Report - gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/

Report Overview

Submitted URL
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
IP
216.172.184.77
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2023-02-02 02:04:08
Access
Website Title
Final URL
Tags
navy_federal_credit_union financial phishing
urlquery detections
Phishing - Navy Federal Credit Union

Detections

urlquery
43
Network Intrusion Detection
0
Threat Detection Systems
62

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	54.149.203.40
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	1.0 kB	2.1 kB	142.250.74.3
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-13T08:22:43Z	1.4 kB	3.9 kB	172.64.155.188
www.navyfederal.org	28885	2013-12-03T11:11:38Z	2023-03-13T05:57:44Z	632 B	339 B	104.110.18.91
va.v.liveperson.net	3906	2017-01-30T06:15:13Z	2023-03-13T07:04:28Z	693 B	1.2 kB	208.89.12.87
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-13T08:44:36Z	978 B	34 kB	142.250.74.35
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.7 kB	7.1 kB	23.36.76.226
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
gww-word.com	unknown	2019-02-06T14:08:10Z	2023-03-12T00:14:10Z	19 kB	302 kB	216.172.184.77
lptag.liveperson.net	3393	2012-08-02T18:15:51Z	2023-03-13T05:40:45Z	813 B	11 kB	178.249.101.23
web.navyfederal.org	96087	2020-04-18T20:49:06Z	2023-03-09T19:38:23Z	646 B	342 B	104.110.18.91
rnemsg.navyfederal.org	119785	2013-12-03T11:52:00Z	2023-03-09T19:38:22Z	631 B	1.1 kB	147.154.117.92
liveengage.navyfederal.org	103018	2017-11-08T15:09:41Z	2023-03-11T12:15:03Z	739 B	1.3 kB	178.249.97.98
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	1.7 kB	3.6 kB	93.184.220.29
my.navyfederal.org	90732	2017-01-31T20:36:27Z	2023-03-09T19:38:22Z	4.3 kB	23 kB	104.88.20.141
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.8 kB	77 kB	34.120.237.76
accdn.lpsnmedia.net	3410	2014-02-08T00:25:14Z	2023-03-13T07:04:26Z	883 B	7.7 kB	178.249.101.99

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-02-01	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/	Navy Federal Credit Union
2023-02-01	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/	Navy Federal Credit Union

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/common-ec401aee041a200e3dd94ec7982f0f2f.js	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/cookieGenerator-ec401aee041a200e3dd94ec7982f0f2f.js	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/dropdown-ec401aee041a200e3dd94ec7982f0f2f.js	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/tag.js	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/keypad-ec401aee041a200e3dd94ec7982f0f2f.js	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/bootstrap-select.js	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/api.js	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/login-ec401aee041a200e3dd94ec7982f0f2f.js	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/modal-ec401aee041a200e3dd94ec7982f0f2f.js	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/le2-mtagconfig.js	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/img_logo-veterans-1d62888b4b662af9142e3c385f423f32.svg	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm	Phishing
2023-02-02	medium	gww-word.com/static/f67c327263eti209967cda713cd843baa	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/storage.htm	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/img-billboard-BG.svg	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/toolTip.svg	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/f67c327263eti209967cda713cd843baa	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/nfcu-icons.ttf	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/sourcesanspro-semibold-webfont.woff2	Phishing
2023-02-02	medium	gww-word.com/static/f67c327263eti209967cda713cd843baa	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/recaptcha__en.js	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/nfcu-icons.woff	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a.js	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/jquery-ec401aee041a200e3dd94ec7982f0f2f.js	Phishing
2023-02-02	medium	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/s_code.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (23)

	URL	Size	First Seen	Last Seen
	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/tag.js	22 kB	2023-03-07	2024-04-12
Pretty URL gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/tag.js IP 216.172.184.77 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:45 Last Seen2024-04-12 19:27:20 Times Seen539 Hash e2ee8a9cd68c3d310a4c62fdb4b5c93a 67eb5f9547f1d9de0a8b143c3b50511c26281399 145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7 Loading...

	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/modal-ec401aee041a200e3dd94ec7982f0f2f.js	10 kB	2023-03-07	2024-02-01
Pretty URL gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/modal-ec401aee041a200e3dd94ec7982f0f2f.js IP 216.172.184.77 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2024-02-01 18:23:17 Times Seen177 Hash a5de96ee976ec4a3647903f3875d74d2 dba3fa7ec8f8d8dc4c560c28b7153d65a40bd1a6 91524af503d413292988cbd0f6745342c716d3efa5fe8090ed0d72b1f34fc1b3 Loading...

	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/keypad-ec401aee041a200e3dd94ec7982f0f2f.js	3.3 kB	2023-03-07	2024-02-01
Pretty URL gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/keypad-ec401aee041a200e3dd94ec7982f0f2f.js IP 216.172.184.77 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2024-02-01 18:23:17 Times Seen152 Hash 1ee2f1c1cd8b52aeec09ca0a463784c5 53c4238525f66141adce181c7fa6ea894d87faf0 a27ad080fba819c7944d8bec0b732a4435b08372b0830ea988e34d77383d7108 Loading...

