffbc3f7ae5a661e7446f638be6daa3c1758ab6b94006c9ea4ef680 Loading...

	chartwellfavdr.securevdr.com/AuthUI/build/static/js/270.61fb746c.chunk.js?v=dziHL9UfesuyMrHg1jgqDmfbumenyiePWBHRCL9pbXY	ScriptElement	26 kB	2023-08-02	2024-08-21
Pretty URL chartwellfavdr.securevdr.com/AuthUI/build/static/js/270.61fb746c.chunk.js?v=dziHL9UfesuyMrHg1jgqDmfbumenyiePWBHRCL9pbXY IP 13.248.193.251 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-02 21:29 Last Seen2024-08-21 09:37 Times Seen55 Hash f90c984cfa3d6b6dee438ca23c4529cb 1a1e5972c286bef0039ddc8f4a6c8ed4374bdc49 7738872fd51f7acbb232b1e0d6382a0e67dbba67a7ca278f5811d108bf696d76 Loading...

	chartwellfavdr.securevdr.com/AuthUI/build/static/js/871.65610964.chunk.js?v=A3bWCesfh7W313CN05WFktyhsamoVr9xxcUzi7duwhw	ScriptElement	85 kB	2023-08-02	2024-08-21
Pretty URL chartwellfavdr.securevdr.com/AuthUI/build/static/js/871.65610964.chunk.js?v=A3bWCesfh7W313CN05WFktyhsamoVr9xxcUzi7duwhw IP 13.248.193.251 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-02 21:29 Last Seen2024-08-21 09:37 Times Seen34 Hash 3ade46c10939d3ac9772896f9e7e89ce 4348134bda087a8e2189ef131507811a3d05aff0 0376d609eb1f87b5b7d7708dd3958592dca1b1a9a856bf71c5c5338bb76ec21c Loading...

	chartwellfavdr.securevdr.com/AuthUI/build/static/js/main.00f56014.js?v=cO3cHVLcbt7fCxdJ2xr4uE2tt-Qw1k8IZrscvB-6C9w	ScriptElement	909 kB	2023-11-10	2023-11-29
Pretty URL chartwellfavdr.securevdr.com/AuthUI/build/static/js/main.00f56014.js?v=cO3cHVLcbt7fCxdJ2xr4uE2tt-Qw1k8IZrscvB-6C9w IP 13.248.193.251 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-10 17:44 Last Seen2023-11-29 22:57 Times Seen8 Hash 3c3bbbbc4c63b0979330a12c806bc4cb a64d58890f9ce135284d1df7bd652c9eeb3a80e4 70eddc1d52dc6ededf0b1749db1af8b84dadb7e430d64f0866bb1cbc1fba0bdc Loading...

HTTP Transactions (57)

URL IP Response Size

chartwellfavdr.securevdr.com/css/spinner.css

13.248.193.251

1.4 kB

URL
chartwellfavdr.securevdr.com/css/spinner.css
IP
13.248.193.251:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
1.4 kB (1385 bytes)
Hash
ffd490e3848cb3b2956370d1fe90b090
6c297aca0cc7f400847cd014c136f73df8a6bbfa
4578b19321803cc1614a1389000ac2fe6e67d2b8acf14db13a5faa111fabd417

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /css/spinner.css HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/f/foc187ba-44bb-424e-9679-408f0c34e5ea
DNT: 1
Connection: keep-alive
Cookie: AWSALBTG=YWkBoBI4+P4+7qlu1MnZMsiMZ7OsajssSuiwvyYa8cttrVdocxQaiGWymAxn51+EP5fU8f4UicvEo7wsAka/bwwv30F+afv1Tv3i83bZMolZuKsb2GP8Ax7o7AaT3eZdgCaXrBnnKldaUiS+v6KjNQY+NeT61hs0AnrmYUTWSgB9; AWSALBTGCORS=YWkBoBI4+P4+7qlu1MnZMsiMZ7OsajssSuiwvyYa8cttrVdocxQaiGWymAxn51+EP5fU8f4UicvEo7wsAka/bwwv30F+afv1Tv3i83bZMolZuKsb2GP8Ax7o7AaT3eZdgCaXrBnnKldaUiS+v6KjNQY+NeT61hs0AnrmYUTWSgB9; AWSALB=VTXadEd85jh8XVFUobSZ+BJKFTUezJ+8KvvU92d7q3uNbPeYz/8gEcYOUdIXdhpGmbTTzR3C5hsXt6g63GvpZexONN3mDr6Pi9U8cFPQgI/HxANE+uBd7J3ctK6/; AWSALBCORS=VTXadEd85jh8XVFUobSZ+BJKFTUezJ+8KvvU92d7q3uNbPeYz/8gEcYOUdIXdhpGmbTTzR3C5hsXt6g63GvpZexONN3mDr6Pi9U8cFPQgI/HxANE+uBd7J3ctK6/; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:27 GMT
content-type: text/css
content-length: 1385
set-cookie: AWSALBTG=j26xI1XVDO7eX4lJnkOCEQaMYCCQrl4eHVRatq5PqmgbEX4q7xBCuTsJDSI/HD1PoO5duj3Ga7JLeLMqIlLxmcp+fRYX43W7rUMHhBWlFhvTw8Mji9LN0+rrOPSUr8DjKh/RFGcqxzENIlPdj28hn1cAJBbMIXXlimLI3p3EvvsC; Expires=Fri, 17 Nov 2023 16:44:27 GMT; Path=/
AWSALBTGCORS=j26xI1XVDO7eX4lJnkOCEQaMYCCQrl4eHVRatq5PqmgbEX4q7xBCuTsJDSI/HD1PoO5duj3Ga7JLeLMqIlLxmcp+fRYX43W7rUMHhBWlFhvTw8Mji9LN0+rrOPSUr8DjKh/RFGcqxzENIlPdj28hn1cAJBbMIXXlimLI3p3EvvsC; Expires=Fri, 17 Nov 2023 16:44:27 GMT; Path=/; SameSite=None; Secure
AWSALB=D721sDrZw7MwHOKWm0jMF6SYwQwRpbMpd+Y33mpLWr8o3AzNYD5xa3npumqm2tJqMF8bGMXf+3AjNbYClBjw++dClLDgi6JZSwW9k6n5fVgOdDa6F5f/y0RrM89+; Expires=Fri, 17 Nov 2023 16:44:27 GMT; Path=/
AWSALBCORS=D721sDrZw7MwHOKWm0jMF6SYwQwRpbMpd+Y33mpLWr8o3AzNYD5xa3npumqm2tJqMF8bGMXf+3AjNbYClBjw++dClLDgi6JZSwW9k6n5fVgOdDa6F5f/y0RrM89+; Expires=Fri, 17 Nov 2023 16:44:27 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f483b2e9"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/css/spinner.svg

13.248.193.251

1.1 kB

URL
chartwellfavdr.securevdr.com/css/spinner.svg
IP
13.248.193.251:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.1 kB (1078 bytes)
Hash
0b9726cb63a6e71fd4d9943432b477eb
104e86a22b59431a168dc47e395e0623f4cc0e6e
eba14d4acd1165cd639fbbfd843fd9eb922b594067e27ea1ec8360a504bf9f60

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /css/spinner.svg HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/css/spinner.css
DNT: 1
Connection: keep-alive
Cookie: AWSALBTG=1wyFI4/KBX2znj5LE9lkbCUbgWMFL4JgVjjMfWfqMfEE6EyNNrXWCoR0wJwHNoo/7XUPY6NVSgF9JimdwhbRPXR5TE96GZIX9uxwxrX0nIWd4btx7GQWaRe7SAl1rU0WG6/NPwWnUogEJx3CJctyM2CZNSDEFYSl/N3RY7xm76n7; AWSALBTGCORS=1wyFI4/KBX2znj5LE9lkbCUbgWMFL4JgVjjMfWfqMfEE6EyNNrXWCoR0wJwHNoo/7XUPY6NVSgF9JimdwhbRPXR5TE96GZIX9uxwxrX0nIWd4btx7GQWaRe7SAl1rU0WG6/NPwWnUogEJx3CJctyM2CZNSDEFYSl/N3RY7xm76n7; AWSALB=pV7Jy2yjYVI1TQGrAjzNFC+m4ms8AeOtgYwwhW1nFuVBPP3VbseJhZUVdU7tvk1MXtdu0rR1kc5tUgVB/eB87Uh+P5oKNa0Sz/VMjaM2aCbzk/36gHpzabbjxL50; AWSALBCORS=pV7Jy2yjYVI1TQGrAjzNFC+m4ms8AeOtgYwwhW1nFuVBPP3VbseJhZUVdU7tvk1MXtdu0rR1kc5tUgVB/eB87Uh+P5oKNa0Sz/VMjaM2aCbzk/36gHpzabbjxL50; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:27 GMT
content-type: image/svg+xml
content-length: 1078
set-cookie: AWSALBTG=c/n+Y01U9KGQzJ1qRng6GBwJMLijwrQYqAwVH5zpx2FglE4c2I4yvZr4VgwdkomL/GYkb2zlUj61nHMIGN2wCLD16zgxfV6iiKrAp0CB/2n+6HjLDbX/JCDiXkzJXV9WlZ7rCJsuH+Oy6RTdaF1i1YvdrvqliA269dDuyT2miL2K; Expires=Fri, 17 Nov 2023 16:44:27 GMT; Path=/
AWSALBTGCORS=c/n+Y01U9KGQzJ1qRng6GBwJMLijwrQYqAwVH5zpx2FglE4c2I4yvZr4VgwdkomL/GYkb2zlUj61nHMIGN2wCLD16zgxfV6iiKrAp0CB/2n+6HjLDbX/JCDiXkzJXV9WlZ7rCJsuH+Oy6RTdaF1i1YvdrvqliA269dDuyT2miL2K; Expires=Fri, 17 Nov 2023 16:44:27 GMT; Path=/; SameSite=None; Secure
AWSALB=aecg91lklbU0j+ZUQo21waSgyuvh9atBHufKZ0r2eA6xoL8gXho5Qi6GPaNPncQcbxNbBzk+rV6SLGf9qjsEeVSC5FU91L/iVLTudrHaOsphJAFrS5sThb1FlrpW; Expires=Fri, 17 Nov 2023 16:44:27 GMT; Path=/
AWSALBCORS=aecg91lklbU0j+ZUQo21waSgyuvh9atBHufKZ0r2eA6xoL8gXho5Qi6GPaNPncQcbxNbBzk+rV6SLGf9qjsEeVSC5FU91L/iVLTudrHaOsphJAFrS5sThb1FlrpW; Expires=Fri, 17 Nov 2023 16:44:27 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f483b3b6"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/bundles/index.3877040b1d9713995f50.js

13.248.193.251

2.7 MB

URL
chartwellfavdr.securevdr.com/bundles/index.3877040b1d9713995f50.js
IP
13.248.193.251:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (65452)
Size
2.7 MB (2714045 bytes)
Hash
3688fbdc0c74b9217976ea30f0cdf4e3
efef108344cc6c27a252e3aea55b684a485c74ab
82e85bc6471784ab9f39588b31c5916278ce5e45867e62248327e981498c8213

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /bundles/index.3877040b1d9713995f50.js HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/f/foc187ba-44bb-424e-9679-408f0c34e5ea
DNT: 1
Connection: keep-alive
Cookie: AWSALBTG=YWkBoBI4+P4+7qlu1MnZMsiMZ7OsajssSuiwvyYa8cttrVdocxQaiGWymAxn51+EP5fU8f4UicvEo7wsAka/bwwv30F+afv1Tv3i83bZMolZuKsb2GP8Ax7o7AaT3eZdgCaXrBnnKldaUiS+v6KjNQY+NeT61hs0AnrmYUTWSgB9; AWSALBTGCORS=YWkBoBI4+P4+7qlu1MnZMsiMZ7OsajssSuiwvyYa8cttrVdocxQaiGWymAxn51+EP5fU8f4UicvEo7wsAka/bwwv30F+afv1Tv3i83bZMolZuKsb2GP8Ax7o7AaT3eZdgCaXrBnnKldaUiS+v6KjNQY+NeT61hs0AnrmYUTWSgB9; AWSALB=VTXadEd85jh8XVFUobSZ+BJKFTUezJ+8KvvU92d7q3uNbPeYz/8gEcYOUdIXdhpGmbTTzR3C5hsXt6g63GvpZexONN3mDr6Pi9U8cFPQgI/HxANE+uBd7J3ctK6/; AWSALBCORS=VTXadEd85jh8XVFUobSZ+BJKFTUezJ+8KvvU92d7q3uNbPeYz/8gEcYOUdIXdhpGmbTTzR3C5hsXt6g63GvpZexONN3mDr6Pi9U8cFPQgI/HxANE+uBd7J3ctK6/; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:27 GMT
content-type: application/javascript
content-length: 2714045
set-cookie: AWSALBTG=1wyFI4/KBX2znj5LE9lkbCUbgWMFL4JgVjjMfWfqMfEE6EyNNrXWCoR0wJwHNoo/7XUPY6NVSgF9JimdwhbRPXR5TE96GZIX9uxwxrX0nIWd4btx7GQWaRe7SAl1rU0WG6/NPwWnUogEJx3CJctyM2CZNSDEFYSl/N3RY7xm76n7; Expires=Fri, 17 Nov 2023 16:44:27 GMT; Path=/
AWSALBTGCORS=1wyFI4/KBX2znj5LE9lkbCUbgWMFL4JgVjjMfWfqMfEE6EyNNrXWCoR0wJwHNoo/7XUPY6NVSgF9JimdwhbRPXR5TE96GZIX9uxwxrX0nIWd4btx7GQWaRe7SAl1rU0WG6/NPwWnUogEJx3CJctyM2CZNSDEFYSl/N3RY7xm76n7; Expires=Fri, 17 Nov 2023 16:44:27 GMT; Path=/; SameSite=None; Secure
AWSALB=pV7Jy2yjYVI1TQGrAjzNFC+m4ms8AeOtgYwwhW1nFuVBPP3VbseJhZUVdU7tvk1MXtdu0rR1kc5tUgVB/eB87Uh+P5oKNa0Sz/VMjaM2aCbzk/36gHpzabbjxL50; Expires=Fri, 17 Nov 2023 16:44:27 GMT; Path=/
AWSALBCORS=pV7Jy2yjYVI1TQGrAjzNFC+m4ms8AeOtgYwwhW1nFuVBPP3VbseJhZUVdU7tvk1MXtdu0rR1kc5tUgVB/eB87Uh+P5oKNa0Sz/VMjaM2aCbzk/36gHpzabbjxL50; Expires=Fri, 17 Nov 2023 16:44:27 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f4aade3d"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

app.launchdarkly.com/sdk/goals/5f33f5d44f29ea099db90d2a

151.101.66.217

23 B

URL
app.launchdarkly.com/sdk/goals/5f33f5d44f29ea099db90d2a
IP
151.101.66.217:0
ASN
#54113 FASTLY

File type
gzip compressed data\012- data
Size
23 B (23 bytes)
Hash
f0d79988b7772c003d04a28bd7417a62
58423a999eec2997bcfffb247e9ecd3dfd0abf44
30e6fa98fb48c2b132824d1ac5e2243c0be9e9082ff32598d34d7687ca7f6c7f

HTTP Headers

OPTIONS /sdk/goals/5f33f5d44f29ea099db90d2a HTTP/1.1
Host: app.launchdarkly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-launchdarkly-user-agent
Origin: https://chartwellfavdr.securevdr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-origin: *
access-control-max-age: 3600
allow: GET, OPTIONS, HEAD
content-encoding: gzip
ld-region: us-east-1
strict-transport-security: max-age=31536000
accept-ranges: bytes
date: Fri, 10 Nov 2023 16:44:29 GMT
via: 1.1 varnish
x-served-by: cache-bma1631-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1699634669.256280,VS0,VE1
vary: Accept-Encoding
age: 0
content-length: 23
X-Firefox-Spdy: h2

app.launchdarkly.com/sdk/goals/5f33f5d44f29ea099db90d2a

151.101.66.217

26 B

URL
app.launchdarkly.com/sdk/goals/5f33f5d44f29ea099db90d2a
IP
151.101.66.217:0
ASN
#54113 FASTLY

File type
JSON data\012- , ASCII text, with no line terminators
Size
26 B (26 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

HTTP Headers

GET /sdk/goals/5f33f5d44f29ea099db90d2a HTTP/1.1
Host: app.launchdarkly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-LaunchDarkly-User-Agent: JSClient/3.1.1
Origin: https://chartwellfavdr.securevdr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/json
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-origin: *
access-control-max-age: 300
cache-control: max-age=0
content-encoding: gzip
content-md5: d751713988987e9331980363e24189ce
etag: "d751713988987e9331980363e24189ce"
ld-region: us-east-1
strict-transport-security: max-age=31536000
accept-ranges: bytes
date: Fri, 10 Nov 2023 16:44:29 GMT
via: 1.1 varnish
x-served-by: cache-bma1631-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1699634669.270708,VS0,VE1
vary: Accept-Encoding
age: 0
content-length: 26
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/bundles/2dce45613ae4c62ae950.js

13.248.193.251

12 kB

URL
chartwellfavdr.securevdr.com/bundles/2dce45613ae4c62ae950.js
IP
13.248.193.251:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (11463), with no line terminators
Size
12 kB (11463 bytes)
Hash
03fe5457db5a0430753f6cf80ac98012
437d1dece2835cd8b084942f7e028b6283bf4963
51a3e183355641b3f881398766567a23f541375a566b41560b3fca9f57af76a4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /bundles/2dce45613ae4c62ae950.js HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/f/foc187ba-44bb-424e-9679-408f0c34e5ea
DNT: 1
Connection: keep-alive
Cookie: AWSALBTG=c/n+Y01U9KGQzJ1qRng6GBwJMLijwrQYqAwVH5zpx2FglE4c2I4yvZr4VgwdkomL/GYkb2zlUj61nHMIGN2wCLD16zgxfV6iiKrAp0CB/2n+6HjLDbX/JCDiXkzJXV9WlZ7rCJsuH+Oy6RTdaF1i1YvdrvqliA269dDuyT2miL2K; AWSALBTGCORS=c/n+Y01U9KGQzJ1qRng6GBwJMLijwrQYqAwVH5zpx2FglE4c2I4yvZr4VgwdkomL/GYkb2zlUj61nHMIGN2wCLD16zgxfV6iiKrAp0CB/2n+6HjLDbX/JCDiXkzJXV9WlZ7rCJsuH+Oy6RTdaF1i1YvdrvqliA269dDuyT2miL2K; AWSALB=aecg91lklbU0j+ZUQo21waSgyuvh9atBHufKZ0r2eA6xoL8gXho5Qi6GPaNPncQcbxNbBzk+rV6SLGf9qjsEeVSC5FU91L/iVLTudrHaOsphJAFrS5sThb1FlrpW; AWSALBCORS=aecg91lklbU0j+ZUQo21waSgyuvh9atBHufKZ0r2eA6xoL8gXho5Qi6GPaNPncQcbxNbBzk+rV6SLGf9qjsEeVSC5FU91L/iVLTudrHaOsphJAFrS5sThb1FlrpW; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:29 GMT
content-type: application/javascript
content-length: 11463
set-cookie: AWSALBTG=2SSAOfe6n/UEX2T8haDiFxhLkKDxl9jjFhA6R1XuGKwH/Lgu9AqO8HQGjQC2d4dYRGFNpVIPZSK+QXIFqZ/3Tmd31wwduCHrskuSQnWr9orxL0xTJAAx3yRui40wLkvLOpqFenD0jky5l38u61bLXzgfP0BEAnUCVND7luRlPB9C; Expires=Fri, 17 Nov 2023 16:44:29 GMT; Path=/
AWSALBTGCORS=2SSAOfe6n/UEX2T8haDiFxhLkKDxl9jjFhA6R1XuGKwH/Lgu9AqO8HQGjQC2d4dYRGFNpVIPZSK+QXIFqZ/3Tmd31wwduCHrskuSQnWr9orxL0xTJAAx3yRui40wLkvLOpqFenD0jky5l38u61bLXzgfP0BEAnUCVND7luRlPB9C; Expires=Fri, 17 Nov 2023 16:44:29 GMT; Path=/; SameSite=None; Secure
AWSALB=ra5UQuEgp58UrtQqBdh/0YytvO8Oyy8xtSeOPAKMIc85oTduyVivuwFuF8Ui/1nZxJnPCZ21h7xh8R6nD6XyR2K00Zt/1z0ozgFVQB/w0KvxY5jrx998LdaCprw2; Expires=Fri, 17 Nov 2023 16:44:29 GMT; Path=/
AWSALBCORS=ra5UQuEgp58UrtQqBdh/0YytvO8Oyy8xtSeOPAKMIc85oTduyVivuwFuF8Ui/1nZxJnPCZ21h7xh8R6nD6XyR2K00Zt/1z0ozgFVQB/w0KvxY5jrx998LdaCprw2; Expires=Fri, 17 Nov 2023 16:44:29 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f4839b47"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

citrix-sharefile-content.customer.pendo.io/agent/static/74b07336-7560-45fc-7cd1-95032a784d52/pendo.js

34.107.168.21

200 OK

149 kB

URL GET HTTP/3
citrix-sharefile-content.customer.pendo.io/agent/static/74b07336-7560-45fc-7cd1-95032a784d52/pendo.js
IP
34.107.168.21:443
ASN
#15169 GOOGLE

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerGoogle Trust Services LLC
Subjectcitrix-sharefile-content.customer.pendo.io
Fingerprint39:58:BF:FF:8A:88:70:89:25:D9:EA:D6:79:7B:B3:C6:02:1D:83:63
ValidityMon, 16 Oct 2023 15:55:32 GMT - Sun, 14 Jan 2024 16:48:25 GMT

File type
ASCII text, with very long lines (65310)
Size
149 kB (149147 bytes)
Hash
cf375ebab5ec77622d1005b04a884759
078743263234e3c7b20707761c6c44f530d6f719
d087aa37bf32093e82b15ddf717eaab8b29eaf780c1ab0bba0d3e2981112af0a

HTTP Headers

GET /agent/static/74b07336-7560-45fc-7cd1-95032a784d52/pendo.js HTTP/1.1
Host: citrix-sharefile-content.customer.pendo.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-guploader-uploadid: ABPtcPr5Sr-t1Eefnb2pUAHeQhRKiI83eXOru3T6paW8rffG6-h_elp42oo4jLeZmUrrvHr-APBL2MGNJOltbjdL_P1JFtNixlCq
x-goog-generation: 1699557118852460
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 149147
content-encoding: gzip
x-goog-hash: crc32c=E38Qlg==, md5=7FPYYlSQ7TvIazW+vZZDLQ==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 149147
access-control-allow-origin: *
access-control-expose-headers: *
server: UploadServer
date: Fri, 10 Nov 2023 16:41:23 GMT
age: 186
last-modified: Thu, 09 Nov 2023 19:11:58 GMT
etag: "ec53d8625490ed3bc86b35bebd96432d"
content-type: application/javascript
vary: Accept-Encoding
cache-control: public,max-age=450
strict-transport-security: max-age=63072000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

chartwellfavdr.sf-api.com/sf/v3/Accounts/Branding

13.248.193.251

2.8 kB

URL
chartwellfavdr.sf-api.com/sf/v3/Accounts/Branding
IP
13.248.193.251:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (2794), with no line terminators
Size
2.8 kB (2794 bytes)
Hash
70570867696e5b808d51197cb3131023
6ee616489fe58296a353a519c5450b1d4a455c31
73cde5176c7d691a876e16b68bb4275b3fdc2c5fd0a45ec13b1f29797d105a5f

HTTP Headers

GET /sf/v3/Accounts/Branding HTTP/1.1
Host: chartwellfavdr.sf-api.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://chartwellfavdr.securevdr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:29 GMT
content-type: application/json; charset=utf-8
content-length: 2794
set-cookie: AWSALBTG=H5cTj7bzbM8IOR/dJ2+16KjNSHrQR3Z9LxivdY2RirEHdJS6PsahRitactvbQvJm3qFpa80vlasD8hJwyhloh14+tqj1qoZ5LXq28VCSWFtyaG3Tuhem129Kervk9/yawSi0+mCStV7pIzWx67/2vfZVR7pCmar5DXFIAB1SFb5U; Expires=Fri, 17 Nov 2023 16:44:29 GMT; Path=/
AWSALBTGCORS=H5cTj7bzbM8IOR/dJ2+16KjNSHrQR3Z9LxivdY2RirEHdJS6PsahRitactvbQvJm3qFpa80vlasD8hJwyhloh14+tqj1qoZ5LXq28VCSWFtyaG3Tuhem129Kervk9/yawSi0+mCStV7pIzWx67/2vfZVR7pCmar5DXFIAB1SFb5U; Expires=Fri, 17 Nov 2023 16:44:29 GMT; Path=/; SameSite=None; Secure
AWSALB=48zZWqZyTonhPSNt3vp3xd49vU90g6r0wl6XcPfdWHHKUBhu12W8eRAxPFfm8ojp98DxXGHrEAlTkpHoxJHcUxsKKpDMkTTLuJUnLsW06NOIm3KN9T4f6QrKNT9l; Expires=Fri, 17 Nov 2023 16:44:29 GMT; Path=/
AWSALBCORS=48zZWqZyTonhPSNt3vp3xd49vU90g6r0wl6XcPfdWHHKUBhu12W8eRAxPFfm8ojp98DxXGHrEAlTkpHoxJHcUxsKKpDMkTTLuJUnLsW06NOIm3KN9T4f6QrKNT9l; Expires=Fri, 17 Nov 2023 16:44:29 GMT; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
access-control-allow-origin: https://chartwellfavdr.securevdr.com
access-control-expose-headers: Authorization
cache-control: no-store, no-cache
content-language: en
expires: Thu, 09 Nov 2023 16:44:29 GMT
vary: Origin
citrix-transactionid: 778bdbb3-0c06-4555-ba93-cf6dee013f13
correlationid: uqCuAAATNE2DP_rZIj4YhQ
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
x-robots-tag: noindex
x-sfapi-accountid: adeeef39-7afd-471b-985f-b3096344d8e6
x-sfapi-oauthclientid: 
x-sfapi-appcode: _None
x-sfapi-requestid: SRXCcyyk9kqtquMjMF5zHg
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/favicon-16x16.png

13.248.193.251

200 OK

568 B

URL GET HTTP/2
chartwellfavdr.securevdr.com/favicon-16x16.png
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
568 B (568 bytes)
Hash
9ae1ab7759b51b5354eb303fa30a0241
7da466ca1e5fa2df9b4366e0f009632432a859ff
eb255a0a33ccbb521ff84cec5f3904653bbfde929a4da2617eee2f02ac66541e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /favicon-16x16.png HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/f/foc187ba-44bb-424e-9679-408f0c34e5ea
DNT: 1
Connection: keep-alive
Cookie: AWSALBTG=2SSAOfe6n/UEX2T8haDiFxhLkKDxl9jjFhA6R1XuGKwH/Lgu9AqO8HQGjQC2d4dYRGFNpVIPZSK+QXIFqZ/3Tmd31wwduCHrskuSQnWr9orxL0xTJAAx3yRui40wLkvLOpqFenD0jky5l38u61bLXzgfP0BEAnUCVND7luRlPB9C; AWSALBTGCORS=2SSAOfe6n/UEX2T8haDiFxhLkKDxl9jjFhA6R1XuGKwH/Lgu9AqO8HQGjQC2d4dYRGFNpVIPZSK+QXIFqZ/3Tmd31wwduCHrskuSQnWr9orxL0xTJAAx3yRui40wLkvLOpqFenD0jky5l38u61bLXzgfP0BEAnUCVND7luRlPB9C; AWSALB=ra5UQuEgp58UrtQqBdh/0YytvO8Oyy8xtSeOPAKMIc85oTduyVivuwFuF8Ui/1nZxJnPCZ21h7xh8R6nD6XyR2K00Zt/1z0ozgFVQB/w0KvxY5jrx998LdaCprw2; AWSALBCORS=ra5UQuEgp58UrtQqBdh/0YytvO8Oyy8xtSeOPAKMIc85oTduyVivuwFuF8Ui/1nZxJnPCZ21h7xh8R6nD6XyR2K00Zt/1z0ozgFVQB/w0KvxY5jrx998LdaCprw2; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:29 GMT
content-type: image/png
content-length: 568
set-cookie: AWSALBTG=lkkygxriEa3XxUbukxXdakPRd0vcDRMc79Jb3INuZhI7tGu6/bCS9JOVGOmNOVoubtCu4XFwBNwBPHdErCBJ6QzYx+IPD9Tt4Khv2yfT+AKMGog3kkdwe2V/EffHXOsb1MIEZPkzrLVyMDf48frYQMlHFb03qbPMJ+OYxiexUE6p; Expires=Fri, 17 Nov 2023 16:44:29 GMT; Path=/
AWSALBTGCORS=lkkygxriEa3XxUbukxXdakPRd0vcDRMc79Jb3INuZhI7tGu6/bCS9JOVGOmNOVoubtCu4XFwBNwBPHdErCBJ6QzYx+IPD9Tt4Khv2yfT+AKMGog3kkdwe2V/EffHXOsb1MIEZPkzrLVyMDf48frYQMlHFb03qbPMJ+OYxiexUE6p; Expires=Fri, 17 Nov 2023 16:44:29 GMT; Path=/; SameSite=None; Secure
AWSALB=aSnVSo8rHGSxbmoAvtzRGVVYSgIRaazH8hjMiOpp+RYhqA5vvZ7M0HuAAV1HeCL2AOO5QoNgGL6mmgSunBFQ966uFkk/aS5JKL5WibGo+WZp9eTFetEYTb0i7zCV; Expires=Fri, 17 Nov 2023 16:44:29 GMT; Path=/
AWSALBCORS=aSnVSo8rHGSxbmoAvtzRGVVYSgIRaazH8hjMiOpp+RYhqA5vvZ7M0HuAAV1HeCL2AOO5QoNgGL6mmgSunBFQ966uFkk/aS5JKL5WibGo+WZp9eTFetEYTb0i7zCV; Expires=Fri, 17 Nov 2023 16:44:29 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f483b5b8"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/apple-touch-icon.png

13.248.193.251

200 OK

5.3 kB

URL GET HTTP/2
chartwellfavdr.securevdr.com/apple-touch-icon.png
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
5.3 kB (5266 bytes)
Hash
a4fc5f60fd03a5716671089af55b2333
e5aef883743c21aebd8ac8726f279724f9637a87
89cded2acd95305ba3a09f3e0e234cf17456174414ddab64397fb4126fe7856f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /apple-touch-icon.png HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/f/foc187ba-44bb-424e-9679-408f0c34e5ea
DNT: 1
Connection: keep-alive
Cookie: AWSALBTG=2SSAOfe6n/UEX2T8haDiFxhLkKDxl9jjFhA6R1XuGKwH/Lgu9AqO8HQGjQC2d4dYRGFNpVIPZSK+QXIFqZ/3Tmd31wwduCHrskuSQnWr9orxL0xTJAAx3yRui40wLkvLOpqFenD0jky5l38u61bLXzgfP0BEAnUCVND7luRlPB9C; AWSALBTGCORS=2SSAOfe6n/UEX2T8haDiFxhLkKDxl9jjFhA6R1XuGKwH/Lgu9AqO8HQGjQC2d4dYRGFNpVIPZSK+QXIFqZ/3Tmd31wwduCHrskuSQnWr9orxL0xTJAAx3yRui40wLkvLOpqFenD0jky5l38u61bLXzgfP0BEAnUCVND7luRlPB9C; AWSALB=ra5UQuEgp58UrtQqBdh/0YytvO8Oyy8xtSeOPAKMIc85oTduyVivuwFuF8Ui/1nZxJnPCZ21h7xh8R6nD6XyR2K00Zt/1z0ozgFVQB/w0KvxY5jrx998LdaCprw2; AWSALBCORS=ra5UQuEgp58UrtQqBdh/0YytvO8Oyy8xtSeOPAKMIc85oTduyVivuwFuF8Ui/1nZxJnPCZ21h7xh8R6nD6XyR2K00Zt/1z0ozgFVQB/w0KvxY5jrx998LdaCprw2; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:29 GMT
content-type: image/png
content-length: 5266
set-cookie: AWSALBTG=+uU54THpzDGBxffSOoKhgJPQcFr5BYKt/vcSMsBCGQV76fLt0YCGQvfdwQ1q950D5VJIqsOULYTWamUYjcIKntEDIcPyHaIRvF19QAma0Jp0LbjkauPWLxgLTxk3MNlDcxcw/fFNVsvcWl8r0ihdncRdqCPIYe0k5Zxa2AaJ8YJW; Expires=Fri, 17 Nov 2023 16:44:29 GMT; Path=/
AWSALBTGCORS=+uU54THpzDGBxffSOoKhgJPQcFr5BYKt/vcSMsBCGQV76fLt0YCGQvfdwQ1q950D5VJIqsOULYTWamUYjcIKntEDIcPyHaIRvF19QAma0Jp0LbjkauPWLxgLTxk3MNlDcxcw/fFNVsvcWl8r0ihdncRdqCPIYe0k5Zxa2AaJ8YJW; Expires=Fri, 17 Nov 2023 16:44:29 GMT; Path=/; SameSite=None; Secure
AWSALB=1hh0tKFXsQ1rK7jqsf0AhbCop63k4SY9kDqPZ4O3Nv10KktPhT+8yloUV6r/E7TQXVVBjEwFYKiEKOHLs86kya0iGhnLeRGGzlqJZBQLBtjh7nmELFaUtyW1uvW2; Expires=Fri, 17 Nov 2023 16:44:29 GMT; Path=/
AWSALBCORS=1hh0tKFXsQ1rK7jqsf0AhbCop63k4SY9kDqPZ4O3Nv10KktPhT+8yloUV6r/E7TQXVVBjEwFYKiEKOHLs86kya0iGhnLeRGGzlqJZBQLBtjh7nmELFaUtyW1uvW2; Expires=Fri, 17 Nov 2023 16:44:29 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f483a312"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-request-list-pilet/0.57.0/package/dist/main.css

54.230.111.68

0 B

URL
piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-request-list-pilet/0.57.0/package/dist/main.css
IP
54.230.111.68:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sharefile-web/sharefiledev-request-list-pilet/0.57.0/package/dist/main.css HTTP/1.1
Host: piletfeed-cdn.sharefile.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/css
content-length: 0
last-modified: Mon, 06 Nov 2023 16:02:07 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Fri, 10 Nov 2023 16:04:25 GMT
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-cache: Hit from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: WcQuO1JxILLI8A6C_bK2lM1RFugUFUPB48iXt6YhheY5AloBCqfBAA==
age: 2464
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2

piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-task-mgt-pilet/1.62.0/package/dist/main.css

54.230.111.68

0 B

URL
piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-task-mgt-pilet/1.62.0/package/dist/main.css
IP
54.230.111.68:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sharefile-web/sharefiledev-task-mgt-pilet/1.62.0/package/dist/main.css HTTP/1.1
Host: piletfeed-cdn.sharefile.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/css
content-length: 0
last-modified: Mon, 28 Aug 2023 06:26:51 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Fri, 10 Nov 2023 05:08:17 GMT
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-cache: Hit from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 1Kj0OKPlhYRra48I2J3Gd5TjV_zknT55Q_BwfnttDtSsZumSSR7vDw==
age: 42167
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2

piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-integrations-pilet/0.0.66/package/dist/main.css

54.230.111.68

996 B

URL
piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-integrations-pilet/0.0.66/package/dist/main.css
IP
54.230.111.68:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (960)
Size
996 B (996 bytes)
Hash
1e9b6f079c342c9414b54fc65f7a7bd7
a14674d4ab14f1031c92882efc09f7918d0c3a35
23c387011c719c4e9aec23a961fc5140ae8a3eed611f1169415ea1be2821826d

HTTP Headers

GET /sharefile-web/sharefiledev-integrations-pilet/0.0.66/package/dist/main.css HTTP/1.1
Host: piletfeed-cdn.sharefile.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/css
content-length: 996
last-modified: Sat, 04 Nov 2023 00:48:55 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Fri, 10 Nov 2023 04:25:43 GMT
etag: "1e9b6f079c342c9414b54fc65f7a7bd7"
x-cache: Hit from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: vTg6wNR2vwou2jHGwB8bc_7DzhacqsAZAHtwHwcJtL9tCQvCIiCI4g==
age: 44743
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2

piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-projects-pilet/1.69.0/package/dist/main.css

54.230.111.68

0 B

URL
piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-projects-pilet/1.69.0/package/dist/main.css
IP
54.230.111.68:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sharefile-web/sharefiledev-projects-pilet/1.69.0/package/dist/main.css HTTP/1.1
Host: piletfeed-cdn.sharefile.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/css
content-length: 0
last-modified: Thu, 02 Nov 2023 20:25:46 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Fri, 10 Nov 2023 01:57:10 GMT
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-cache: Hit from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: PdND9X2HcSEpPEcgnThWc26Pj2waHSaCTNNm7PjOR0sHbH0FQN1RsQ==
age: 53635
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/bundles/9c2ccd5a190625286d74.js

13.248.193.251

24 kB

URL
chartwellfavdr.securevdr.com/bundles/9c2ccd5a190625286d74.js
IP
13.248.193.251:0
ASN
#16509 AMAZON-02

File type
Unicode text, UTF-8 text, with very long lines (23804), with no line terminators
Size
24 kB (23812 bytes)
Hash
64c6eb18e7cbfcebdf0bd672be7b40a2
eb36285e765c51ff39c201eb702234e9d647df10
475b6dda038844fdcf6aaa2f3aabe40a9ca8bc24af4a47f583dd4af67c872ec8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /bundles/9c2ccd5a190625286d74.js HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/home/findroute/foc187ba-44bb-424e-9679-408f0c34e5ea
DNT: 1
Connection: keep-alive
Cookie: AWSALBTG=+uU54THpzDGBxffSOoKhgJPQcFr5BYKt/vcSMsBCGQV76fLt0YCGQvfdwQ1q950D5VJIqsOULYTWamUYjcIKntEDIcPyHaIRvF19QAma0Jp0LbjkauPWLxgLTxk3MNlDcxcw/fFNVsvcWl8r0ihdncRdqCPIYe0k5Zxa2AaJ8YJW; AWSALBTGCORS=+uU54THpzDGBxffSOoKhgJPQcFr5BYKt/vcSMsBCGQV76fLt0YCGQvfdwQ1q950D5VJIqsOULYTWamUYjcIKntEDIcPyHaIRvF19QAma0Jp0LbjkauPWLxgLTxk3MNlDcxcw/fFNVsvcWl8r0ihdncRdqCPIYe0k5Zxa2AaJ8YJW; AWSALB=1hh0tKFXsQ1rK7jqsf0AhbCop63k4SY9kDqPZ4O3Nv10KktPhT+8yloUV6r/E7TQXVVBjEwFYKiEKOHLs86kya0iGhnLeRGGzlqJZBQLBtjh7nmELFaUtyW1uvW2; AWSALBCORS=1hh0tKFXsQ1rK7jqsf0AhbCop63k4SY9kDqPZ4O3Nv10KktPhT+8yloUV6r/E7TQXVVBjEwFYKiEKOHLs86kya0iGhnLeRGGzlqJZBQLBtjh7nmELFaUtyW1uvW2; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:30 GMT
content-type: application/javascript
content-length: 23812
set-cookie: AWSALBTG=uilq5jXB4FIfyQY3QsrqRyUcW/aHtH6/J47HZD0WF3qlEsjTF3OQp0P/Qqc3v2nr4M6GXw5J/phtYKTeB4AmWWiaEF9gtcKzj0ylCNw4YRjj7wzbVwFjGsc2A3RzaPZ3M1/KpBjOOkrvcAUAVK2bKyJHrJClwhnCSwBDy4E6KDLI; Expires=Fri, 17 Nov 2023 16:44:30 GMT; Path=/
AWSALBTGCORS=uilq5jXB4FIfyQY3QsrqRyUcW/aHtH6/J47HZD0WF3qlEsjTF3OQp0P/Qqc3v2nr4M6GXw5J/phtYKTeB4AmWWiaEF9gtcKzj0ylCNw4YRjj7wzbVwFjGsc2A3RzaPZ3M1/KpBjOOkrvcAUAVK2bKyJHrJClwhnCSwBDy4E6KDLI; Expires=Fri, 17 Nov 2023 16:44:30 GMT; Path=/; SameSite=None; Secure
AWSALB=O6SydhnhCgJQvOodEEjFtILAmIp0oSxWHZ1HuoV3/F7dVOrTeYbaWdOubLJHG+SPE0I1YOfJs4yPInuMZxsK+9rbez+yaUb7GXv9niJWzEeLR0Xl8V+jLvYo4Xs5; Expires=Fri, 17 Nov 2023 16:44:30 GMT; Path=/
AWSALBCORS=O6SydhnhCgJQvOodEEjFtILAmIp0oSxWHZ1HuoV3/F7dVOrTeYbaWdOubLJHG+SPE0I1YOfJs4yPInuMZxsK+9rbez+yaUb7GXv9niJWzEeLR0Xl8V+jLvYo4Xs5; Expires=Fri, 17 Nov 2023 16:44:30 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f483ea84"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

chartwellfavdr.sf-api.com/sf/v3/Accounts/Branding

13.248.193.251

0 B

URL
chartwellfavdr.sf-api.com/sf/v3/Accounts/Branding
IP
13.248.193.251:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /sf/v3/Accounts/Branding HTTP/1.1
Host: chartwellfavdr.sf-api.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: correlationid,x-sf-app,x-sf-clientcapabilities
Origin: https://chartwellfavdr.securevdr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Fri, 10 Nov 2023 16:44:30 GMT
set-cookie: AWSALBTG=WOjD5acNGCCwNlM/LeZEIlwtce1Kw8jgQuDCc6Vc4uAdVhhobNY+x29O5xbE7GGQ3DeMoQf43i7sttRM2cHC3r/0pFLadd6eECl2aeL5ap37cZELaQfnhHsxzQhjbaJPczSWmKDiOeqHfrIrtXj1QvZsGkdR92yMMVvXt7TJeqK/; Expires=Fri, 17 Nov 2023 16:44:30 GMT; Path=/
AWSALBTGCORS=WOjD5acNGCCwNlM/LeZEIlwtce1Kw8jgQuDCc6Vc4uAdVhhobNY+x29O5xbE7GGQ3DeMoQf43i7sttRM2cHC3r/0pFLadd6eECl2aeL5ap37cZELaQfnhHsxzQhjbaJPczSWmKDiOeqHfrIrtXj1QvZsGkdR92yMMVvXt7TJeqK/; Expires=Fri, 17 Nov 2023 16:44:30 GMT; Path=/; SameSite=None; Secure
AWSALB=3gLPQaRmPN/qj0lPrLcia4frBkVK+mqMn3HYlz7N8ykzV98/GVtKKEqQyQ35ae3cBt8C2qoAdmrSDf2GHpL0VXvSR2MSuDztWR+SaH27kSZ9iGTYZO6z6qCo/Huy; Expires=Fri, 17 Nov 2023 16:44:30 GMT; Path=/
AWSALBCORS=3gLPQaRmPN/qj0lPrLcia4frBkVK+mqMn3HYlz7N8ykzV98/GVtKKEqQyQ35ae3cBt8C2qoAdmrSDf2GHpL0VXvSR2MSuDztWR+SaH27kSZ9iGTYZO6z6qCo/Huy; Expires=Fri, 17 Nov 2023 16:44:30 GMT; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Accept,Accept-Language,Authorization,Origin,X-HTTP-Method-Override,X-SF-App,X-SFAPI-Tool,X-SFAPI-ToolVersion,X-SF-CaptchaUserToken,X-SF-ClientCapabilities,X-SF-LimitedAuthId,CorrelationId
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://chartwellfavdr.securevdr.com
access-control-max-age: 600
vary: Origin
x-sfapi-requestid: LPig0VbJEEacW3--u51DLw
X-Firefox-Spdy: h2

chartwellfavdr.sf-api.com/sf/v3/Accounts/Branding

13.248.193.251

2.8 kB

URL
chartwellfavdr.sf-api.com/sf/v3/Accounts/Branding
IP
13.248.193.251:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (2794), with no line terminators
Size
2.8 kB (2794 bytes)
Hash
70570867696e5b808d51197cb3131023
6ee616489fe58296a353a519c5450b1d4a455c31
73cde5176c7d691a876e16b68bb4275b3fdc2c5fd0a45ec13b1f29797d105a5f

HTTP Headers

GET /sf/v3/Accounts/Branding HTTP/1.1
Host: chartwellfavdr.sf-api.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
X-SF-App: ShareFileWeb
X-SF-ClientCapabilities: HardLock,HardQuota,AthenaSSO
CorrelationId: yzPXAeFg2O-Q5D8iKEo6PA
Origin: https://chartwellfavdr.securevdr.com
DNT: 1
Connection: keep-alive
Cookie: AWSALBTGCORS=H5cTj7bzbM8IOR/dJ2+16KjNSHrQR3Z9LxivdY2RirEHdJS6PsahRitactvbQvJm3qFpa80vlasD8hJwyhloh14+tqj1qoZ5LXq28VCSWFtyaG3Tuhem129Kervk9/yawSi0+mCStV7pIzWx67/2vfZVR7pCmar5DXFIAB1SFb5U; AWSALBCORS=48zZWqZyTonhPSNt3vp3xd49vU90g6r0wl6XcPfdWHHKUBhu12W8eRAxPFfm8ojp98DxXGHrEAlTkpHoxJHcUxsKKpDMkTTLuJUnLsW06NOIm3KN9T4f6QrKNT9l
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:30 GMT
content-type: application/json; charset=utf-8
content-length: 2794
set-cookie: AWSALBTG=wsFlbuvb3ubMdJ2eJW7TXK94nfSLdyGp8OkbctGT6tgPrn0LaP1CAyci3pthsP7m2u4zlvLLc+6uYkPAo2qHK9AINQbdccujwRnPs9hHdWA0PgOv2AthXeiw4JVkhTCbiFU9W06hyvUDQuwLJOov38NU4FyZQhDjnWbU6pwWDQEZ; Expires=Fri, 17 Nov 2023 16:44:30 GMT; Path=/
AWSALBTGCORS=wsFlbuvb3ubMdJ2eJW7TXK94nfSLdyGp8OkbctGT6tgPrn0LaP1CAyci3pthsP7m2u4zlvLLc+6uYkPAo2qHK9AINQbdccujwRnPs9hHdWA0PgOv2AthXeiw4JVkhTCbiFU9W06hyvUDQuwLJOov38NU4FyZQhDjnWbU6pwWDQEZ; Expires=Fri, 17 Nov 2023 16:44:30 GMT; Path=/; SameSite=None; Secure
AWSALB=ruKmBXOa+KyFAeXaYrULOts8eg2b9cDeOCsg0gHXAlLOj13WV2PYaN9cYA4G5KL4iTvXefXqvS1Go0010v6Y318gWZUqhTGDNST3cAT9XPC58dKQ32iDYdyizesa; Expires=Fri, 17 Nov 2023 16:44:30 GMT; Path=/
AWSALBCORS=ruKmBXOa+KyFAeXaYrULOts8eg2b9cDeOCsg0gHXAlLOj13WV2PYaN9cYA4G5KL4iTvXefXqvS1Go0010v6Y318gWZUqhTGDNST3cAT9XPC58dKQ32iDYdyizesa; Expires=Fri, 17 Nov 2023 16:44:30 GMT; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
access-control-allow-origin: https://chartwellfavdr.securevdr.com
access-control-expose-headers: Authorization
cache-control: no-store, no-cache
content-language: en
expires: Thu, 09 Nov 2023 16:44:30 GMT
vary: Origin
citrix-transactionid: dd5e3485-e9d7-452f-a869-e6f8c53cbb05
correlationid: yzPXAeFg2O-Q5D8iKEo6PA
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
x-robots-tag: noindex
x-sfapi-accountid: adeeef39-7afd-471b-985f-b3096344d8e6
x-sfapi-oauthclientid: 
x-sfapi-appcode: _None
x-sfapi-requestid: znBxjd2Zbkqm8TKXXA77Jg
X-Firefox-Spdy: h2

ocsp.e2m02.amazontrust.com/

108.157.233.112

279 B

URL
ocsp.e2m02.amazontrust.com/
IP
108.157.233.112:0
ASN
#0

File type
data
Size
279 B (279 bytes)
Hash
832a055f5382d924717e861510fab94d
5ff041a28551ecef25211f8d03b4564f21e5c04a
692b356d55137272baa80901bdf56d416343a359aca7b62e7d4b77796c4869e2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.e2m02.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 279
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 10 Nov 2023 16:44:31 GMT
Last-Modified: Fri, 10 Nov 2023 16:33:06 GMT
Server: ECAcc (ska/F73A)
X-Cache: Miss from cloudfront
Via: 1.1 4a97b39292c0cc77b857d41135aea32a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P2
X-Amz-Cf-Id: 0YoxwQQkd8gWAnxfkfAq3nOmQAtrbJNhvtJYBJyIXtTbuPpEyuBFbg==
Age: 686

ocsp.e2m02.amazontrust.com/

108.157.233.112

279 B

URL
ocsp.e2m02.amazontrust.com/
IP
108.157.233.112:0
ASN
#0

File type
data
Size
279 B (279 bytes)
Hash
832a055f5382d924717e861510fab94d
5ff041a28551ecef25211f8d03b4564f21e5c04a
692b356d55137272baa80901bdf56d416343a359aca7b62e7d4b77796c4869e2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.e2m02.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 279
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 10 Nov 2023 16:44:31 GMT
Last-Modified: Fri, 10 Nov 2023 16:32:55 GMT
Server: ECAcc (ska/F791)
X-Cache: Miss from cloudfront
Via: 1.1 296d9c953cfde68911b6645bdd6877b2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P2
X-Amz-Cf-Id: Qq6xK6uflTdl2RsWYs8YT1JQTuMf4urlWE_MiG3QwtEYMJ4Hutrozg==
Age: 696

chartwellfavdr.sf-api.com/sf/v3/Users?%24expand=Preferences%2CIntegrations%2CHomeFolder%2CDefaultZone

13.248.193.251

0 B

URL
chartwellfavdr.sf-api.com/sf/v3/Users?%24expand=Preferences%2CIntegrations%2CHomeFolder%2CDefaultZone
IP
13.248.193.251:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /sf/v3/Users?%24expand=Preferences%2CIntegrations%2CHomeFolder%2CDefaultZone HTTP/1.1
Host: chartwellfavdr.sf-api.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: correlationid,x-sf-app,x-sf-clientcapabilities
Origin: https://chartwellfavdr.securevdr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Fri, 10 Nov 2023 16:44:31 GMT
set-cookie: AWSALBTG=Jte7Aqsm8hHZU2EFw3CLbbcT9Q4ZrWoAE/Ud4GALg6SxA18piAKXYJJgT3HGBXoahtiN2F/2+nb5dlWGN3Oi25ItDJ2XHeBY/fKuQNwIELKaaBHSK7eyHcOnW53F/b328Y58ZURI09exD6wBsD6DCtOt89Uy0nOtZFZBgFwbfjaa; Expires=Fri, 17 Nov 2023 16:44:31 GMT; Path=/
AWSALBTGCORS=Jte7Aqsm8hHZU2EFw3CLbbcT9Q4ZrWoAE/Ud4GALg6SxA18piAKXYJJgT3HGBXoahtiN2F/2+nb5dlWGN3Oi25ItDJ2XHeBY/fKuQNwIELKaaBHSK7eyHcOnW53F/b328Y58ZURI09exD6wBsD6DCtOt89Uy0nOtZFZBgFwbfjaa; Expires=Fri, 17 Nov 2023 16:44:31 GMT; Path=/; SameSite=None; Secure
AWSALB=B0wbFyfdLLnl12snZvTjgpB4aAiTi/MXrRQr5JcYvCVtJzjT4PqLnNBx2ZHb4wzah8XK4pyNv5of2Rpzse7tclXXtkw9a4tq3gpOj51yjVpjdT/CrcYSl+W8Md+9; Expires=Fri, 17 Nov 2023 16:44:31 GMT; Path=/
AWSALBCORS=B0wbFyfdLLnl12snZvTjgpB4aAiTi/MXrRQr5JcYvCVtJzjT4PqLnNBx2ZHb4wzah8XK4pyNv5of2Rpzse7tclXXtkw9a4tq3gpOj51yjVpjdT/CrcYSl+W8Md+9; Expires=Fri, 17 Nov 2023 16:44:31 GMT; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Accept,Accept-Language,Authorization,Origin,X-HTTP-Method-Override,X-SF-App,X-SFAPI-Tool,X-SFAPI-ToolVersion,X-SF-CaptchaUserToken,X-SF-ClientCapabilities,X-SF-LimitedAuthId,CorrelationId
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://chartwellfavdr.securevdr.com
access-control-max-age: 600
vary: Origin
x-sfapi-requestid: aak9gjnmsUuc-TqmocZAqA
X-Firefox-Spdy: h2

chartwellfavdr.sf-api.com/sf/v3/Accounts?%24expand=Preferences%2CPreferences%2FAccountMessageCode%2CPreferences%2FDefaultZone%2CPreferences%2FIntegrationProviders%2CPreferences%2FTwoFactorSettings%2CAccountFeatures%2CUserUsage%2CDiskSpace%2CServices%2CSignupParams%2CBillingContact%2CEmailVerificationInfo

13.248.193.251

0 B

URL
chartwellfavdr.sf-api.com/sf/v3/Accounts?%24expand=Preferences%2CPreferences%2FAccountMessageCode%2CPreferences%2FDefaultZone%2CPreferences%2FIntegrationProviders%2CPreferences%2FTwoFactorSettings%2CAccountFeatures%2CUserUsage%2CDiskSpace%2CServices%2CSignupParams%2CBillingContact%2CEmailVerificationInfo
IP
13.248.193.251:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /sf/v3/Accounts?%24expand=Preferences%2CPreferences%2FAccountMessageCode%2CPreferences%2FDefaultZone%2CPreferences%2FIntegrationProviders%2CPreferences%2FTwoFactorSettings%2CAccountFeatures%2CUserUsage%2CDiskSpace%2CServices%2CSignupParams%2CBillingContact%2CEmailVerificationInfo HTTP/1.1
Host: chartwellfavdr.sf-api.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: correlationid,x-sf-app,x-sf-clientcapabilities
Origin: https://chartwellfavdr.securevdr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Fri, 10 Nov 2023 16:44:31 GMT
set-cookie: AWSALBTG=SkesjmBszuiWbpcGjskvyJEpC6PYGts5UHW50OuSXKrQtZT2wt2PD1oA8/6I1umNRdVObb87G51LTW3+VX0SY0e+uD5PKgvi90GvPFhr9tBaIl9ZvMOMbUvXF7lMP2RawSEGwaLAeMdx3ZqSQdJJkPUTuj6tMb76tMwhcvzrq2QU; Expires=Fri, 17 Nov 2023 16:44:31 GMT; Path=/
AWSALBTGCORS=SkesjmBszuiWbpcGjskvyJEpC6PYGts5UHW50OuSXKrQtZT2wt2PD1oA8/6I1umNRdVObb87G51LTW3+VX0SY0e+uD5PKgvi90GvPFhr9tBaIl9ZvMOMbUvXF7lMP2RawSEGwaLAeMdx3ZqSQdJJkPUTuj6tMb76tMwhcvzrq2QU; Expires=Fri, 17 Nov 2023 16:44:31 GMT; Path=/; SameSite=None; Secure
AWSALB=3QpuR7f3Y6sKL76eY41ZoFqcB0tSq+uVfQ+K2eM7iBSR3SXOpKxydgyOCmcbm3F7GpFy4qaOz45GAgTbhUn9ce2AXidqSL6QQbZ5HSHChlb/slLwblW361FgjGFd; Expires=Fri, 17 Nov 2023 16:44:31 GMT; Path=/
AWSALBCORS=3QpuR7f3Y6sKL76eY41ZoFqcB0tSq+uVfQ+K2eM7iBSR3SXOpKxydgyOCmcbm3F7GpFy4qaOz45GAgTbhUn9ce2AXidqSL6QQbZ5HSHChlb/slLwblW361FgjGFd; Expires=Fri, 17 Nov 2023 16:44:31 GMT; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Accept,Accept-Language,Authorization,Origin,X-HTTP-Method-Override,X-SF-App,X-SFAPI-Tool,X-SFAPI-ToolVersion,X-SF-CaptchaUserToken,X-SF-ClientCapabilities,X-SF-LimitedAuthId,CorrelationId
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://chartwellfavdr.securevdr.com
access-control-max-age: 600
vary: Origin
x-sfapi-requestid: fYSBo7gwU0emKGGWvrpslA
X-Firefox-Spdy: h2

events.launchdarkly.com/events/diagnostic/5f33f5d44f29ea099db90d2a

54.205.230.48

0 B

URL
events.launchdarkly.com/events/diagnostic/5f33f5d44f29ea099db90d2a
IP
54.205.230.48:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /events/diagnostic/5f33f5d44f29ea099db90d2a HTTP/1.1
Host: events.launchdarkly.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-launchdarkly-user-agent
Origin: https://chartwellfavdr.securevdr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Fri, 10 Nov 2023 16:44:31 GMT
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Date
access-control-max-age: 300
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/login?cmd=route&id=%252Fhome%252Ffindroute%252Ffoc187ba-44bb-424e-9679-408f0c34e5ea

13.248.193.251

302 Found

0 B

URL User Request GET HTTP/2
chartwellfavdr.securevdr.com/login?cmd=route&id=%252Fhome%252Ffindroute%252Ffoc187ba-44bb-424e-9679-408f0c34e5ea
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /login?cmd=route&id=%252Fhome%252Ffindroute%252Ffoc187ba-44bb-424e-9679-408f0c34e5ea HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/home/findroute/foc187ba-44bb-424e-9679-408f0c34e5ea
DNT: 1
Connection: keep-alive
Cookie: AWSALB=O6SydhnhCgJQvOodEEjFtILAmIp0oSxWHZ1HuoV3/F7dVOrTeYbaWdOubLJHG+SPE0I1YOfJs4yPInuMZxsK+9rbez+yaUb7GXv9niJWzEeLR0Xl8V+jLvYo4Xs5; AWSALBCORS=O6SydhnhCgJQvOodEEjFtILAmIp0oSxWHZ1HuoV3/F7dVOrTeYbaWdOubLJHG+SPE0I1YOfJs4yPInuMZxsK+9rbez+yaUb7GXv9niJWzEeLR0Xl8V+jLvYo4Xs5; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Fri, 10 Nov 2023 16:44:31 GMT
content-length: 0
location: https://auth.sharefile.io/connect/authorize?client_id=Dzi4UPUAg5l8beKdioecdcnmHUTWWln6&state=DObXsw_uUJH8IGtOcg1iiw--&acr_values=idp%3Asharefile%20tenant%3Achartwellfavdr&response_type=code&redirect_uri=https://chartwellfavdr.securevdr.com/login/oauthlogin&scope=sharefile%3Arestapi%3Av3%20sharefile%3Arestapi%3Av3-internal%20offline_access%20openid
set-cookie: AWSALBTG=hyoCjga6TTeW3o3U/f/MDFO+mwZrPnBgSV2jn31WGbksoL+lP+3emRgkDjNowcjDi4NQxboY2rVvPnfPdGf8No+xXmx+kgUbGDmiK4z8Zle5u5zDwg2cLRqLaP79QnfAWUyv/2NsxYXpnsAEvMUTBJF9v/AuhWTGuaYL0xaiyF3O; Expires=Fri, 17 Nov 2023 16:44:31 GMT; Path=/
AWSALBTGCORS=hyoCjga6TTeW3o3U/f/MDFO+mwZrPnBgSV2jn31WGbksoL+lP+3emRgkDjNowcjDi4NQxboY2rVvPnfPdGf8No+xXmx+kgUbGDmiK4z8Zle5u5zDwg2cLRqLaP79QnfAWUyv/2NsxYXpnsAEvMUTBJF9v/AuhWTGuaYL0xaiyF3O; Expires=Fri, 17 Nov 2023 16:44:31 GMT; Path=/; SameSite=None; Secure
AWSALB=FQ8qn6zcfll2E9Dol+8lenxN9o+WtYfMUH5r5KvOlTOHRUyvbLQ9ncrElq9ilONaJ1RkIJXd3ZUgLj3i1R+ae/zLtt4mtbUUL45WFUatp+Sd1OjzwNKVCravG6CW; Expires=Fri, 17 Nov 2023 16:44:31 GMT; Path=/
AWSALBCORS=FQ8qn6zcfll2E9Dol+8lenxN9o+WtYfMUH5r5KvOlTOHRUyvbLQ9ncrElq9ilONaJ1RkIJXd3ZUgLj3i1R+ae/zLtt4mtbUUL45WFUatp+Sd1OjzwNKVCravG6CW; Expires=Fri, 17 Nov 2023 16:44:31 GMT; Path=/; SameSite=None; Secure
SF_Subdomain=chartwellfavdr; domain=.securevdr.com; path=/; secure; httponly
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
expires: 0
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
x-frame-options: DENY
content-security-policy: style-src 'self' 'unsafe-inline' https://citrix-sharefile-content.customer.pendo.io https://citrix-sharefile-data.customer.pendo.io https://pendo-static-5352587489443840.storage.googleapis.com https://fonts.googleapis.com https://piletfeed-cdn.sharefile.io; script-src 'self' 'unsafe-inline' 'strict-dynamic'  'nonce-QNRmHa3Pd4XkillOrcjqeA==' https://request.eprotect.vantivcnp.com https://consent.trustarc.com https://www.gstatic.com/recaptcha/ https://citrix-sharefile-content.customer.pendo.io https://citrix-sharefile-data.customer.pendo.io https://pendo-static-5352587489443840.storage.googleapis.com https://maps.googleapis.com; frame-ancestors 'none'; report-uri /api/cspviolation
X-Firefox-Spdy: h2

auth.sharefile.io/connect/authorize?client_id=Dzi4UPUAg5l8beKdioecdcnmHUTWWln6&state=DObXsw_uUJH8IGtOcg1iiw--&acr_values=idp%3Asharefile%20tenant%3Achartwellfavdr&response_type=code&redirect_uri=https://chartwellfavdr.securevdr.com/login/oauthlogin&scope=sharefile%3Arestapi%3Av3%20sharefile%3Arestapi%3Av3-internal%20offline_access%20openid

3.230.100.127

302 Found

0 B

URL User Request GET HTTP/2
auth.sharefile.io/connect/authorize?client_id=Dzi4UPUAg5l8beKdioecdcnmHUTWWln6&state=DObXsw_uUJH8IGtOcg1iiw--&acr_values=idp%3Asharefile%20tenant%3Achartwellfavdr&response_type=code&redirect_uri=https://chartwellfavdr.securevdr.com/login/oauthlogin&scope=sharefile%3Arestapi%3Av3%20sharefile%3Arestapi%3Av3-internal%20offline_access%20openid
IP
3.230.100.127:443
ASN
#14618 AMAZON-AES

Certificate
IssuerAmazon
Subject*.sharefile.io
FingerprintB2:A1:47:D5:18:EF:2F:5F:4F:38:C0:BB:B2:06:E0:8F:71:30:FD:A1
ValidityWed, 08 Nov 2023 00:00:00 GMT - Sat, 07 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /connect/authorize?client_id=Dzi4UPUAg5l8beKdioecdcnmHUTWWln6&state=DObXsw_uUJH8IGtOcg1iiw--&acr_values=idp%3Asharefile%20tenant%3Achartwellfavdr&response_type=code&redirect_uri=https://chartwellfavdr.securevdr.com/login/oauthlogin&scope=sharefile%3Arestapi%3Av3%20sharefile%3Arestapi%3Av3-internal%20offline_access%20openid HTTP/1.1
Host: auth.sharefile.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 10 Nov 2023 16:44:31 GMT
content-length: 0
location: https://auth.sharefile.io/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DDzi4UPUAg5l8beKdioecdcnmHUTWWln6%26state%3DDObXsw_uUJH8IGtOcg1iiw--%26acr_values%3Didp%253Asharefile%2520tenant%253Achartwellfavdr%26response_type%3Dcode%26redirect_uri%3Dhttps%253A%252F%252Fchartwellfavdr.securevdr.com%252Flogin%252Foauthlogin%26scope%3Dsharefile%253Arestapi%253Av3%2520sharefile%253Arestapi%253Av3-internal%2520offline_access%2520openid
X-Firefox-Spdy: h2

auth.sharefile.io/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DDzi4UPUAg5l8beKdioecdcnmHUTWWln6%26state%3DDObXsw_uUJH8IGtOcg1iiw--%26acr_values%3Didp%253Asharefile%2520tenant%253Achartwellfavdr%26response_type%3Dcode%26redirect_uri%3Dhttps%253A%252F%252Fchartwellfavdr.securevdr.com%252Flogin%252Foauthlogin%26scope%3Dsharefile%253Arestapi%253Av3%2520sharefile%253Arestapi%253Av3-internal%2520offline_access%2520openid

3.230.100.127

302 Found

0 B

URL User Request GET HTTP/2
auth.sharefile.io/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DDzi4UPUAg5l8beKdioecdcnmHUTWWln6%26state%3DDObXsw_uUJH8IGtOcg1iiw--%26acr_values%3Didp%253Asharefile%2520tenant%253Achartwellfavdr%26response_type%3Dcode%26redirect_uri%3Dhttps%253A%252F%252Fchartwellfavdr.securevdr.com%252Flogin%252Foauthlogin%26scope%3Dsharefile%253Arestapi%253Av3%2520sharefile%253Arestapi%253Av3-internal%2520offline_access%2520openid
IP
3.230.100.127:443
ASN
#14618 AMAZON-AES

Certificate
IssuerAmazon
Subject*.sharefile.io
FingerprintB2:A1:47:D5:18:EF:2F:5F:4F:38:C0:BB:B2:06:E0:8F:71:30:FD:A1
ValidityWed, 08 Nov 2023 00:00:00 GMT - Sat, 07 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DDzi4UPUAg5l8beKdioecdcnmHUTWWln6%26state%3DDObXsw_uUJH8IGtOcg1iiw--%26acr_values%3Didp%253Asharefile%2520tenant%253Achartwellfavdr%26response_type%3Dcode%26redirect_uri%3Dhttps%253A%252F%252Fchartwellfavdr.securevdr.com%252Flogin%252Foauthlogin%26scope%3Dsharefile%253Arestapi%253Av3%2520sharefile%253Arestapi%253Av3-internal%2520offline_access%2520openid HTTP/1.1
Host: auth.sharefile.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Fri, 10 Nov 2023 16:44:31 GMT
content-length: 0
location: /ExternalLogin/Challenge?scheme=sharefile&returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DDzi4UPUAg5l8beKdioecdcnmHUTWWln6%26state%3DDObXsw_uUJH8IGtOcg1iiw--%26acr_values%3Didp%253Asharefile%2520tenant%253Achartwellfavdr%26response_type%3Dcode%26redirect_uri%3Dhttps%253A%252F%252Fchartwellfavdr.securevdr.com%252Flogin%252Foauthlogin%26scope%3Dsharefile%253Arestapi%253Av3%2520sharefile%253Arestapi%253Av3-internal%2520offline_access%2520openid&tenant=chartwellfavdr
X-Firefox-Spdy: h2

auth.sharefile.io/ExternalLogin/Challenge?scheme=sharefile&returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DDzi4UPUAg5l8beKdioecdcnmHUTWWln6%26state%3DDObXsw_uUJH8IGtOcg1iiw--%26acr_values%3Didp%253Asharefile%2520tenant%253Achartwellfavdr%26response_type%3Dcode%26redirect_uri%3Dhttps%253A%252F%252Fchartwellfavdr.securevdr.com%252Flogin%252Foauthlogin%26scope%3Dsharefile%253Arestapi%253Av3%2520sharefile%253Arestapi%253Av3-internal%2520offline_access%2520openid&tenant=chartwellfavdr

3.230.100.127

302 Found

0 B

URL User Request GET HTTP/2
auth.sharefile.io/ExternalLogin/Challenge?scheme=sharefile&returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DDzi4UPUAg5l8beKdioecdcnmHUTWWln6%26state%3DDObXsw_uUJH8IGtOcg1iiw--%26acr_values%3Didp%253Asharefile%2520tenant%253Achartwellfavdr%26response_type%3Dcode%26redirect_uri%3Dhttps%253A%252F%252Fchartwellfavdr.securevdr.com%252Flogin%252Foauthlogin%26scope%3Dsharefile%253Arestapi%253Av3%2520sharefile%253Arestapi%253Av3-internal%2520offline_access%2520openid&tenant=chartwellfavdr
IP
3.230.100.127:443
ASN
#14618 AMAZON-AES

Certificate
IssuerAmazon
Subject*.sharefile.io
FingerprintB2:A1:47:D5:18:EF:2F:5F:4F:38:C0:BB:B2:06:E0:8F:71:30:FD:A1
ValidityWed, 08 Nov 2023 00:00:00 GMT - Sat, 07 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ExternalLogin/Challenge?scheme=sharefile&returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DDzi4UPUAg5l8beKdioecdcnmHUTWWln6%26state%3DDObXsw_uUJH8IGtOcg1iiw--%26acr_values%3Didp%253Asharefile%2520tenant%253Achartwellfavdr%26response_type%3Dcode%26redirect_uri%3Dhttps%253A%252F%252Fchartwellfavdr.securevdr.com%252Flogin%252Foauthlogin%26scope%3Dsharefile%253Arestapi%253Av3%2520sharefile%253Arestapi%253Av3-internal%2520offline_access%2520openid&tenant=chartwellfavdr HTTP/1.1
Host: auth.sharefile.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Fri, 10 Nov 2023 16:44:32 GMT
content-length: 0
location: https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
set-cookie: .AspNetCore.Correlation.XtaX5BJEA_3OLvW0hkDIChZZdzEasfGwEp_iCbSezrU=N; expires=Fri, 10 Nov 2023 16:59:32 GMT; path=/signin-sharefile; secure; samesite=none; httponly
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/AuthUI/build/static/css/main.7632f4fc.css?v=pyxWcdGZuK_72PcDYsT_aGyV9Rf7Tx8v8TouKZd363o

13.248.193.251

200 OK

17 kB

URL GET HTTP/2
chartwellfavdr.securevdr.com/AuthUI/build/static/css/main.7632f4fc.css?v=pyxWcdGZuK_72PcDYsT_aGyV9Rf7Tx8v8TouKZd363o
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (16851)
Size
17 kB (16896 bytes)
Hash
be7709367f1688f7ea8bbcd097281102
4feaa3c876eada04bebfc540b9fe31201f059eb4
a72c5671d199b8affbd8f70362c4ff686c95f517fb4f1f2ff13a2e299777eb7a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /AuthUI/build/static/css/main.7632f4fc.css?v=pyxWcdGZuK_72PcDYsT_aGyV9Rf7Tx8v8TouKZd363o HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
DNT: 1
Connection: keep-alive
Cookie: AWSALB=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; AWSALBCORS=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72; AWSALBTG=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; AWSALBTGCORS=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; SF_Subdomain=chartwellfavdr
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:32 GMT
content-type: text/css
content-length: 16896
set-cookie: AWSALBTG=FC+ffcl6oXH+r3pZHPs+gk5BijUJHmjDbuNvuHVBFVvrXjZwST7hQ09/lcfW0UqXEBqBcE54PSjnTSeUzyxZqcfuiGZaMa2xcTHdAx+7AlX6Q8ziB2HVtksL8Do1Ma5JQh8NRp0xu5LxvdeNU4Ym2Mtsp+v3/WJ4FXdRiJRabEOf; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBTGCORS=FC+ffcl6oXH+r3pZHPs+gk5BijUJHmjDbuNvuHVBFVvrXjZwST7hQ09/lcfW0UqXEBqBcE54PSjnTSeUzyxZqcfuiGZaMa2xcTHdAx+7AlX6Q8ziB2HVtksL8Do1Ma5JQh8NRp0xu5LxvdeNU4Ym2Mtsp+v3/WJ4FXdRiJRabEOf; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
AWSALB=ZJreAjl6OVvI2lWI0MxBzjNg5abQulN/kbq5lWgmOVfT5K8ZijPUU/T3gPbS52GsmRS0bfY4iYDyCqUF6iwF99c0uSRFsmrfqEkbofIYKpfMHoM7Py521bh46UGa; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBCORS=ZJreAjl6OVvI2lWI0MxBzjNg5abQulN/kbq5lWgmOVfT5K8ZijPUU/T3gPbS52GsmRS0bfY4iYDyCqUF6iwF99c0uSRFsmrfqEkbofIYKpfMHoM7Py521bh46UGa; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f483f580"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/AuthUI/build/static/css/771.920fa75e.chunk.css?v=zgVUDoEhj_dPLb1x5NQ3SOxMxYPx8rFMefKxhT6uX6Q

13.248.193.251

200 OK

257 B

URL GET HTTP/2
chartwellfavdr.securevdr.com/AuthUI/build/static/css/771.920fa75e.chunk.css?v=zgVUDoEhj_dPLb1x5NQ3SOxMxYPx8rFMefKxhT6uX6Q
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
ASCII text
Size
257 B (257 bytes)
Hash
1b96b55630883ef2bed7b9e3af2ebe2b
1be42bf7a50dccf01dd1bf65d8e2a117bb4c3020
ce05540e81218ff74f2dbd71e4d43748ec4cc583f1f2b14c79f2b1853eae5fa4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /AuthUI/build/static/css/771.920fa75e.chunk.css?v=zgVUDoEhj_dPLb1x5NQ3SOxMxYPx8rFMefKxhT6uX6Q HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
DNT: 1
Connection: keep-alive
Cookie: AWSALB=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; AWSALBCORS=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72; AWSALBTG=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; AWSALBTGCORS=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; SF_Subdomain=chartwellfavdr
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:32 GMT
content-type: text/css
content-length: 257
set-cookie: AWSALBTG=Ce/FjIGsdu0KVU6+R9Yzvs/qPX3p9tGE46Av7Pb/UEbH0AwUB7mmf6tLC2uXVbkR/QLprGglRj5bdXAd+IC/+7LxphRkjEwLp4c4tXMUZXgoHtzJSjReVOZv7pyxUTNcqVAINJCr5QxNcfBr5qWBDFKosu/brPnVA7+SuZZjnwPB; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBTGCORS=Ce/FjIGsdu0KVU6+R9Yzvs/qPX3p9tGE46Av7Pb/UEbH0AwUB7mmf6tLC2uXVbkR/QLprGglRj5bdXAd+IC/+7LxphRkjEwLp4c4tXMUZXgoHtzJSjReVOZv7pyxUTNcqVAINJCr5QxNcfBr5qWBDFKosu/brPnVA7+SuZZjnwPB; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
AWSALB=VBk2OmIWV2eu4EsplhslO+CoBOfI7hfR4dICO0Uo32pimR8qKv+E2MqTIBq8p7Uq3O8GIE3mMYs3yoohkWb+JpzGojy2fx6JBBCr+zgvEMh4RUqfsJ+TBkzqRMAT; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBCORS=VBk2OmIWV2eu4EsplhslO+CoBOfI7hfR4dICO0Uo32pimR8qKv+E2MqTIBq8p7Uq3O8GIE3mMYs3yoohkWb+JpzGojy2fx6JBBCr+zgvEMh4RUqfsJ+TBkzqRMAT; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f483b681"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/AuthUI/build/static/js/124.a5f412cb.chunk.js?v=96OO1-vfmL8IWAHN7v9QMiF2XOqVWqF83J2FC9KNC5s

13.248.193.251

200 OK

25 kB

URL GET HTTP/2
chartwellfavdr.securevdr.com/AuthUI/build/static/js/124.a5f412cb.chunk.js?v=96OO1-vfmL8IWAHN7v9QMiF2XOqVWqF83J2FC9KNC5s
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (25146), with no line terminators
Size
25 kB (25146 bytes)
Hash
7d13272e58f25fc107fa6566c882d9c1
c8d51d8772e211ca04aba4edd9a6166b1188a62f
f7a38ed7ebdf98bf085801cdeeff503221765cea955aa17cdc9d850bd28d0b9b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /AuthUI/build/static/js/124.a5f412cb.chunk.js?v=96OO1-vfmL8IWAHN7v9QMiF2XOqVWqF83J2FC9KNC5s HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
DNT: 1
Connection: keep-alive
Cookie: AWSALB=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; AWSALBCORS=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72; AWSALBTG=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; AWSALBTGCORS=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; SF_Subdomain=chartwellfavdr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:32 GMT
content-type: application/javascript
content-length: 25146
set-cookie: AWSALBTG=62huBbY8zgWM8LQeSym499Iyab1s97hixsx3OGoLNkI6p+YNdt55DcAs9hV3pkAX1E3pEWwEnPVfqLaZV4TUROovA3cmuYrooBx79N4oxS/yjNymsMZgQNnlDafqfelsMBBPBnjiDnGrReVq/U40OJa03jMJf6iIXwthrfxC1A3u; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBTGCORS=62huBbY8zgWM8LQeSym499Iyab1s97hixsx3OGoLNkI6p+YNdt55DcAs9hV3pkAX1E3pEWwEnPVfqLaZV4TUROovA3cmuYrooBx79N4oxS/yjNymsMZgQNnlDafqfelsMBBPBnjiDnGrReVq/U40OJa03jMJf6iIXwthrfxC1A3u; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
AWSALB=MOUO4Pd1JH3jYICQSJoW+NxFKf2EuzGcVpdQhfyUWk4D763M+tUN23Q3XGTGzsKvqTYE1baJpVD6RZO6GW19nSgzYA7RG5I5tRR6DUUk0okckNTCCpU1KJvH+Xks; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBCORS=MOUO4Pd1JH3jYICQSJoW+NxFKf2EuzGcVpdQhfyUWk4D763M+tUN23Q3XGTGzsKvqTYE1baJpVD6RZO6GW19nSgzYA7RG5I5tRR6DUUk0okckNTCCpU1KJvH+Xks; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f483d5ba"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/AuthUI/build/static/js/270.61fb746c.chunk.js?v=dziHL9UfesuyMrHg1jgqDmfbumenyiePWBHRCL9pbXY

13.248.193.251

200 OK

26 kB

URL GET HTTP/2
chartwellfavdr.securevdr.com/AuthUI/build/static/js/270.61fb746c.chunk.js?v=dziHL9UfesuyMrHg1jgqDmfbumenyiePWBHRCL9pbXY
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (25860), with no line terminators
Size
26 kB (25860 bytes)
Hash
f90c984cfa3d6b6dee438ca23c4529cb
1a1e5972c286bef0039ddc8f4a6c8ed4374bdc49
7738872fd51f7acbb232b1e0d6382a0e67dbba67a7ca278f5811d108bf696d76

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /AuthUI/build/static/js/270.61fb746c.chunk.js?v=dziHL9UfesuyMrHg1jgqDmfbumenyiePWBHRCL9pbXY HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
DNT: 1
Connection: keep-alive
Cookie: AWSALB=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; AWSALBCORS=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72; AWSALBTG=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; AWSALBTGCORS=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; SF_Subdomain=chartwellfavdr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:32 GMT
content-type: application/javascript
content-length: 25860
set-cookie: AWSALBTG=kFuefeBxzjcBKHRO5zCCMUjOtu9ReXYjUpoz/dFW3nQw9wJ4xsU+3mw9BATdVq6cnD7sdeeNMMO93BMdbOz/Wy7HjWwp6IWczKkXY6kqAIuqV6dhAduA7aWGPEbb2g86iCdioDRyd3DEaMWEiwKDSXaUZUWiGPgJv5YQ5TjT5jBv; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBTGCORS=kFuefeBxzjcBKHRO5zCCMUjOtu9ReXYjUpoz/dFW3nQw9wJ4xsU+3mw9BATdVq6cnD7sdeeNMMO93BMdbOz/Wy7HjWwp6IWczKkXY6kqAIuqV6dhAduA7aWGPEbb2g86iCdioDRyd3DEaMWEiwKDSXaUZUWiGPgJv5YQ5TjT5jBv; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
AWSALB=9Yp6Ay6bRmn8pvzGJ7lOf4TKkNgGeMInb+J04xRgalLGBr6lnoyP+veP3Jk5GlVQ/G8/JEYLjmsalWfJRd/uOHJU0LyoKsZImeBWynbiB7tOhVW47gxjct8Ok2tb; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBCORS=9Yp6Ay6bRmn8pvzGJ7lOf4TKkNgGeMInb+J04xRgalLGBr6lnoyP+veP3Jk5GlVQ/G8/JEYLjmsalWfJRd/uOHJU0LyoKsZImeBWynbiB7tOhVW47gxjct8Ok2tb; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f483d284"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/AuthUI/build/static/js/258.9fe7f494.chunk.js?v=qkJYM3SAz8gTmIzYTSIWorGIlT9T5BkKrWIyyRL-MtY

13.248.193.251

200 OK

48 kB

URL GET HTTP/2
chartwellfavdr.securevdr.com/AuthUI/build/static/js/258.9fe7f494.chunk.js?v=qkJYM3SAz8gTmIzYTSIWorGIlT9T5BkKrWIyyRL-MtY
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (48544), with no line terminators
Size
48 kB (48544 bytes)
Hash
5f2ebf48082954adf2a45821462e5146
8919c74944d0f001bddae96b397e06f741a1e9de
aa4258337480cfc813988cd84d2216a2b188953f53e4190aad6232c912fe32d6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /AuthUI/build/static/js/258.9fe7f494.chunk.js?v=qkJYM3SAz8gTmIzYTSIWorGIlT9T5BkKrWIyyRL-MtY HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
DNT: 1
Connection: keep-alive
Cookie: AWSALB=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; AWSALBCORS=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72; AWSALBTG=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; AWSALBTGCORS=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; SF_Subdomain=chartwellfavdr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:32 GMT
content-type: application/javascript
content-length: 48544
set-cookie: AWSALBTG=KPqFpJCUu5RAN3KiX3UEo8CXjEGxahlrQnnTBq4ZHacPNCuq/oQsrnaAWVTPf8hLBTjs6+tWCEJ03/PmGTfHGXp/Zo8+K1q5B3TYaQOdc4WWO+xbrIVhMxs9Ic0x3EINDwSJIj/W3bA84YxFqOjfPJrxuOVx6JHFA02eupi7wv6Q; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBTGCORS=KPqFpJCUu5RAN3KiX3UEo8CXjEGxahlrQnnTBq4ZHacPNCuq/oQsrnaAWVTPf8hLBTjs6+tWCEJ03/PmGTfHGXp/Zo8+K1q5B3TYaQOdc4WWO+xbrIVhMxs9Ic0x3EINDwSJIj/W3bA84YxFqOjfPJrxuOVx6JHFA02eupi7wv6Q; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
AWSALB=M/GGfpzklBbEWeMdzknd4oFJEAkD3s5+8mddXx/7rthkH2GklSo7OsUEjxgsdp/jCltjOWr5Fmlw+5VCLsSbSczf2ins50mPvws9IhU7succju7aQcEfwgrp/2Hj; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBCORS=M/GGfpzklBbEWeMdzknd4oFJEAkD3s5+8mddXx/7rthkH2GklSo7OsUEjxgsdp/jCltjOWr5Fmlw+5VCLsSbSczf2ins50mPvws9IhU7succju7aQcEfwgrp/2Hj; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f4830a20"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/AuthUI/build/static/js/252.f74271a1.chunk.js?v=uMVv4HJsPFMWWSD7SdzfSfE7xDXvVGRhxSmIGlJseEA

13.248.193.251

200 OK

40 kB

URL GET HTTP/2
chartwellfavdr.securevdr.com/AuthUI/build/static/js/252.f74271a1.chunk.js?v=uMVv4HJsPFMWWSD7SdzfSfE7xDXvVGRhxSmIGlJseEA
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (40127), with no line terminators
Size
40 kB (40127 bytes)
Hash
640a2a872096db6811450a28a5c493aa
899ce2578fdb7ca4e3736c8d4f8c79e948120706
b8c56fe0726c3c53165920fb49dcdf49f13bc435ef546461c529881a526c7840

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /AuthUI/build/static/js/252.f74271a1.chunk.js?v=uMVv4HJsPFMWWSD7SdzfSfE7xDXvVGRhxSmIGlJseEA HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
DNT: 1
Connection: keep-alive
Cookie: AWSALB=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; AWSALBCORS=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72; AWSALBTG=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; AWSALBTGCORS=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; SF_Subdomain=chartwellfavdr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:32 GMT
content-type: application/javascript
content-length: 40127
set-cookie: AWSALBTG=Sf9MW3uuru+jhne/ZBut+snH9TPdu9eIwUBoW6NuzexU+fzY92Dis40SFQkgj6Yx+S/emW0qWMTooIWh6voN2NbavlP+d0EoSgU2ppkQJmFfTED70wdhuYQEjTHLcTMU5In01p0zHwNLZxQ4A7h+1kttkg/dZ/+F8dRwwgxrfs7V; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBTGCORS=Sf9MW3uuru+jhne/ZBut+snH9TPdu9eIwUBoW6NuzexU+fzY92Dis40SFQkgj6Yx+S/emW0qWMTooIWh6voN2NbavlP+d0EoSgU2ppkQJmFfTED70wdhuYQEjTHLcTMU5In01p0zHwNLZxQ4A7h+1kttkg/dZ/+F8dRwwgxrfs7V; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
AWSALB=dpfwPK6ysH00WqtOn7mYVR6d0Avg+LVUk8e73kiYGm7KmSSDkjOyKgi5ipzGVRX6dsBd6YYJzpM9Q2C5o3pD45R5TZZxI6sF90A8YAIKruhH3f+IYVs1y2vAvLDa; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBCORS=dpfwPK6ysH00WqtOn7mYVR6d0Avg+LVUk8e73kiYGm7KmSSDkjOyKgi5ipzGVRX6dsBd6YYJzpM9Q2C5o3pD45R5TZZxI6sF90A8YAIKruhH3f+IYVs1y2vAvLDa; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f4832b3f"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/AuthUI/build/static/js/32.e601914c.chunk.js?v=EOyOS50wMNU8G3Q73ZDv8Z_8jQja0Xm9yj_zYtSFaQ0

13.248.193.251

200 OK

25 kB

URL GET HTTP/2
chartwellfavdr.securevdr.com/AuthUI/build/static/js/32.e601914c.chunk.js?v=EOyOS50wMNU8G3Q73ZDv8Z_8jQja0Xm9yj_zYtSFaQ0
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (24633), with no line terminators
Size
25 kB (24633 bytes)
Hash
3310912d906d1dd866862ea65e9c06f6
7c2aa310b3be50b83e577b9ea4015e3d179d638f
10ec8e4b9d3030d53c1b743bdd90eff19ffc8d08dad179bdca3ff362d485690d

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /AuthUI/build/static/js/32.e601914c.chunk.js?v=EOyOS50wMNU8G3Q73ZDv8Z_8jQja0Xm9yj_zYtSFaQ0 HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
DNT: 1
Connection: keep-alive
Cookie: AWSALB=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; AWSALBCORS=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72; AWSALBTG=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; AWSALBTGCORS=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; SF_Subdomain=chartwellfavdr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:32 GMT
content-type: application/javascript
content-length: 24633
set-cookie: AWSALBTG=uOXffEToFx3/WlHEDpzVpBnv8UjUa0g79Tz2ckQ9WGLd03yONbzyicDFdVpqnBaN5fLZ4+spw0PbhT1DJmykhv222ob4sSQgbO3VLxJGU2/7aoFiW0B7CcPSpaFGFCxoHrFfnPfQSTy+rcAIDp47ptrjg6vHTjMVJXuBKD/ve/Zc; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBTGCORS=uOXffEToFx3/WlHEDpzVpBnv8UjUa0g79Tz2ckQ9WGLd03yONbzyicDFdVpqnBaN5fLZ4+spw0PbhT1DJmykhv222ob4sSQgbO3VLxJGU2/7aoFiW0B7CcPSpaFGFCxoHrFfnPfQSTy+rcAIDp47ptrjg6vHTjMVJXuBKD/ve/Zc; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
AWSALB=BHUEK6EfJ/VVXAtuPyqGUPin8nPdipOjMpJqr+g9AR0EVTVs89xwNxO14ca+nGhRKKFHAFvgcAzSEA/AKW/TeIwApyE1h3pTcOvVXnL4eXqEYvZ1b8Vyspt3ExQi; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBCORS=BHUEK6EfJ/VVXAtuPyqGUPin8nPdipOjMpJqr+g9AR0EVTVs89xwNxO14ca+nGhRKKFHAFvgcAzSEA/AKW/TeIwApyE1h3pTcOvVXnL4eXqEYvZ1b8Vyspt3ExQi; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f483d7b9"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/AuthUI/build/static/js/599.288c8f29.chunk.js?v=vcYfSBtn9vBiPCaCrQu9EJbHRKTrJaD6y26x0fb2XIU

13.248.193.251

200 OK

35 kB

URL GET HTTP/2
chartwellfavdr.securevdr.com/AuthUI/build/static/js/599.288c8f29.chunk.js?v=vcYfSBtn9vBiPCaCrQu9EJbHRKTrJaD6y26x0fb2XIU
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (34774), with no line terminators
Size
35 kB (34774 bytes)
Hash
7f262a9306e11adacf6999f8c46ed6d3
2bf8957932ccb554b9e6e54e97dc2775db3db648
bdc61f481b67f6f0623c2682ad0bbd1096c744a4eb25a0facb6eb1d1f6f65c85

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /AuthUI/build/static/js/599.288c8f29.chunk.js?v=vcYfSBtn9vBiPCaCrQu9EJbHRKTrJaD6y26x0fb2XIU HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
DNT: 1
Connection: keep-alive
Cookie: AWSALB=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; AWSALBCORS=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72; AWSALBTG=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; AWSALBTGCORS=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; SF_Subdomain=chartwellfavdr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:32 GMT
content-type: application/javascript
content-length: 34774
set-cookie: AWSALBTG=rS/rmHHJ5FVmxpfDZCcQhd93DvRah29eF1slcUzQ2y/KnNbDPINL6H/hq3WKGlqIeCdA/lv4NE50e6iicTcgP5jN9MBreefwzqalgWkOdMJCVqDEcdDTjAhqhkiO1EK1PXCZYdSCcbIVvs8iPqu6GVAEfa4ZJFS/9FYSkLbCzGbh; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBTGCORS=rS/rmHHJ5FVmxpfDZCcQhd93DvRah29eF1slcUzQ2y/KnNbDPINL6H/hq3WKGlqIeCdA/lv4NE50e6iicTcgP5jN9MBreefwzqalgWkOdMJCVqDEcdDTjAhqhkiO1EK1PXCZYdSCcbIVvs8iPqu6GVAEfa4ZJFS/9FYSkLbCzGbh; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
AWSALB=HhHU8tcTSoLZwvelpQeCQFglrYwYK9fSd4rCwbcdSDlIhHu8/kQfJQe3I54s7UzeWapRxFcXMxLRBNeMHDFzoIDU0OD3W0dqokd/ZcAUvwtv7l24rPpOel6xLXCA; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBCORS=HhHU8tcTSoLZwvelpQeCQFglrYwYK9fSd4rCwbcdSDlIhHu8/kQfJQe3I54s7UzeWapRxFcXMxLRBNeMHDFzoIDU0OD3W0dqokd/ZcAUvwtv7l24rPpOel6xLXCA; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f4833056"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/AuthUI/build/static/js/619.2c2d0d34.chunk.js?v=kyf-PrNXmd-6M3R1w5-2FJ-97RnkDw8n8FsWCJvAclM

13.248.193.251

200 OK

26 kB

URL GET HTTP/2
chartwellfavdr.securevdr.com/AuthUI/build/static/js/619.2c2d0d34.chunk.js?v=kyf-PrNXmd-6M3R1w5-2FJ-97RnkDw8n8FsWCJvAclM
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (25501), with no line terminators
Size
26 kB (25501 bytes)
Hash
7447c03dc503bdbc1bbb2d992b83c721
6ae9acb86c98b82fda2132b496498d5235d1c5fd
9327fe3eb35799dfba337475c39fb6149fbded19e40f0f27f05b16089bc07253

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /AuthUI/build/static/js/619.2c2d0d34.chunk.js?v=kyf-PrNXmd-6M3R1w5-2FJ-97RnkDw8n8FsWCJvAclM HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
DNT: 1
Connection: keep-alive
Cookie: AWSALB=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; AWSALBCORS=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72; AWSALBTG=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; AWSALBTGCORS=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; SF_Subdomain=chartwellfavdr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:32 GMT
content-type: application/javascript
content-length: 25501
set-cookie: AWSALBTG=7eFNhIWDZXAw9hN2GzG+VS3OPZ/m8bmKEahrVNmUCWjJ9E2Rs3si84RAnx/J9c27qfBNL2AFWBKSDgFscpJL4OwTrNWnqC1s8hi3CusLp3AZ9w1iKKk4QyAsCNiiqU46Slu6iR6MookHXsCUm2bTjcoJljghWv7vS/uq7zUmf5I2; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBTGCORS=7eFNhIWDZXAw9hN2GzG+VS3OPZ/m8bmKEahrVNmUCWjJ9E2Rs3si84RAnx/J9c27qfBNL2AFWBKSDgFscpJL4OwTrNWnqC1s8hi3CusLp3AZ9w1iKKk4QyAsCNiiqU46Slu6iR6MookHXsCUm2bTjcoJljghWv7vS/uq7zUmf5I2; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
AWSALB=V1Da5Ff0/XyYW1muxn9hc+Kn9NdOLhw63HOGrYtgl0x+aKg5KuV4ndET2McIGG4q+shCOHVxYJ1Dy7XMloTs2IxcEA5nl+hXrpBfXH2irxPPsqHb8M9s2/1HrJS0; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBCORS=V1Da5Ff0/XyYW1muxn9hc+Kn9NdOLhw63HOGrYtgl0x+aKg5KuV4ndET2McIGG4q+shCOHVxYJ1Dy7XMloTs2IxcEA5nl+hXrpBfXH2irxPPsqHb8M9s2/1HrJS0; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f483d41d"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-conversations-pilet/1.15.0/package/dist/index.js

54.230.111.68

226 kB

URL
piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-conversations-pilet/1.15.0/package/dist/index.js
IP
54.230.111.68:0
ASN
#16509 AMAZON-02

File type
gzip compressed data, from Unix\012- data
Size
226 kB (225495 bytes)
Hash
2ce43abd1facf2c9a33b283096f8745e
77cd5ce08fdd07394b6cab9598532209a87fee74
5e181e1e1677dbb831482d5a77df23d1e5b160aa4be14ec7ee74c6da06af9518

HTTP Headers

GET /sharefile-web/sharefiledev-conversations-pilet/1.15.0/package/dist/index.js HTTP/1.1
Host: piletfeed-cdn.sharefile.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://chartwellfavdr.securevdr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/x-javascript
last-modified: Fri, 27 Oct 2023 16:44:56 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Fri, 10 Nov 2023 06:27:44 GMT
etag: W/"6da32a66a3655ce0970731b206e64713"
x-cache: Hit from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _fTVKOxznX-2_VnMoysATf5eKGxFCTUrvqofFWKBm_ebN9F37dSFVg==
age: 52205
access-control-allow-origin: https://chartwellfavdr.securevdr.com
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/AuthUI/build/static/js/658.7d9c3b6f.chunk.js?v=q8K9C-6S9AydAfHdZZDLIo6ozjjxsViHdZo-nsxXuOM

13.248.193.251

200 OK

26 kB

URL GET HTTP/2
chartwellfavdr.securevdr.com/AuthUI/build/static/js/658.7d9c3b6f.chunk.js?v=q8K9C-6S9AydAfHdZZDLIo6ozjjxsViHdZo-nsxXuOM
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (26400), with no line terminators
Size
26 kB (26400 bytes)
Hash
6a115004753430b782a32781d4adcfef
76cf81af930cd29b532cd03844ee6410433fa7ce
abc2bd0bee92f40c9d01f1dd6590cb228ea8ce38f1b15887759a3e9ecc57b8e3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /AuthUI/build/static/js/658.7d9c3b6f.chunk.js?v=q8K9C-6S9AydAfHdZZDLIo6ozjjxsViHdZo-nsxXuOM HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
DNT: 1
Connection: keep-alive
Cookie: AWSALB=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; AWSALBCORS=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72; AWSALBTG=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; AWSALBTGCORS=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; SF_Subdomain=chartwellfavdr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:32 GMT
content-type: application/javascript
content-length: 26400
set-cookie: AWSALBTG=eiP9Du+kNP1x/mwd1CX0mGPnexhNmZ2eQ4kMJYy55/bGiXu8G/QB99XdsqUpc+u+7U8sa1vU76MtdfygflKHC/dbygYYjAwmTT+Dh0p1JqMXTw2QfpNbr+tomEkEt2mGncKtv6nCDFxRQvkNAbPlH501GxZxeBzOTPhZDZmJ/ZFo; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBTGCORS=eiP9Du+kNP1x/mwd1CX0mGPnexhNmZ2eQ4kMJYy55/bGiXu8G/QB99XdsqUpc+u+7U8sa1vU76MtdfygflKHC/dbygYYjAwmTT+Dh0p1JqMXTw2QfpNbr+tomEkEt2mGncKtv6nCDFxRQvkNAbPlH501GxZxeBzOTPhZDZmJ/ZFo; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
AWSALB=e8VTXhpHQYs6PNe5nH5vjdAfWnwKXHvTwHhikFP8xv6n103+1JUHiydYu9pFqGD+2NXDdan1EfH0jZNwt6FXYwzwVErLbIwk4eDmBXMpnCjlPRJMkTJ0ZLXh4zpn; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBCORS=e8VTXhpHQYs6PNe5nH5vjdAfWnwKXHvTwHhikFP8xv6n103+1JUHiydYu9pFqGD+2NXDdan1EfH0jZNwt6FXYwzwVErLbIwk4eDmBXMpnCjlPRJMkTJ0ZLXh4zpn; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f483d0a0"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/AuthUI/build/static/js/787.670bc603.chunk.js?v=BiFKq3qpMFWIoP7RxxIQPSs0sf02kf6bFGIM-K6ERkA

13.248.193.251

200 OK

4.6 kB

URL GET HTTP/2
chartwellfavdr.securevdr.com/AuthUI/build/static/js/787.670bc603.chunk.js?v=BiFKq3qpMFWIoP7RxxIQPSs0sf02kf6bFGIM-K6ERkA
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (4552)
Size
4.6 kB (4599 bytes)
Hash
bf494c81cc24bb8ec83bac235e392bd4
95c527e08c8278074a4873a727ec31a886ce8888
06214aab7aa9305588a0fed1c712103d2b34b1fd3691fe9b14620cf8ae844640

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /AuthUI/build/static/js/787.670bc603.chunk.js?v=BiFKq3qpMFWIoP7RxxIQPSs0sf02kf6bFGIM-K6ERkA HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
DNT: 1
Connection: keep-alive
Cookie: AWSALB=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; AWSALBCORS=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72; AWSALBTG=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; AWSALBTGCORS=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; SF_Subdomain=chartwellfavdr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:32 GMT
content-type: application/javascript
content-length: 4599
set-cookie: AWSALBTG=NS3d8MwaNnvJiPaOa2zuO8WR/DIfJkVZJ2+jz/5qPxUBa17gdR/FK+XUfs5e49n8l12M0KYoM5ao7DjEnaM1iH54KlxCcozhrnMC6TxNRaBiF22CMrOSIRNSP4i3x8oBpvaiSAi+CPl21x04DEGVTSMZRqQ4D98srE3Z/9S3CYBv; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBTGCORS=NS3d8MwaNnvJiPaOa2zuO8WR/DIfJkVZJ2+jz/5qPxUBa17gdR/FK+XUfs5e49n8l12M0KYoM5ao7DjEnaM1iH54KlxCcozhrnMC6TxNRaBiF22CMrOSIRNSP4i3x8oBpvaiSAi+CPl21x04DEGVTSMZRqQ4D98srE3Z/9S3CYBv; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
AWSALB=5g7CVWnPqIWeLMZjDLFEC2T90zIRzv5M+zgeiIoNVkGTxodynDjWixSeWMjZ5zZzO84IUHVAeI1NExKNvBs+J+Bp9G3kQsyGVqdNhlGUgDyQRyy9Jwtlz1pi2paK; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBCORS=5g7CVWnPqIWeLMZjDLFEC2T90zIRzv5M+zgeiIoNVkGTxodynDjWixSeWMjZ5zZzO84IUHVAeI1NExKNvBs+J+Bp9G3kQsyGVqdNhlGUgDyQRyy9Jwtlz1pi2paK; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f483a677"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-integrations-pilet/0.0.66/package/dist/index.js

54.230.111.68

299 kB

URL
piletfeed-cdn.sharefile.io/sharefile-web/sharefiledev-integrations-pilet/0.0.66/package/dist/index.js
IP
54.230.111.68:0
ASN
#16509 AMAZON-02

File type
gzip compressed data, from Unix\012- data
Size
299 kB (298680 bytes)
Hash
ff44ee746684a97266ea6b3c3c0c0ed4
565bc64636665afbb8b55c524b40d0217758ac7d
92674b5f0863ed7972911899d83f2e0d3a33c62f322a09f9dac22e75d1203be2

HTTP Headers

GET /sharefile-web/sharefiledev-integrations-pilet/0.0.66/package/dist/index.js HTTP/1.1
Host: piletfeed-cdn.sharefile.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://chartwellfavdr.securevdr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/x-javascript
last-modified: Sat, 04 Nov 2023 00:48:55 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Fri, 10 Nov 2023 02:56:10 GMT
etag: W/"9effaf7462c99b6df96587b345becc07"
x-cache: Hit from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: a2DteMAIZGs3eQELe7trkylfKejrC3JSLEHM1neHn19D6NVsGe8uEg==
age: 49982
access-control-allow-origin: https://chartwellfavdr.securevdr.com
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/AuthUI/build/static/js/main.00f56014.js?v=cO3cHVLcbt7fCxdJ2xr4uE2tt-Qw1k8IZrscvB-6C9w

13.248.193.251

200 OK

909 kB

URL GET HTTP/2
chartwellfavdr.securevdr.com/AuthUI/build/static/js/main.00f56014.js?v=cO3cHVLcbt7fCxdJ2xr4uE2tt-Qw1k8IZrscvB-6C9w
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65465)
Size
909 kB (909321 bytes)
Hash
3c3bbbbc4c63b0979330a12c806bc4cb
a64d58890f9ce135284d1df7bd652c9eeb3a80e4
70eddc1d52dc6ededf0b1749db1af8b84dadb7e430d64f0866bb1cbc1fba0bdc

HTTP Headers

GET /AuthUI/build/static/js/main.00f56014.js?v=cO3cHVLcbt7fCxdJ2xr4uE2tt-Qw1k8IZrscvB-6C9w HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
DNT: 1
Connection: keep-alive
Cookie: AWSALB=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; AWSALBCORS=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72; AWSALBTG=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; AWSALBTGCORS=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; SF_Subdomain=chartwellfavdr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:32 GMT
content-type: application/javascript
content-length: 909321
set-cookie: AWSALBTG=ZMZhOmik9+fxT6urxToecBcK4w9D8Kv1adbG/4g5gSsqKftJ1iXeANfdbaadyjF6RsyUtNnZtzzt99Usrab2L8l+5oFdVAMySfTSMCY9yf1pBsLKFyM+bE0l6hz0IvMrhqeJ2FqDMpJFtiDStjM4aNje1IFgjXLuRZ8CljFQYfwS; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBTGCORS=ZMZhOmik9+fxT6urxToecBcK4w9D8Kv1adbG/4g5gSsqKftJ1iXeANfdbaadyjF6RsyUtNnZtzzt99Usrab2L8l+5oFdVAMySfTSMCY9yf1pBsLKFyM+bE0l6hz0IvMrhqeJ2FqDMpJFtiDStjM4aNje1IFgjXLuRZ8CljFQYfwS; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
AWSALB=JZ6NBzK4Q8CPUDHif6Tsi/fHEG9p2sEPlEDjtcRv50WPUAorBY0M8bxWZIUSpQrc0gUpQBOLv6346r5CQAdV+NcCav3KjD+BYUL6IPZ0MCOBp2RFMcNf4KYMmpt6; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBCORS=JZ6NBzK4Q8CPUDHif6Tsi/fHEG9p2sEPlEDjtcRv50WPUAorBY0M8bxWZIUSpQrc0gUpQBOLv6346r5CQAdV+NcCav3KjD+BYUL6IPZ0MCOBp2RFMcNf4KYMmpt6; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f48e5789"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/AuthUI/build/static/js/757.1dc93063.chunk.js?v=adK2jcX_vD965aZh50RvY4vm2qPBdYq2uUAGyepO9oA

13.248.193.251

200 OK

27 kB

URL GET HTTP/2
chartwellfavdr.securevdr.com/AuthUI/build/static/js/757.1dc93063.chunk.js?v=adK2jcX_vD965aZh50RvY4vm2qPBdYq2uUAGyepO9oA
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (27374), with no line terminators
Size
27 kB (27374 bytes)
Hash
b4f766e9cc499605c25c99116d2e917a
af02225085d031bb623027ee38f6a69aafd65384
69d2b68dc5ffbc3f7ae5a661e7446f638be6daa3c1758ab6b94006c9ea4ef680

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /AuthUI/build/static/js/757.1dc93063.chunk.js?v=adK2jcX_vD965aZh50RvY4vm2qPBdYq2uUAGyepO9oA HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
DNT: 1
Connection: keep-alive
Cookie: AWSALB=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; AWSALBCORS=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72; AWSALBTG=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; AWSALBTGCORS=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; SF_Subdomain=chartwellfavdr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:32 GMT
content-type: application/javascript
content-length: 27374
set-cookie: AWSALBTG=BJr5sBLN/snChbzvFwBP0spfUfoqncJO2wemboBEI0KcXMSe2t5+O30onpY5O8cFNx7G6luo7I4AU1Pw6zBO+ZagpVidKoH5f0izRtl0Epo3dsuEbv3wbsokI0AM3xvXGNnPu/g5A42lwpzAxGQNFl8KDTmpwPL2uU3mtltlm7g4; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBTGCORS=BJr5sBLN/snChbzvFwBP0spfUfoqncJO2wemboBEI0KcXMSe2t5+O30onpY5O8cFNx7G6luo7I4AU1Pw6zBO+ZagpVidKoH5f0izRtl0Epo3dsuEbv3wbsokI0AM3xvXGNnPu/g5A42lwpzAxGQNFl8KDTmpwPL2uU3mtltlm7g4; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
AWSALB=JpoLWRbJynEOGXTk2M2m6FPBeISYtuEQmA2S/ZehtTV1ueWpVHYmVuYQkSBhtfIBuD7CigoXLq1w9PehatXADwiNA5w4wMXjRWMLb3EBqDJkQoTfvkM3vkLN8+qF; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBCORS=JpoLWRbJynEOGXTk2M2m6FPBeISYtuEQmA2S/ZehtTV1ueWpVHYmVuYQkSBhtfIBuD7CigoXLq1w9PehatXADwiNA5w4wMXjRWMLb3EBqDJkQoTfvkM3vkLN8+qF; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f483dd6e"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/AuthUI/build/static/js/726.b30a96e3.chunk.js?v=ky0qRD1OlxknbNEfITIzE6kTRa-vv9cX-JlI11lNGH4

13.248.193.251

200 OK

23 kB

URL GET HTTP/2
chartwellfavdr.securevdr.com/AuthUI/build/static/js/726.b30a96e3.chunk.js?v=ky0qRD1OlxknbNEfITIzE6kTRa-vv9cX-JlI11lNGH4
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (23214), with no line terminators
Size
23 kB (23214 bytes)
Hash
798ceea97025e933d604a127697939ef
f63d98843faff32a1c8aed2dad704960bc1a727c
932d2a443d4e9719276cd11f21323313a91345afafbfd717f89948d7594d187e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /AuthUI/build/static/js/726.b30a96e3.chunk.js?v=ky0qRD1OlxknbNEfITIzE6kTRa-vv9cX-JlI11lNGH4 HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
DNT: 1
Connection: keep-alive
Cookie: AWSALB=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; AWSALBCORS=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72; AWSALBTG=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; AWSALBTGCORS=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; SF_Subdomain=chartwellfavdr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:32 GMT
content-type: application/javascript
content-length: 23214
set-cookie: AWSALBTG=9dLJsP9vsWgZBRHc8dDG9yL59lW3YkRSku5uC1HHGxs/ajLn9LMi8ctBUrGdw7ZPG/3duygtceviMWqB3MAsqU7Hkt6k4vWqdv1njBkIRzmB9FjsuMjS0CeZUOo61FjJYadpAY/Ma4w1tElnJqHhosm92zFdl0+VnrlUMXaJDnhp; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBTGCORS=9dLJsP9vsWgZBRHc8dDG9yL59lW3YkRSku5uC1HHGxs/ajLn9LMi8ctBUrGdw7ZPG/3duygtceviMWqB3MAsqU7Hkt6k4vWqdv1njBkIRzmB9FjsuMjS0CeZUOo61FjJYadpAY/Ma4w1tElnJqHhosm92zFdl0+VnrlUMXaJDnhp; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
AWSALB=RFgf5Dx6rWUL1vnSBj+c10kbtiqcyK7HUashXtoJtzutjXOg+NzyKZG/RBfrToE+1YYCfK2TL6ZxcHagBAcmBXod2LYcKmt18aorIfueb21AG9Zc5G0lEqF6FftY; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBCORS=RFgf5Dx6rWUL1vnSBj+c10kbtiqcyK7HUashXtoJtzutjXOg+NzyKZG/RBfrToE+1YYCfK2TL6ZxcHagBAcmBXod2LYcKmt18aorIfueb21AG9Zc5G0lEqF6FftY; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f483ed2e"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/AuthUI/build/static/media/PublicSans-Regular.e86d2642f412b9493b14.woff2

13.248.193.251

200 OK

32 kB

URL GET HTTP/2
chartwellfavdr.securevdr.com/AuthUI/build/static/media/PublicSans-Regular.e86d2642f412b9493b14.woff2
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 32548, version 1.0\012- data
Size
32 kB (32548 bytes)
Hash
96ca2a24c1787dd7f2d08e4a01df959c
93baedc58d1dd21188fe6da8a059df9872beeaa0
bea988eeadc7c0ddf9644c2dce7efb35f1767eac0187c0967f8a2567473cbbfe

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /AuthUI/build/static/media/PublicSans-Regular.e86d2642f412b9493b14.woff2 HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://chartwellfavdr.securevdr.com/AuthUI/build/static/css/main.7632f4fc.css?v=pyxWcdGZuK_72PcDYsT_aGyV9Rf7Tx8v8TouKZd363o
DNT: 1
Connection: keep-alive
Cookie: AWSALB=dpfwPK6ysH00WqtOn7mYVR6d0Avg+LVUk8e73kiYGm7KmSSDkjOyKgi5ipzGVRX6dsBd6YYJzpM9Q2C5o3pD45R5TZZxI6sF90A8YAIKruhH3f+IYVs1y2vAvLDa; AWSALBCORS=dpfwPK6ysH00WqtOn7mYVR6d0Avg+LVUk8e73kiYGm7KmSSDkjOyKgi5ipzGVRX6dsBd6YYJzpM9Q2C5o3pD45R5TZZxI6sF90A8YAIKruhH3f+IYVs1y2vAvLDa; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72; AWSALBTG=Sf9MW3uuru+jhne/ZBut+snH9TPdu9eIwUBoW6NuzexU+fzY92Dis40SFQkgj6Yx+S/emW0qWMTooIWh6voN2NbavlP+d0EoSgU2ppkQJmFfTED70wdhuYQEjTHLcTMU5In01p0zHwNLZxQ4A7h+1kttkg/dZ/+F8dRwwgxrfs7V; AWSALBTGCORS=Sf9MW3uuru+jhne/ZBut+snH9TPdu9eIwUBoW6NuzexU+fzY92Dis40SFQkgj6Yx+S/emW0qWMTooIWh6voN2NbavlP+d0EoSgU2ppkQJmFfTED70wdhuYQEjTHLcTMU5In01p0zHwNLZxQ4A7h+1kttkg/dZ/+F8dRwwgxrfs7V; SF_Subdomain=chartwellfavdr
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:32 GMT
content-type: font/woff2
content-length: 32548
set-cookie: AWSALBTG=vCogJhvFRsFMnwIrpESpb6JCVURSA98V1HEQwmURXHjsx90Up92MrRadWGfXHuK7vJOF4UVrecme2IkTUXrqEKdQAOTpFIvKjTtAtLsXncOX65VL6qDhUemQ4g77wOT7cQHmTOJD3BR3akkXD5KcSpvDZqwk/2tBUc0rcOmZ/x+U; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBTGCORS=vCogJhvFRsFMnwIrpESpb6JCVURSA98V1HEQwmURXHjsx90Up92MrRadWGfXHuK7vJOF4UVrecme2IkTUXrqEKdQAOTpFIvKjTtAtLsXncOX65VL6qDhUemQ4g77wOT7cQHmTOJD3BR3akkXD5KcSpvDZqwk/2tBUc0rcOmZ/x+U; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
AWSALB=w5OFjj7YZW9ox5h2o6Sz3ZKyq0A3Q2Gv3qZvU18PwoJtJXlS7fhpw6ZhBE36i21V9BsPSbx/ykT8chZD+YdZ/I24AgiEbDrDBBVbG3lXHKjiP7JpBXdkX3c1jacu; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBCORS=w5OFjj7YZW9ox5h2o6Sz3ZKyq0A3Q2Gv3qZvU18PwoJtJXlS7fhpw6ZhBE36i21V9BsPSbx/ykT8chZD+YdZ/I24AgiEbDrDBBVbG3lXHKjiP7JpBXdkX3c1jacu; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f483c8a4"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

citrix-sharefile-content.customer.pendo.io/agent/static/74b07336-7560-45fc-7cd1-95032a784d52/pendo.js

34.107.168.21

200 OK

149 kB

URL GET HTTP/3
citrix-sharefile-content.customer.pendo.io/agent/static/74b07336-7560-45fc-7cd1-95032a784d52/pendo.js
IP
34.107.168.21:443
ASN
#15169 GOOGLE

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerGoogle Trust Services LLC
Subjectcitrix-sharefile-content.customer.pendo.io
Fingerprint39:58:BF:FF:8A:88:70:89:25:D9:EA:D6:79:7B:B3:C6:02:1D:83:63
ValidityMon, 16 Oct 2023 15:55:32 GMT - Sun, 14 Jan 2024 16:48:25 GMT

File type
ASCII text, with very long lines (65310)
Size
149 kB (149147 bytes)
Hash
cf375ebab5ec77622d1005b04a884759
078743263234e3c7b20707761c6c44f530d6f719
d087aa37bf32093e82b15ddf717eaab8b29eaf780c1ab0bba0d3e2981112af0a

HTTP Headers

GET /agent/static/74b07336-7560-45fc-7cd1-95032a784d52/pendo.js HTTP/1.1
Host: citrix-sharefile-content.customer.pendo.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
x-guploader-uploadid: ABPtcPoNauzo4Hkhml4yTJHvD6sKh2BQUAXtqUoXMwanSG3d2onZAwZTg9mKCxZ8lSQh_abLjlD1HWIRzjzR9aZuNceK5zQIhuAD
x-goog-generation: 1699557118852460
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 149147
content-encoding: gzip
x-goog-hash: crc32c=E38Qlg==, md5=7FPYYlSQ7TvIazW+vZZDLQ==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 149147
access-control-allow-origin: *
access-control-expose-headers: *
server: UploadServer
date: Fri, 10 Nov 2023 16:40:50 GMT
age: 223
last-modified: Thu, 09 Nov 2023 19:11:58 GMT
etag: "ec53d8625490ed3bc86b35bebd96432d"
content-type: application/javascript
vary: Accept-Encoding
cache-control: public,max-age=450
strict-transport-security: max-age=63072000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

chartwellfavdr.securevdr.com/AuthUI/build/static/media/sharefile-logo-with-icon.3aa33bb6fffd83a61c47.svg

13.248.193.251

200 OK

4.2 kB

URL GET HTTP/2
chartwellfavdr.securevdr.com/AuthUI/build/static/media/sharefile-logo-with-icon.3aa33bb6fffd83a61c47.svg
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (679)
Size
4.2 kB (4211 bytes)
Hash
948cc85bdaf1c3640f35f45a0bec09fb
8c49881439130ced7b2a0047fb7b30cf069ed211
5fa7458bfc7098b3aabf460dc38063fef77a2e3cc8f06eae77caf63f46c6ddc9

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /AuthUI/build/static/media/sharefile-logo-with-icon.3aa33bb6fffd83a61c47.svg HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/AuthUI/build/static/css/main.7632f4fc.css?v=pyxWcdGZuK_72PcDYsT_aGyV9Rf7Tx8v8TouKZd363o
DNT: 1
Connection: keep-alive
Cookie: AWSALB=w5OFjj7YZW9ox5h2o6Sz3ZKyq0A3Q2Gv3qZvU18PwoJtJXlS7fhpw6ZhBE36i21V9BsPSbx/ykT8chZD+YdZ/I24AgiEbDrDBBVbG3lXHKjiP7JpBXdkX3c1jacu; AWSALBCORS=w5OFjj7YZW9ox5h2o6Sz3ZKyq0A3Q2Gv3qZvU18PwoJtJXlS7fhpw6ZhBE36i21V9BsPSbx/ykT8chZD+YdZ/I24AgiEbDrDBBVbG3lXHKjiP7JpBXdkX3c1jacu; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72; AWSALBTG=vCogJhvFRsFMnwIrpESpb6JCVURSA98V1HEQwmURXHjsx90Up92MrRadWGfXHuK7vJOF4UVrecme2IkTUXrqEKdQAOTpFIvKjTtAtLsXncOX65VL6qDhUemQ4g77wOT7cQHmTOJD3BR3akkXD5KcSpvDZqwk/2tBUc0rcOmZ/x+U; AWSALBTGCORS=vCogJhvFRsFMnwIrpESpb6JCVURSA98V1HEQwmURXHjsx90Up92MrRadWGfXHuK7vJOF4UVrecme2IkTUXrqEKdQAOTpFIvKjTtAtLsXncOX65VL6qDhUemQ4g77wOT7cQHmTOJD3BR3akkXD5KcSpvDZqwk/2tBUc0rcOmZ/x+U; SF_Subdomain=chartwellfavdr
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:33 GMT
content-type: image/svg+xml
content-length: 4211
set-cookie: AWSALBTG=9HVwSIIMxNhh8hKTWm4O4beb9toQb+Fqw8vcUAyC8B4UCvyer4gav9yTXWpvtMX/QidxEuD7KhcYsKJLgz/zZPSUw55P8I0AEQKxiJsB93ReAsSsr6JYRFpC5nxc6/MDZ/kQOV3/nzrEv4vomGZgY8KmkRC0SvSTiApE0d0SEnA8; Expires=Fri, 17 Nov 2023 16:44:33 GMT; Path=/
AWSALBTGCORS=9HVwSIIMxNhh8hKTWm4O4beb9toQb+Fqw8vcUAyC8B4UCvyer4gav9yTXWpvtMX/QidxEuD7KhcYsKJLgz/zZPSUw55P8I0AEQKxiJsB93ReAsSsr6JYRFpC5nxc6/MDZ/kQOV3/nzrEv4vomGZgY8KmkRC0SvSTiApE0d0SEnA8; Expires=Fri, 17 Nov 2023 16:44:33 GMT; Path=/; SameSite=None; Secure
AWSALB=C+cc0N2g+ul/Kc2dd9Nk4OXRPGf4qItMylPfcLsORRsy0zZQwII+HT+8VPDWFDEr+F3DXjvH2d+QzH8FuFbilbBtNKlbVlUmXuaioJTYG5MvGqRdGIPGVnpNrhD8; Expires=Fri, 17 Nov 2023 16:44:33 GMT; Path=/
AWSALBCORS=C+cc0N2g+ul/Kc2dd9Nk4OXRPGf4qItMylPfcLsORRsy0zZQwII+HT+8VPDWFDEr+F3DXjvH2d+QzH8FuFbilbBtNKlbVlUmXuaioJTYG5MvGqRdGIPGVnpNrhD8; Expires=Fri, 17 Nov 2023 16:44:33 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f483a7f3"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/AuthUI/build/static/media/PublicSans-SemiBold.1cb825ff043ef7521574.woff2

13.248.193.251

200 OK

33 kB

URL GET HTTP/2
chartwellfavdr.securevdr.com/AuthUI/build/static/media/PublicSans-SemiBold.1cb825ff043ef7521574.woff2
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 32588, version 1.0\012- data
Size
33 kB (32588 bytes)
Hash
82ee13d8c71c9fe2af41c81666cc6e9d
f743c17187ffb5ac9e1f473c7791cb7b250063b9
44077e6ceb62b989c9ef0d4659d5b6a261c31fdec49e317e8833a9fb9550e02c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /AuthUI/build/static/media/PublicSans-SemiBold.1cb825ff043ef7521574.woff2 HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://chartwellfavdr.securevdr.com/AuthUI/build/static/css/main.7632f4fc.css?v=pyxWcdGZuK_72PcDYsT_aGyV9Rf7Tx8v8TouKZd363o
DNT: 1
Connection: keep-alive
Cookie: AWSALB=w5OFjj7YZW9ox5h2o6Sz3ZKyq0A3Q2Gv3qZvU18PwoJtJXlS7fhpw6ZhBE36i21V9BsPSbx/ykT8chZD+YdZ/I24AgiEbDrDBBVbG3lXHKjiP7JpBXdkX3c1jacu; AWSALBCORS=w5OFjj7YZW9ox5h2o6Sz3ZKyq0A3Q2Gv3qZvU18PwoJtJXlS7fhpw6ZhBE36i21V9BsPSbx/ykT8chZD+YdZ/I24AgiEbDrDBBVbG3lXHKjiP7JpBXdkX3c1jacu; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72; AWSALBTG=vCogJhvFRsFMnwIrpESpb6JCVURSA98V1HEQwmURXHjsx90Up92MrRadWGfXHuK7vJOF4UVrecme2IkTUXrqEKdQAOTpFIvKjTtAtLsXncOX65VL6qDhUemQ4g77wOT7cQHmTOJD3BR3akkXD5KcSpvDZqwk/2tBUc0rcOmZ/x+U; AWSALBTGCORS=vCogJhvFRsFMnwIrpESpb6JCVURSA98V1HEQwmURXHjsx90Up92MrRadWGfXHuK7vJOF4UVrecme2IkTUXrqEKdQAOTpFIvKjTtAtLsXncOX65VL6qDhUemQ4g77wOT7cQHmTOJD3BR3akkXD5KcSpvDZqwk/2tBUc0rcOmZ/x+U; SF_Subdomain=chartwellfavdr
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:33 GMT
content-type: font/woff2
content-length: 32588
set-cookie: AWSALBTG=its5649FweBzu15GGdxGHwJ1jJn7kSxTQQ6uOEeb+PrSWcE17+aa/ZjmVt+EULe4ocozLDDq2IPjThvrRh9U5V8NzN6d8WT3UlaUFBzLq5R1gySjrV1hg1FkiPcZbdzihGpus9RgLxjJYAsebkmMQ997wDeS2E9WO/eMcqdZcihb; Expires=Fri, 17 Nov 2023 16:44:33 GMT; Path=/
AWSALBTGCORS=its5649FweBzu15GGdxGHwJ1jJn7kSxTQQ6uOEeb+PrSWcE17+aa/ZjmVt+EULe4ocozLDDq2IPjThvrRh9U5V8NzN6d8WT3UlaUFBzLq5R1gySjrV1hg1FkiPcZbdzihGpus9RgLxjJYAsebkmMQ997wDeS2E9WO/eMcqdZcihb; Expires=Fri, 17 Nov 2023 16:44:33 GMT; Path=/; SameSite=None; Secure
AWSALB=idktX/2yqEd0OX/8zD70RUI+Wm7cyqiwsUFiCE4DwGCyqBN3rkkd90blLV71jbpXoTV2kEM0bxOFkAkrHYrAexNxKDS2xj4YPXP3zXX1KtekSePSHi1TJYZGokc0; Expires=Fri, 17 Nov 2023 16:44:33 GMT; Path=/
AWSALBCORS=idktX/2yqEd0OX/8zD70RUI+Wm7cyqiwsUFiCE4DwGCyqBN3rkkd90blLV71jbpXoTV2kEM0bxOFkAkrHYrAexNxKDS2xj4YPXP3zXX1KtekSePSHi1TJYZGokc0; Expires=Fri, 17 Nov 2023 16:44:33 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f483c8cc"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/AuthUI/build/static/media/PublicSans-Medium.f6ebd504e3b19c186177.woff2

13.248.193.251

200 OK

33 kB

URL GET HTTP/2
chartwellfavdr.securevdr.com/AuthUI/build/static/media/PublicSans-Medium.f6ebd504e3b19c186177.woff2
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 32688, version 1.0\012- data
Size
33 kB (32688 bytes)
Hash
029f6f0129beaededd6e592095429d81
394246985ddf41a155c40bb054dd15cc0a0e2695
eb2423d9ac27b2c8974304b1bcdfc5031a84f3d5f22b31cb888127967c6bd906

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /AuthUI/build/static/media/PublicSans-Medium.f6ebd504e3b19c186177.woff2 HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://chartwellfavdr.securevdr.com/AuthUI/build/static/css/main.7632f4fc.css?v=pyxWcdGZuK_72PcDYsT_aGyV9Rf7Tx8v8TouKZd363o
DNT: 1
Connection: keep-alive
Cookie: AWSALB=w5OFjj7YZW9ox5h2o6Sz3ZKyq0A3Q2Gv3qZvU18PwoJtJXlS7fhpw6ZhBE36i21V9BsPSbx/ykT8chZD+YdZ/I24AgiEbDrDBBVbG3lXHKjiP7JpBXdkX3c1jacu; AWSALBCORS=w5OFjj7YZW9ox5h2o6Sz3ZKyq0A3Q2Gv3qZvU18PwoJtJXlS7fhpw6ZhBE36i21V9BsPSbx/ykT8chZD+YdZ/I24AgiEbDrDBBVbG3lXHKjiP7JpBXdkX3c1jacu; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72; AWSALBTG=vCogJhvFRsFMnwIrpESpb6JCVURSA98V1HEQwmURXHjsx90Up92MrRadWGfXHuK7vJOF4UVrecme2IkTUXrqEKdQAOTpFIvKjTtAtLsXncOX65VL6qDhUemQ4g77wOT7cQHmTOJD3BR3akkXD5KcSpvDZqwk/2tBUc0rcOmZ/x+U; AWSALBTGCORS=vCogJhvFRsFMnwIrpESpb6JCVURSA98V1HEQwmURXHjsx90Up92MrRadWGfXHuK7vJOF4UVrecme2IkTUXrqEKdQAOTpFIvKjTtAtLsXncOX65VL6qDhUemQ4g77wOT7cQHmTOJD3BR3akkXD5KcSpvDZqwk/2tBUc0rcOmZ/x+U; SF_Subdomain=chartwellfavdr
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:33 GMT
content-type: font/woff2
content-length: 32688
set-cookie: AWSALBTG=O4l07AyOTuNc1xLdoYLMLEq/5NqJtvSw7imQGJUFC5NL0q+PIwn8uRfRahSGjJ9uzvQqIyGsLrtS0e2UmdCmAPk8bULVbHugAgKdU1e2p+dZQ+OeevOd7tUx2TUMCj152JbyAP2CtjEPjbsWqyqmH6ANVz4lsUyGcDooua3510bE; Expires=Fri, 17 Nov 2023 16:44:33 GMT; Path=/
AWSALBTGCORS=O4l07AyOTuNc1xLdoYLMLEq/5NqJtvSw7imQGJUFC5NL0q+PIwn8uRfRahSGjJ9uzvQqIyGsLrtS0e2UmdCmAPk8bULVbHugAgKdU1e2p+dZQ+OeevOd7tUx2TUMCj152JbyAP2CtjEPjbsWqyqmH6ANVz4lsUyGcDooua3510bE; Expires=Fri, 17 Nov 2023 16:44:33 GMT; Path=/; SameSite=None; Secure
AWSALB=c3+N6HOWb1xeAm7cZPGXhxOxmMO1GQlRxL0hYoQQg3uc8/AwuKc+CrK8z+JhBcPnnrPeDjYp2yiHdTUpbH/Si5AvJ4W8El6tZ9k7vlsyQgCTypSXEnupgWUeVwf5; Expires=Fri, 17 Nov 2023 16:44:33 GMT; Path=/
AWSALBCORS=c3+N6HOWb1xeAm7cZPGXhxOxmMO1GQlRxL0hYoQQg3uc8/AwuKc+CrK8z+JhBcPnnrPeDjYp2yiHdTUpbH/Si5AvJ4W8El6tZ9k7vlsyQgCTypSXEnupgWUeVwf5; Expires=Fri, 17 Nov 2023 16:44:33 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f483c830"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/apple-touch-icon.png

13.248.193.251

200 OK

5.3 kB

URL GET HTTP/2
chartwellfavdr.securevdr.com/apple-touch-icon.png
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
5.3 kB (5266 bytes)
Hash
a4fc5f60fd03a5716671089af55b2333
e5aef883743c21aebd8ac8726f279724f9637a87
89cded2acd95305ba3a09f3e0e234cf17456174414ddab64397fb4126fe7856f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /apple-touch-icon.png HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
DNT: 1
Connection: keep-alive
Cookie: AWSALB=c3+N6HOWb1xeAm7cZPGXhxOxmMO1GQlRxL0hYoQQg3uc8/AwuKc+CrK8z+JhBcPnnrPeDjYp2yiHdTUpbH/Si5AvJ4W8El6tZ9k7vlsyQgCTypSXEnupgWUeVwf5; AWSALBCORS=c3+N6HOWb1xeAm7cZPGXhxOxmMO1GQlRxL0hYoQQg3uc8/AwuKc+CrK8z+JhBcPnnrPeDjYp2yiHdTUpbH/Si5AvJ4W8El6tZ9k7vlsyQgCTypSXEnupgWUeVwf5; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72; AWSALBTG=O4l07AyOTuNc1xLdoYLMLEq/5NqJtvSw7imQGJUFC5NL0q+PIwn8uRfRahSGjJ9uzvQqIyGsLrtS0e2UmdCmAPk8bULVbHugAgKdU1e2p+dZQ+OeevOd7tUx2TUMCj152JbyAP2CtjEPjbsWqyqmH6ANVz4lsUyGcDooua3510bE; AWSALBTGCORS=O4l07AyOTuNc1xLdoYLMLEq/5NqJtvSw7imQGJUFC5NL0q+PIwn8uRfRahSGjJ9uzvQqIyGsLrtS0e2UmdCmAPk8bULVbHugAgKdU1e2p+dZQ+OeevOd7tUx2TUMCj152JbyAP2CtjEPjbsWqyqmH6ANVz4lsUyGcDooua3510bE; SF_Subdomain=chartwellfavdr
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:33 GMT
content-type: image/png
content-length: 5266
set-cookie: AWSALBTG=mDrzy4zdaH1ihy+Y5vFW/ClUAsgMCjWSz7E+RDpDuyeLL35Rum/NAVc3SGbJXo3gBSEFasvNWYP9twhGP8sSOPRq9cYWt3xGXGMt15YjRYb7ERN+9LMO4JBtZ4J/EEahC7jYIruVfS3/S4y6xl+7UDtj9ATHBiqDC4RNHCRCpMK0; Expires=Fri, 17 Nov 2023 16:44:33 GMT; Path=/
AWSALBTGCORS=mDrzy4zdaH1ihy+Y5vFW/ClUAsgMCjWSz7E+RDpDuyeLL35Rum/NAVc3SGbJXo3gBSEFasvNWYP9twhGP8sSOPRq9cYWt3xGXGMt15YjRYb7ERN+9LMO4JBtZ4J/EEahC7jYIruVfS3/S4y6xl+7UDtj9ATHBiqDC4RNHCRCpMK0; Expires=Fri, 17 Nov 2023 16:44:33 GMT; Path=/; SameSite=None; Secure
AWSALB=0S5wBnqqNXtzC4nTuXITeIAwgdXzq16aAC9toiz5H2P6gjzZreeOhbcx7kT0BN3wD9ab8cW2RrIZNhn4h+geEe6fUnfNaBIGspL76Fla4MON7juKMm9ADrqEi0aC; Expires=Fri, 17 Nov 2023 16:44:33 GMT; Path=/
AWSALBCORS=0S5wBnqqNXtzC4nTuXITeIAwgdXzq16aAC9toiz5H2P6gjzZreeOhbcx7kT0BN3wD9ab8cW2RrIZNhn4h+geEe6fUnfNaBIGspL76Fla4MON7juKMm9ADrqEi0aC; Expires=Fri, 17 Nov 2023 16:44:33 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f483a312"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/favicon-16x16.png

13.248.193.251

200 OK

568 B

URL GET HTTP/2
chartwellfavdr.securevdr.com/favicon-16x16.png
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
568 B (568 bytes)
Hash
9ae1ab7759b51b5354eb303fa30a0241
7da466ca1e5fa2df9b4366e0f009632432a859ff
eb255a0a33ccbb521ff84cec5f3904653bbfde929a4da2617eee2f02ac66541e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /favicon-16x16.png HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
DNT: 1
Connection: keep-alive
Cookie: AWSALB=c3+N6HOWb1xeAm7cZPGXhxOxmMO1GQlRxL0hYoQQg3uc8/AwuKc+CrK8z+JhBcPnnrPeDjYp2yiHdTUpbH/Si5AvJ4W8El6tZ9k7vlsyQgCTypSXEnupgWUeVwf5; AWSALBCORS=c3+N6HOWb1xeAm7cZPGXhxOxmMO1GQlRxL0hYoQQg3uc8/AwuKc+CrK8z+JhBcPnnrPeDjYp2yiHdTUpbH/Si5AvJ4W8El6tZ9k7vlsyQgCTypSXEnupgWUeVwf5; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72; AWSALBTG=O4l07AyOTuNc1xLdoYLMLEq/5NqJtvSw7imQGJUFC5NL0q+PIwn8uRfRahSGjJ9uzvQqIyGsLrtS0e2UmdCmAPk8bULVbHugAgKdU1e2p+dZQ+OeevOd7tUx2TUMCj152JbyAP2CtjEPjbsWqyqmH6ANVz4lsUyGcDooua3510bE; AWSALBTGCORS=O4l07AyOTuNc1xLdoYLMLEq/5NqJtvSw7imQGJUFC5NL0q+PIwn8uRfRahSGjJ9uzvQqIyGsLrtS0e2UmdCmAPk8bULVbHugAgKdU1e2p+dZQ+OeevOd7tUx2TUMCj152JbyAP2CtjEPjbsWqyqmH6ANVz4lsUyGcDooua3510bE; SF_Subdomain=chartwellfavdr
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:33 GMT
content-type: image/png
content-length: 568
set-cookie: AWSALBTG=wu/tNkY8z1QwhEByDG9Xw7xa82W5v+YbBrNMGwO1tWBqMD1i6MfVptraLyowrNyxYtgezcWbgNgHDCJ1fncNFYY0gxD0MkW4XVJfIsV5+FoSqz8R6dKIbdP+2HKKtIRxIef/S3TcgP6EzigNdXEh2zTPuylSfGd1bo7LuxcibZuh; Expires=Fri, 17 Nov 2023 16:44:33 GMT; Path=/
AWSALBTGCORS=wu/tNkY8z1QwhEByDG9Xw7xa82W5v+YbBrNMGwO1tWBqMD1i6MfVptraLyowrNyxYtgezcWbgNgHDCJ1fncNFYY0gxD0MkW4XVJfIsV5+FoSqz8R6dKIbdP+2HKKtIRxIef/S3TcgP6EzigNdXEh2zTPuylSfGd1bo7LuxcibZuh; Expires=Fri, 17 Nov 2023 16:44:33 GMT; Path=/; SameSite=None; Secure
AWSALB=w2Yz6IpCBVhQLjpsxbM01YvDViEmRLH4hTKJT2sp2RwkpnapdbeF5dXbDwM+Nhu4x0lZj2gveguxsKIXXSXdP40EXncEHaWQ0/Ar5B2skBTn4UtGBCCLA5H4YGPE; Expires=Fri, 17 Nov 2023 16:44:33 GMT; Path=/
AWSALBCORS=w2Yz6IpCBVhQLjpsxbM01YvDViEmRLH4hTKJT2sp2RwkpnapdbeF5dXbDwM+Nhu4x0lZj2gveguxsKIXXSXdP40EXncEHaWQ0/Ar5B2skBTn4UtGBCCLA5H4YGPE; Expires=Fri, 17 Nov 2023 16:44:33 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f483b5b8"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

citrix-sharefile-data.customer.pendo.io/data/guide.gif/74b07336-7560-45fc-7cd1-95032a784d52?jzb=eJwFwIEIAAAAwDDQd3-N1QABFQC5&ct=1699634673427&v=2.208.4_prod

142.250.74.147

200 OK

42 B

URL GET HTTP/2
citrix-sharefile-data.customer.pendo.io/data/guide.gif/74b07336-7560-45fc-7cd1-95032a784d52?jzb=eJwFwIEIAAAAwDDQd3-N1QABFQC5&ct=1699634673427&v=2.208.4_prod
IP
142.250.74.147:443
ASN
#15169 GOOGLE

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerGoogle Trust Services LLC
Subjectcitrix-sharefile-data.customer.pendo.io
FingerprintBA:BB:79:2C:C3:2C:3C:19:8F:66:C7:8A:EB:97:AF:70:46:C0:75:84
ValidityTue, 12 Sep 2023 19:38:41 GMT - Mon, 11 Dec 2023 20:16:25 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /data/guide.gif/74b07336-7560-45fc-7cd1-95032a784d52?jzb=eJwFwIEIAAAAwDDQd3-N1QABFQC5&ct=1699634673427&v=2.208.4_prod HTTP/1.1
Host: citrix-sharefile-data.customer.pendo.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://chartwellfavdr.securevdr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:33 GMT
content-type: image/gif
content-length: 42
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
access-control-max-age: 600
x-content-type-options: nosniff
via: 1.1 google
X-Firefox-Spdy: h2

citrix-sharefile-data.customer.pendo.io/data/ptm.gif/74b07336-7560-45fc-7cd1-95032a784d52?v=2.208.4_prod&ct=1699634673404&jzb=eJztlFuLo04axr9LlumrTsdzdKBZ4qFNNInaakxcFim11IqHMp4SM8x3H9PDNOzNwF787xpEXp-q9_Gtguf3nx-zbqzh7PushB2YPc_CBl9b2AQdKieV5ASBoxluSdM8_TwbUIs63AQonhoCU9nLRuAEXm1KXBzWp_f3yQBEEe6r7mNP1RfF86xviml71nV1-32xiDLQdFdYFAkY4ualhVHfwEcV4XKBQd9li8cLN-gO_x0VCH54vdoCGbLX_XGX1_rlzfHEgmmleqW3JKNH7DA-tRGu4etTA9saVy0MHsd6jXAMJylGDYy6oG_Q68cY3-jVN-pteh5_emmniWCCCviC8KS1KK1QNf9Un9oOdPBVSmSNNwZo0CrWDEHv8E3Y5Nl1pwBdFrqQ5pa8LcdRksgSgLE70HI_SD21JZyDmjsEPPfbKhEuZQ-PNAWAm1iJGlqqpBxHzYECZc-htUlpttyNioJWqSa_ISWIfRNqK6N5fxMFw0iiLd8exXxFyyQ9WJwYz83baa0xHifqb0Kh7TuJGQ4uBPlRehesKmaR41WlMgyBv7mlrmldNrHNg1Gownqn7WMHrsGoikJVqVyZ3gjrnhl1w9lOj0xMroJVwbHzRiYjcFLR_HAo5yXjrHtmp8s6Tn3u5LIdU1qUzJbn0SXiCPZaf79bYJfRlriUz4y1tG6MW4MgnC5DKKAVrj2Wc-Dtfbu1dIXoLfY05nvp4m3HRk9E1UC-SjjhsJ2_Xftic7sTx5LpYqYTjjJ2Y743G13KBtFjKtJubWVpUJxtbm4b4q1pfImDoiAfEbF857F5pnfl4KRiomLG6LUEhVY_bOh7uJPJE28Gshqn8oDwdB1VXAphmk0jNFa4bK5nNwuAfXTxVt0mUum3XtTss4BRqEirLjZSupt_d31RPJCUVzKlEaaGGpvi0RMKR5nf05oAc1tyTK0ZjNudllWvZLlkczDX9Kgsz5u08Id7p_KGtl8tOSfbSy1JEfWFd9PzKOH5Gu0UW8-X5bA22E22MlbbLR5Dv5Yi7kCyHfte5plRBSeSbw45PkRXsNN8oHbDZc3QQ5QHA6-N7lBvL0YVsSeb03zkB9sh92pqr_flHebzYN8zwrkQs_nlgAKJqSXWtPsywx5znvO5w3DS8bQ-5IeVU_q39KntwxiXAFWv_xvkfy2kKWdTWBEo2gkDdYPrdvb9xx9mPMq_YaMAVdqD9EEiWAWuPfv5iZI_rQ-aTGo95bLqVp9rkxRPAZ0aSWJBkguKoOjJcIBNi3A1ydQLRfAvTDCNFD9sfxs4INx8Iqr7_TE7g_2RIGvq7JLeOHibySdpQAk_Fr0hOURy0iquntDMPX_QcuzgdEqSZsifz58oLTCI_4pS4QulXyj9QukXSv8_lD648ocmFE_9MyijSPrnf38BOzhm2Q

142.250.74.147

200 OK

42 B

URL GET HTTP/2
citrix-sharefile-data.customer.pendo.io/data/ptm.gif/74b07336-7560-45fc-7cd1-95032a784d52?v=2.208.4_prod&ct=1699634673404&jzb=eJztlFuLo04axr9LlumrTsdzdKBZ4qFNNInaakxcFim11IqHMp4SM8x3H9PDNOzNwF787xpEXp-q9_Gtguf3nx-zbqzh7PushB2YPc_CBl9b2AQdKieV5ASBoxluSdM8_TwbUIs63AQonhoCU9nLRuAEXm1KXBzWp_f3yQBEEe6r7mNP1RfF86xviml71nV1-32xiDLQdFdYFAkY4ualhVHfwEcV4XKBQd9li8cLN-gO_x0VCH54vdoCGbLX_XGX1_rlzfHEgmmleqW3JKNH7DA-tRGu4etTA9saVy0MHsd6jXAMJylGDYy6oG_Q68cY3-jVN-pteh5_emmniWCCCviC8KS1KK1QNf9Un9oOdPBVSmSNNwZo0CrWDEHv8E3Y5Nl1pwBdFrqQ5pa8LcdRksgSgLE70HI_SD21JZyDmjsEPPfbKhEuZQ-PNAWAm1iJGlqqpBxHzYECZc-htUlpttyNioJWqSa_ISWIfRNqK6N5fxMFw0iiLd8exXxFyyQ9WJwYz83baa0xHifqb0Kh7TuJGQ4uBPlRehesKmaR41WlMgyBv7mlrmldNrHNg1Gownqn7WMHrsGoikJVqVyZ3gjrnhl1w9lOj0xMroJVwbHzRiYjcFLR_HAo5yXjrHtmp8s6Tn3u5LIdU1qUzJbn0SXiCPZaf79bYJfRlriUz4y1tG6MW4MgnC5DKKAVrj2Wc-Dtfbu1dIXoLfY05nvp4m3HRk9E1UC-SjjhsJ2_Xftic7sTx5LpYqYTjjJ2Y743G13KBtFjKtJubWVpUJxtbm4b4q1pfImDoiAfEbF857F5pnfl4KRiomLG6LUEhVY_bOh7uJPJE28Gshqn8oDwdB1VXAphmk0jNFa4bK5nNwuAfXTxVt0mUum3XtTss4BRqEirLjZSupt_d31RPJCUVzKlEaaGGpvi0RMKR5nf05oAc1tyTK0ZjNudllWvZLlkczDX9Kgsz5u08Id7p_KGtl8tOSfbSy1JEfWFd9PzKOH5Gu0UW8-X5bA22E22MlbbLR5Dv5Yi7kCyHfte5plRBSeSbw45PkRXsNN8oHbDZc3QQ5QHA6-N7lBvL0YVsSeb03zkB9sh92pqr_flHebzYN8zwrkQs_nlgAKJqSXWtPsywx5znvO5w3DS8bQ-5IeVU_q39KntwxiXAFWv_xvkfy2kKWdTWBEo2gkDdYPrdvb9xx9mPMq_YaMAVdqD9EEiWAWuPfv5iZI_rQ-aTGo95bLqVp9rkxRPAZ0aSWJBkguKoOjJcIBNi3A1ydQLRfAvTDCNFD9sfxs4INx8Iqr7_TE7g_2RIGvq7JLeOHibySdpQAk_Fr0hOURy0iquntDMPX_QcuzgdEqSZsifz58oLTCI_4pS4QulXyj9QukXSv8_lD648ocmFE_9MyijSPrnf38BOzhm2Q
IP
142.250.74.147:443
ASN
#15169 GOOGLE

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerGoogle Trust Services LLC
Subjectcitrix-sharefile-data.customer.pendo.io
FingerprintBA:BB:79:2C:C3:2C:3C:19:8F:66:C7:8A:EB:97:AF:70:46:C0:75:84
ValidityTue, 12 Sep 2023 19:38:41 GMT - Mon, 11 Dec 2023 20:16:25 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /data/ptm.gif/74b07336-7560-45fc-7cd1-95032a784d52?v=2.208.4_prod&ct=1699634673404&jzb=eJztlFuLo04axr9LlumrTsdzdKBZ4qFNNInaakxcFim11IqHMp4SM8x3H9PDNOzNwF787xpEXp-q9_Gtguf3nx-zbqzh7PushB2YPc_CBl9b2AQdKieV5ASBoxluSdM8_TwbUIs63AQonhoCU9nLRuAEXm1KXBzWp_f3yQBEEe6r7mNP1RfF86xviml71nV1-32xiDLQdFdYFAkY4ualhVHfwEcV4XKBQd9li8cLN-gO_x0VCH54vdoCGbLX_XGX1_rlzfHEgmmleqW3JKNH7DA-tRGu4etTA9saVy0MHsd6jXAMJylGDYy6oG_Q68cY3-jVN-pteh5_emmniWCCCviC8KS1KK1QNf9Un9oOdPBVSmSNNwZo0CrWDEHv8E3Y5Nl1pwBdFrqQ5pa8LcdRksgSgLE70HI_SD21JZyDmjsEPPfbKhEuZQ-PNAWAm1iJGlqqpBxHzYECZc-htUlpttyNioJWqSa_ISWIfRNqK6N5fxMFw0iiLd8exXxFyyQ9WJwYz83baa0xHifqb0Kh7TuJGQ4uBPlRehesKmaR41WlMgyBv7mlrmldNrHNg1Gownqn7WMHrsGoikJVqVyZ3gjrnhl1w9lOj0xMroJVwbHzRiYjcFLR_HAo5yXjrHtmp8s6Tn3u5LIdU1qUzJbn0SXiCPZaf79bYJfRlriUz4y1tG6MW4MgnC5DKKAVrj2Wc-Dtfbu1dIXoLfY05nvp4m3HRk9E1UC-SjjhsJ2_Xftic7sTx5LpYqYTjjJ2Y743G13KBtFjKtJubWVpUJxtbm4b4q1pfImDoiAfEbF857F5pnfl4KRiomLG6LUEhVY_bOh7uJPJE28Gshqn8oDwdB1VXAphmk0jNFa4bK5nNwuAfXTxVt0mUum3XtTss4BRqEirLjZSupt_d31RPJCUVzKlEaaGGpvi0RMKR5nf05oAc1tyTK0ZjNudllWvZLlkczDX9Kgsz5u08Id7p_KGtl8tOSfbSy1JEfWFd9PzKOH5Gu0UW8-X5bA22E22MlbbLR5Dv5Yi7kCyHfte5plRBSeSbw45PkRXsNN8oHbDZc3QQ5QHA6-N7lBvL0YVsSeb03zkB9sh92pqr_flHebzYN8zwrkQs_nlgAKJqSXWtPsywx5znvO5w3DS8bQ-5IeVU_q39KntwxiXAFWv_xvkfy2kKWdTWBEo2gkDdYPrdvb9xx9mPMq_YaMAVdqD9EEiWAWuPfv5iZI_rQ-aTGo95bLqVp9rkxRPAZ0aSWJBkguKoOjJcIBNi3A1ydQLRfAvTDCNFD9sfxs4INx8Iqr7_TE7g_2RIGvq7JLeOHibySdpQAk_Fr0hOURy0iquntDMPX_QcuzgdEqSZsifz58oLTCI_4pS4QulXyj9QukXSv8_lD648ocmFE_9MyijSPrnf38BOzhm2Q HTTP/1.1
Host: citrix-sharefile-data.customer.pendo.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:33 GMT
content-type: image/gif
content-length: 42
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
access-control-max-age: 600
x-content-type-options: nosniff
via: 1.1 google
X-Firefox-Spdy: h2

citrix-sharefile-content.customer.pendo.io/guide.-323232.1622565221517.css

34.107.168.21

200 OK

14 kB

URL GET HTTP/3
citrix-sharefile-content.customer.pendo.io/guide.-323232.1622565221517.css
IP
34.107.168.21:443
ASN
#15169 GOOGLE

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerGoogle Trust Services LLC
Subjectcitrix-sharefile-content.customer.pendo.io
Fingerprint39:58:BF:FF:8A:88:70:89:25:D9:EA:D6:79:7B:B3:C6:02:1D:83:63
ValidityMon, 16 Oct 2023 15:55:32 GMT - Sun, 14 Jan 2024 16:48:25 GMT

File type
ASCII text
Size
14 kB (13593 bytes)
Hash
79e997ca126b2522cdb04fe90df21752
9240fe86112391fe95c34f1e49e26c7fbc2b4722
4b3a8a6f91f2f2b51fb6ab816435bd3e3b0c6622d005ba080333f49444083c85

HTTP Headers

GET /guide.-323232.1622565221517.css HTTP/1.1
Host: citrix-sharefile-content.customer.pendo.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
x-guploader-uploadid: ABPtcPos73_gBn4Tx9Op54B4qv8AG2IScuCF8dgeKkabS7fqGvogjUL375TMJdrkEKlGkQz8-cI3XHU6vsLyN9FSceDaBA
x-goog-generation: 1622565224555518
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 13593
x-goog-hash: crc32c=74UJIg==, md5=eemXyhJrJSLNsE/pDfIXUg==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 13593
access-control-allow-origin: *
access-control-expose-headers: *
server: UploadServer
date: Fri, 10 Nov 2023 15:44:45 GMT
expires: Fri, 10 Nov 2023 16:44:45 GMT
cache-control: public, max-age=3600
age: 3588
last-modified: Tue, 01 Jun 2021 16:33:44 GMT
etag: "79e997ca126b2522cdb04fe90df21752"
content-type: text/css
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

citrix-sharefile-content.customer.pendo.io/guide-content/xVqPNDSh3CaqWfV7NvPOf3fln70/xgZ_ucyG7kwaTf_i3whr-ViFA7Q/KusE3R9jpc8_sIxFapFF0JRR8y4.dom.json?sha256=w8YkbK_Oxqq92osy1357uATQB65clekWpQJcpVs4jnQ

34.107.168.21

200 OK

2.4 kB

URL GET HTTP/3
citrix-sharefile-content.customer.pendo.io/guide-content/xVqPNDSh3CaqWfV7NvPOf3fln70/xgZ_ucyG7kwaTf_i3whr-ViFA7Q/KusE3R9jpc8_sIxFapFF0JRR8y4.dom.json?sha256=w8YkbK_Oxqq92osy1357uATQB65clekWpQJcpVs4jnQ
IP
34.107.168.21:443
ASN
#15169 GOOGLE

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerGoogle Trust Services LLC
Subjectcitrix-sharefile-content.customer.pendo.io
Fingerprint39:58:BF:FF:8A:88:70:89:25:D9:EA:D6:79:7B:B3:C6:02:1D:83:63
ValidityMon, 16 Oct 2023 15:55:32 GMT - Sun, 14 Jan 2024 16:48:25 GMT

File type
Unicode text, UTF-8 text, with very long lines (17632), with no line terminators
Size
2.4 kB (2351 bytes)
Hash
c0631af5eda907991c1cde48d3dc2da5
2aeb04dd1f63a5cf3fb08c456a9145d09451f32e
c3c6246cafcec6aabdda8b32d77e7bb804d007ae5c95e916a5025ca55b388e74

HTTP Headers

GET /guide-content/xVqPNDSh3CaqWfV7NvPOf3fln70/xgZ_ucyG7kwaTf_i3whr-ViFA7Q/KusE3R9jpc8_sIxFapFF0JRR8y4.dom.json?sha256=w8YkbK_Oxqq92osy1357uATQB65clekWpQJcpVs4jnQ HTTP/1.1
Host: citrix-sharefile-content.customer.pendo.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://chartwellfavdr.securevdr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
x-guploader-uploadid: ABPtcPpszcdMT3nxoewhLkM9lAX9mWMVeXj4-HLnNrbTqgKYnIexr1jdYG5vWp6KmQ8XOzAA8eNiTxLRWAP9AYRk_m6s3Q
x-goog-generation: 1697134927663158
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 2351
content-encoding: gzip
x-goog-hash: crc32c=WP8GYw==, md5=IgE8LgL9Od2Q+QnNmz7J3w==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 2351
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
server: UploadServer
date: Fri, 10 Nov 2023 15:45:46 GMT
expires: Fri, 10 Nov 2023 16:45:46 GMT
cache-control: public, max-age=3600
age: 3527
last-modified: Thu, 12 Oct 2023 18:22:07 GMT
etag: "22013c2e02fd39dd90f909cd9b3ec9df"
content-type: application/json; charset=utf-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr

13.248.193.251

200 OK

8.5 kB

URL User Request GET HTTP/2
chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (9054), with no line terminators
Size
8.5 kB (8524 bytes)
Hash
6c25b8ec6af541292805e9745fdafea3
e60f38a6d62b5a2d8687892ca39104c6174f83b8
faec184aacd055e7bc0b9179c040483e0d36967fcd5679607995b4c92936b8b0

HTTP Headers

GET /oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: AWSALB=FQ8qn6zcfll2E9Dol+8lenxN9o+WtYfMUH5r5KvOlTOHRUyvbLQ9ncrElq9ilONaJ1RkIJXd3ZUgLj3i1R+ae/zLtt4mtbUUL45WFUatp+Sd1OjzwNKVCravG6CW; AWSALBCORS=FQ8qn6zcfll2E9Dol+8lenxN9o+WtYfMUH5r5KvOlTOHRUyvbLQ9ncrElq9ilONaJ1RkIJXd3ZUgLj3i1R+ae/zLtt4mtbUUL45WFUatp+Sd1OjzwNKVCravG6CW; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72; AWSALBTG=hyoCjga6TTeW3o3U/f/MDFO+mwZrPnBgSV2jn31WGbksoL+lP+3emRgkDjNowcjDi4NQxboY2rVvPnfPdGf8No+xXmx+kgUbGDmiK4z8Zle5u5zDwg2cLRqLaP79QnfAWUyv/2NsxYXpnsAEvMUTBJF9v/AuhWTGuaYL0xaiyF3O; AWSALBTGCORS=hyoCjga6TTeW3o3U/f/MDFO+mwZrPnBgSV2jn31WGbksoL+lP+3emRgkDjNowcjDi4NQxboY2rVvPnfPdGf8No+xXmx+kgUbGDmiK4z8Zle5u5zDwg2cLRqLaP79QnfAWUyv/2NsxYXpnsAEvMUTBJF9v/AuhWTGuaYL0xaiyF3O; SF_Subdomain=chartwellfavdr
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:32 GMT
content-type: text/html; charset=utf-8
set-cookie: AWSALBTG=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBTGCORS=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
AWSALB=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBCORS=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
expires: 0
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: style-src 'self' 'unsafe-inline' https://citrix-sharefile-content.customer.pendo.io https://citrix-sharefile-data.customer.pendo.io https://pendo-static-5352587489443840.storage.googleapis.com https://fonts.googleapis.com https://piletfeed-cdn.sharefile.io; script-src 'self' 'unsafe-inline' 'strict-dynamic' 'unsafe-eval' https://www.google.com https://www.recaptcha.net 'nonce-iek/Tmgdli7sOn1I6dHDlQ==' https://request.eprotect.vantivcnp.com https://consent.trustarc.com https://www.gstatic.com/recaptcha/ https://citrix-sharefile-content.customer.pendo.io https://citrix-sharefile-data.customer.pendo.io https://pendo-static-5352587489443840.storage.googleapis.com https://maps.googleapis.com; frame-ancestors 'self'; report-uri /api/cspviolation
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/AuthUI/build/static/js/871.65610964.chunk.js?v=A3bWCesfh7W313CN05WFktyhsamoVr9xxcUzi7duwhw

13.248.193.251

200 OK

85 kB

URL GET HTTP/2
chartwellfavdr.securevdr.com/AuthUI/build/static/js/871.65610964.chunk.js?v=A3bWCesfh7W313CN05WFktyhsamoVr9xxcUzi7duwhw
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
85 kB (85288 bytes)
Hash
3ade46c10939d3ac9772896f9e7e89ce
4348134bda087a8e2189ef131507811a3d05aff0
0376d609eb1f87b5b7d7708dd3958592dca1b1a9a856bf71c5c5338bb76ec21c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /AuthUI/build/static/js/871.65610964.chunk.js?v=A3bWCesfh7W313CN05WFktyhsamoVr9xxcUzi7duwhw HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
DNT: 1
Connection: keep-alive
Cookie: AWSALB=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; AWSALBCORS=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72; AWSALBTG=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; AWSALBTGCORS=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; SF_Subdomain=chartwellfavdr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:32 GMT
content-type: application/javascript
content-length: 85288
set-cookie: AWSALBTG=n7RQTPzFKZBfteoZY1BBGH7dbm2VyhhomlWvDRQD5YmXBXQD55HtjyiXABl0R4FjC12/FeI6DXMhnRjqVotBH6CM9SqnN+2RPzPxGOE/Sq+kfut69u6ZCG2OZ1iZLSCpAyrlamDHiTBQ6OViVWrtTGubtpMRQu2r14IChGahyIwz; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBTGCORS=n7RQTPzFKZBfteoZY1BBGH7dbm2VyhhomlWvDRQD5YmXBXQD55HtjyiXABl0R4FjC12/FeI6DXMhnRjqVotBH6CM9SqnN+2RPzPxGOE/Sq+kfut69u6ZCG2OZ1iZLSCpAyrlamDHiTBQ6OViVWrtTGubtpMRQu2r14IChGahyIwz; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
AWSALB=CpaZHciezH1CcR8MkHM7BTlqKa1+7oFDQ2ggpWxIUtkbq5F8S0SLMRKSYN1cs0ybziFynNMEMS3W/K4+hIZemo8t4aiD2qATc5h/Yn7bJ7+FWN17SldEUZn32N/v; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBCORS=CpaZHciezH1CcR8MkHM7BTlqKa1+7oFDQ2ggpWxIUtkbq5F8S0SLMRKSYN1cs0ybziFynNMEMS3W/K4+hIZemo8t4aiD2qATc5h/Yn7bJ7+FWN17SldEUZn32N/v; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f482faa8"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

citrix-sharefile-data.customer.pendo.io/data/guide.json/74b07336-7560-45fc-7cd1-95032a784d52?id=5&jzb=eJx9lFuLq0oThv9LNmuulhPP0QXDJh7GRE3UqDHxRlptteOhjaeJ-Vj_fZkNe2DffCBN9dNVVlHwvv9bTahHA-726erXKrLVo2JFXhS0tsyncXs9nVY_VyBJ8NgMr5RmrKqfq7GrluxiGNr-13qdFKAbvmBVZWBKu_ceJmMHX1GC6zUG41CsXwfu0BP-nVQINkOE0g9XpGLu63g5lK1x__QCqWJ7ud0aPcUaCTfNb32CW_jx1sG-xU0Po2FerglO4YJS1MFkiMYOffwzxg9m-4P-XL5Xp_d-mQhmqILvCC-sR3mDGuKbvvUDGOCHnCm6YE3QYjSsW6Ix4Ie4L4uvgwoMRRxiht8IrpImWabIAKb-xCjjJI-0SXpnrfRIeBvNJhPv9QgvDA2AnzmZFjuarF5m3YMi7RLQ2ecMVx9mVUXbXFc-kRqloQ31rdWdPiXRsrLEFPqLVG4ZhWImh5dSwn5cdzob8JLxKVb6cZDZ6exDUF7kk-g0KYe8oKnVaYrC_SP3bee-T10BzGITtwf9mHpwB2ZNEptG4-v8QTrPwmo73vVGZGNqG20rniM6hUrAVUPE-VwTNevtRvZgKAbOQ_7qcwNbO7TC1bfZJ9MEjvr4fDrgUDCOtFFurLNxHqzfgiheliFW0Il3Acd78HEyTcdQydHhrnN5lO-BOXdGJmkWCjXSiyeT-Pwaq_3jSV5qdkjZQbwo2E-F0e4MuZikgG0ot3fVjUXzrr1_7MnPrgtlHkqickHk5iRg-8Yc6snLpUzDrDXqGYqdcdozz_igUFfBjhQtzZUJ4WUdTVqLcV4sI3ROvOm-bn4RAffiY1MzM7kO-yDpjkXEqnSiN3cXqcMjfPqhJJ0pOqjZ2opzS0tt6RKIlacSz7wlAeHKnq13k_V4MooW1Byf7c_2jpnVzW2fV-H0HDTB0o_bDe8VR7mnaLK9C35-m2VM7NBBdY1yU087i9sXW2trmniOw1ZO-DPFDdypLguria6U0J1LfE6-wEEPgTZM9x3LTEkZTYI--1Nr3q0m4a4ur4cojMypDFr6aIz1E5ZEdBxZ8VZJBXE_o0hmW5mz3bEucMDeCKH0WF6-XHfn8rz16vCRv_VjnOIaoObjv0L-ay0vOlvEikDVLy5QwwGkYACrX9-m8QrR_zGOCjT5CHK4ZMAm8t3V728z-bf0ZSgLbRdpNsP2-21BS69XIUWuKWpNkzSz_HCCXY9ws2D6nSaFdzZqO5yufv_-AxRbnqo&v=2.208.4_prod&ct=1699634673425

142.250.74.147

200 OK

33 kB

URL GET HTTP/2
citrix-sharefile-data.customer.pendo.io/data/guide.json/74b07336-7560-45fc-7cd1-95032a784d52?id=5&jzb=eJx9lFuLq0oThv9LNmuulhPP0QXDJh7GRE3UqDHxRlptteOhjaeJ-Vj_fZkNe2DffCBN9dNVVlHwvv9bTahHA-726erXKrLVo2JFXhS0tsyncXs9nVY_VyBJ8NgMr5RmrKqfq7GrluxiGNr-13qdFKAbvmBVZWBKu_ceJmMHX1GC6zUG41CsXwfu0BP-nVQINkOE0g9XpGLu63g5lK1x__QCqWJ7ud0aPcUaCTfNb32CW_jx1sG-xU0Po2FerglO4YJS1MFkiMYOffwzxg9m-4P-XL5Xp_d-mQhmqILvCC-sR3mDGuKbvvUDGOCHnCm6YE3QYjSsW6Ix4Ie4L4uvgwoMRRxiht8IrpImWabIAKb-xCjjJI-0SXpnrfRIeBvNJhPv9QgvDA2AnzmZFjuarF5m3YMi7RLQ2ecMVx9mVUXbXFc-kRqloQ31rdWdPiXRsrLEFPqLVG4ZhWImh5dSwn5cdzob8JLxKVb6cZDZ6exDUF7kk-g0KYe8oKnVaYrC_SP3bee-T10BzGITtwf9mHpwB2ZNEptG4-v8QTrPwmo73vVGZGNqG20rniM6hUrAVUPE-VwTNevtRvZgKAbOQ_7qcwNbO7TC1bfZJ9MEjvr4fDrgUDCOtFFurLNxHqzfgiheliFW0Il3Acd78HEyTcdQydHhrnN5lO-BOXdGJmkWCjXSiyeT-Pwaq_3jSV5qdkjZQbwo2E-F0e4MuZikgG0ot3fVjUXzrr1_7MnPrgtlHkqickHk5iRg-8Yc6snLpUzDrDXqGYqdcdozz_igUFfBjhQtzZUJ4WUdTVqLcV4sI3ROvOm-bn4RAffiY1MzM7kO-yDpjkXEqnSiN3cXqcMjfPqhJJ0pOqjZ2opzS0tt6RKIlacSz7wlAeHKnq13k_V4MooW1Byf7c_2jpnVzW2fV-H0HDTB0o_bDe8VR7mnaLK9C35-m2VM7NBBdY1yU087i9sXW2trmniOw1ZO-DPFDdypLguria6U0J1LfE6-wEEPgTZM9x3LTEkZTYI--1Nr3q0m4a4ur4cojMypDFr6aIz1E5ZEdBxZ8VZJBXE_o0hmW5mz3bEucMDeCKH0WF6-XHfn8rz16vCRv_VjnOIaoObjv0L-ay0vOlvEikDVLy5QwwGkYACrX9-m8QrR_zGOCjT5CHK4ZMAm8t3V728z-bf0ZSgLbRdpNsP2-21BS69XIUWuKWpNkzSz_HCCXY9ws2D6nSaFdzZqO5yufv_-AxRbnqo&v=2.208.4_prod&ct=1699634673425
IP
142.250.74.147:443
ASN
#15169 GOOGLE

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerGoogle Trust Services LLC
Subjectcitrix-sharefile-data.customer.pendo.io
FingerprintBA:BB:79:2C:C3:2C:3C:19:8F:66:C7:8A:EB:97:AF:70:46:C0:75:84
ValidityTue, 12 Sep 2023 19:38:41 GMT - Mon, 11 Dec 2023 20:16:25 GMT

File type

Size
33 kB (33249 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /data/guide.json/74b07336-7560-45fc-7cd1-95032a784d52?id=5&jzb=eJx9lFuLq0oThv9LNmuulhPP0QXDJh7GRE3UqDHxRlptteOhjaeJ-Vj_fZkNe2DffCBN9dNVVlHwvv9bTahHA-726erXKrLVo2JFXhS0tsyncXs9nVY_VyBJ8NgMr5RmrKqfq7GrluxiGNr-13qdFKAbvmBVZWBKu_ceJmMHX1GC6zUG41CsXwfu0BP-nVQINkOE0g9XpGLu63g5lK1x__QCqWJ7ud0aPcUaCTfNb32CW_jx1sG-xU0Po2FerglO4YJS1MFkiMYOffwzxg9m-4P-XL5Xp_d-mQhmqILvCC-sR3mDGuKbvvUDGOCHnCm6YE3QYjSsW6Ix4Ie4L4uvgwoMRRxiht8IrpImWabIAKb-xCjjJI-0SXpnrfRIeBvNJhPv9QgvDA2AnzmZFjuarF5m3YMi7RLQ2ecMVx9mVUXbXFc-kRqloQ31rdWdPiXRsrLEFPqLVG4ZhWImh5dSwn5cdzob8JLxKVb6cZDZ6exDUF7kk-g0KYe8oKnVaYrC_SP3bee-T10BzGITtwf9mHpwB2ZNEptG4-v8QTrPwmo73vVGZGNqG20rniM6hUrAVUPE-VwTNevtRvZgKAbOQ_7qcwNbO7TC1bfZJ9MEjvr4fDrgUDCOtFFurLNxHqzfgiheliFW0Il3Acd78HEyTcdQydHhrnN5lO-BOXdGJmkWCjXSiyeT-Pwaq_3jSV5qdkjZQbwo2E-F0e4MuZikgG0ot3fVjUXzrr1_7MnPrgtlHkqickHk5iRg-8Yc6snLpUzDrDXqGYqdcdozz_igUFfBjhQtzZUJ4WUdTVqLcV4sI3ROvOm-bn4RAffiY1MzM7kO-yDpjkXEqnSiN3cXqcMjfPqhJJ0pOqjZ2opzS0tt6RKIlacSz7wlAeHKnq13k_V4MooW1Byf7c_2jpnVzW2fV-H0HDTB0o_bDe8VR7mnaLK9C35-m2VM7NBBdY1yU087i9sXW2trmniOw1ZO-DPFDdypLguria6U0J1LfE6-wEEPgTZM9x3LTEkZTYI--1Nr3q0m4a4ur4cojMypDFr6aIz1E5ZEdBxZ8VZJBXE_o0hmW5mz3bEucMDeCKH0WF6-XHfn8rz16vCRv_VjnOIaoObjv0L-ay0vOlvEikDVLy5QwwGkYACrX9-m8QrR_zGOCjT5CHK4ZMAm8t3V728z-bf0ZSgLbRdpNsP2-21BS69XIUWuKWpNkzSz_HCCXY9ws2D6nSaFdzZqO5yufv_-AxRbnqo&v=2.208.4_prod&ct=1699634673425 HTTP/1.1
Host: citrix-sharefile-data.customer.pendo.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://chartwellfavdr.securevdr.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:33 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
access-control-max-age: 600
x-content-type-options: nosniff
content-encoding: gzip
via: 1.1 google
X-Firefox-Spdy: h2

chartwellfavdr.securevdr.com/AuthUI/build/static/js/771.65ff3a17.chunk.js?v=xzCabI_w951JxW85RpRvMYy5wDwlz6BhqTClTwa9Jzg

13.248.193.251

200 OK

12 kB

URL GET HTTP/2
chartwellfavdr.securevdr.com/AuthUI/build/static/js/771.65ff3a17.chunk.js?v=xzCabI_w951JxW85RpRvMYy5wDwlz6BhqTClTwa9Jzg
IP
13.248.193.251:443
ASN
#16509 AMAZON-02

Requested by
https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
Certificate
IssuerAmazon
Subject*.sharefile.com
Fingerprint0C:DC:18:47:20:7B:12:4E:6C:5C:D0:A1:5D:9C:1F:78:3B:44:EF:84
ValidityTue, 03 Jan 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
C source, ASCII text, with very long lines (11854)
Size
12 kB (11901 bytes)
Hash
d9a6cf8298a9c92643f58e5fb5964adb
4551fec6cc538c4a4d55a03dec947495a0a7bd2c
c7309a6c8ff0f79d49c56f3946946f318cb9c03c25cfa061a930a54f06bd2738

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /AuthUI/build/static/js/771.65ff3a17.chunk.js?v=xzCabI_w951JxW85RpRvMYy5wDwlz6BhqTClTwa9Jzg HTTP/1.1
Host: chartwellfavdr.securevdr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://chartwellfavdr.securevdr.com/oauth/authorize?client_id=S91b5wNXMkpKqFTWBl4sCpAKs14Kc5vy&scope=&response_type=code&redirect_uri=https%3A%2F%2Fauth.sharefile.io%2Fsignin-sharefile&state=CfDJ8OveO3GoJO9Ktox9IkhwMEaKD9tb3678SDdcffDCaedUv3DuvCu2L0TVGkT0ejuLnf9qmueX32aaUfQfGbQGCEXyJTe92S-eQIg35mMyEEiAgJDFiE_dZPeJAOrRFB9OOfcL8sXBkA3D13vQ6Bd-PxYHJ4W6BKF9lJNtC4vVUeakXCR9Qnd5iTWnmEvv_ZIxgUPQqIdS8ay9nbpMJNdTeHayGB9nnG6mgx0QzhOpr6STuiPo1A_Al65-rD1caYGi-VVm-m4THu4MKDKogZ6YU5t4mQ2D5mjyU0dceuJuzzQaMh3QB7Dj4Q7Qx4Upa_bu2L9leQbHW56TexRLLQKE0uQ5YykNCqWLyrKfBGOiZG0TbvL-FwulIxz0Xm4td4t9XDoUd8uPrKChvBW4n1SsSE7O26SPIxI0FrrZC6eB9DXi07R8oPj3MmvTgBfGo4OuJfibQuvI3zbMD1Y8P_DGdgDvio9nbndm9bghrKfrQb7rwjUh_aSXUoLGLfCmZsWcrNh_4E2cJnqSiEtxZzUZBBV12Wm4mObgOGdPBXW9lTE-zgp0a-SCTPJrvOxz3DGWm56fIVPH3yE7jIglZvztG8OJNA76ThNCs120pq8UgjyCo-HiMESKk7mvHO5IhAOALLoybZpCc6V15t5RmkhOn_Y18rVkoVcwaMJZaGtvqH43vck_v8JyUvpLqOnc5YS6JZiZ_LvkWp2NKumzek-_Nu49jlBh-qVi_C4pC5PSumhoW4j-8kT46CXYHVkVATmZxg&subdomain=chartwellfavdr
DNT: 1
Connection: keep-alive
Cookie: AWSALB=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; AWSALBCORS=Ts+UZZ/UUP8QibUV7B6f7Hw9SXb5i+qLfcdwK3I589CCCFGoBMC7xnAuJKews2+vmR9gNerXVzoYXBm5SnKKPeEdy4DdoeXX+0Sv4fLZSFgOoaBl9UxZMf7GcxGH; .AspNetCore.Session=CfDJ8EqsKihWGclJiRtsWpDGXXohXBem%2FgA%2BCRHWEnCjXTd0y2KjbVgUOMjX9%2FzChhQM9kkkt0rRlVDq4%2BHVZMoj6DENQVNgTTFpVAMZiUmYbj6Q9%2B9HPyFbxgY7R8jXDqXBo5SoCerse1GV9jEUEZ5bF9O%2F9U7jptBE37WZFii1XE72; AWSALBTG=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; AWSALBTGCORS=AbLNFMK6QBzXozgC8a7ueu0B9Ix1KKkK3j5/iJ2WgQmliw+Q0q3RwTPdXUg+dqqRtLHkN8WSDUh6rnKGBTeOlkp6+x3kwjOs5KzY9eUv2ptAGkDTbcdMtNOHtMIaJ8p+CM8z8dV3XsOoc5X8GbWElyHzNSFs8C4uuHh+ctR4QfeT; SF_Subdomain=chartwellfavdr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 Nov 2023 16:44:32 GMT
content-type: application/javascript
content-length: 11901
set-cookie: AWSALBTG=j8yDd6bSmJwbrvhBAUwDBTwOWGK7qXSkJB+Umq9FL8Ns4o0MpywDZRASC1npHZHUvHRgLmtnz+p6gbD7W30aCYW+WlcY+Z+93MqaGJHLPbTnWlHOtjmcMs4WhWBzu3y+lWJgubdqmaj3ZfNC2g0TxmkJl6CS4Jck7MUtPxQn7kpa; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBTGCORS=j8yDd6bSmJwbrvhBAUwDBTwOWGK7qXSkJB+Umq9FL8Ns4o0MpywDZRASC1npHZHUvHRgLmtnz+p6gbD7W30aCYW+WlcY+Z+93MqaGJHLPbTnWlHOtjmcMs4WhWBzu3y+lWJgubdqmaj3ZfNC2g0TxmkJl6CS4Jck7MUtPxQn7kpa; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
AWSALB=J79McyB7A8hElJiYd7kWR89XqliEx2lPqBUsTkah43yrOXYzDGPsQhMHIA8DBuOa65jQMDmBTZ5Tbfu8s8WNcLTZBvPsy3o/ob+JT9/d1YyrSAojEnJfl8WrnfEX; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/
AWSALBCORS=J79McyB7A8hElJiYd7kWR89XqliEx2lPqBUsTkah43yrOXYzDGPsQhMHIA8DBuOa65jQMDmBTZ5Tbfu8s8WNcLTZBvPsy3o/ob+JT9/d1YyrSAojEnJfl8WrnfEX; Expires=Fri, 17 Nov 2023 16:44:32 GMT; Path=/; SameSite=None; Secure
accept-ranges: bytes
cache-control: no-store, must-revalidate, no-cache, private
content-language: en
etag: "1da12e3f48399fd"
expires: 0
last-modified: Thu, 09 Nov 2023 08:08:43 GMT
pragma: no-cache
x-xss-protection: 1;mode=block
referrer-policy: same-origin
strict-transport-security: max-age=16000000;includeSubDomains;preload
x-content-type-options: nosniff
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (17)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by