	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/login-ec401aee041a200e3dd94ec7982f0f2f.js	3.4 kB	2023-03-07	2024-02-01
Pretty URL gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/login-ec401aee041a200e3dd94ec7982f0f2f.js IP 216.172.184.77 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2024-02-01 18:23:17 Times Seen149 Hash ddf9ee8c69c26f28ae9c9a025bf19b00 c3c5204a2eda0cfa8daee6640ae16923fa8d0a88 c091833941e2030950faf7805f27417bd6a685e715ba2b1245bd524486d8c30b Loading...

	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/	147 B	2023-03-07	2024-02-01
Pretty URL gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/ IP 216.172.184.77 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2024-02-01 18:23:16 Times Seen107 Hash bb66a4127fad1ead559171c5652aa430 3f1d171fd64cb49e69811843d637637017efff11 719b26e771ae1df5dabdd63fc1da603cb57e3d7ec3c5bff77a8cba7bcf948e83 Loading...

	lptag.liveperson.net/lptag/api/account/11478817/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3	286 kB	2023-03-13	2023-03-13
Pretty URL lptag.liveperson.net/lptag/api/account/11478817/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3 IP 178.249.101.23 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:37:19 Last Seen2023-03-13 14:37:19 Times Seen1 Hash 1b8d39d99650a323889b391b6b4ea8d6 982d08a05061bb33e8260c2431b571a7c47964e5 b275f1a1964c2bcaf07abc1b9802a976ca2da1ea4fbedeb37d88e20bd831508b Loading...

	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/jquery-ec401aee041a200e3dd94ec7982f0f2f.js	298 kB	2023-03-07	2024-04-24
Pretty URL gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/jquery-ec401aee041a200e3dd94ec7982f0f2f.js IP 216.172.184.77 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:49 Last Seen2024-04-24 14:52:58 Times Seen407 Hash fb1817b96c65b6477cb55fedf53e86d9 5597fac79205084e13cce359229b070ae2638171 a28d76c983b06d87eb2c6d6deaff7e1d4faf32f12794a92bd5e21c754c06ed9b Loading...

	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/api.js	850 B	2023-03-07	2024-02-01
Pretty URL gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/api.js IP 216.172.184.77 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2024-02-01 18:23:17 Times Seen145 Hash d3f6163faeb993c88e6d7319fb31d05e a86751934cba05ac62e02db4dfda74c99721cf08 0bf897707835ef8d47aa7188075757f98d13185292bd7b8eccb3659e2c19ed93 Loading...

	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/	118 B	2023-03-07	2024-02-01
Pretty URL gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/ IP 216.172.184.77 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2024-02-01 18:23:16 Times Seen116 Hash 270a26f4bd7f191f36621711c23f58f2 f64f3f4c4d1ffd17ebcf490eb3d404000506282b e4c74d6497a6dd012372bbff21e9c07fa91676efae35b32a4277307a93a92f25 Loading...

	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a.js	264 kB	2023-03-07	2024-02-01
Pretty URL gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a.js IP 216.172.184.77 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2024-02-01 18:23:17 Times Seen138 Hash ac14dc38991e4b350ee0c280ee28bd49 e5c286607803a63c8c706d36e1aaa228d88971dc d30dfeb09ca6ca5c2f6b4e4b4333c04a5051f103ff36eecf0b42772720eaedd2 Loading...

	accdn.lpsnmedia.net/api/account/11478817/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB	2.3 kB	2023-03-12	2023-03-13
Pretty URL accdn.lpsnmedia.net/api/account/11478817/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB IP 178.249.101.99 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:28:32 Last Seen2023-03-13 14:37:19 Times Seen1 Hash 341c2ed388b6cc27eef6d36125a57278 22b87a1f96fe02ce33ed4dac707b0509a3ee6239 32b4e85e797cfd18c7bae085e84015cb41aebf364ee15ecb5d5c8ef9b6aa056e Loading...

	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/s_code.js	47 kB	2023-03-07	2024-02-01
Pretty URL gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/s_code.js IP 216.172.184.77 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2024-02-01 18:23:17 Times Seen163 Hash 382e834e05eee66f0a63b4ee11e4d3a0 ac4dd6cb0f5b0f3e7605a1a8cc04a1f7338ee42f 4c6cc5fa944ab60fee83411cda54a8f6e82fe54105e641a144e7bc33dfe7205b Loading...

	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/storage.htm	39 kB	2023-03-07	2024-04-03
Pretty URL gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/storage.htm IP 216.172.184.77 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2024-04-03 19:28:22 Times Seen114 Hash 787b6efd86a86aa3cf30d1bc101685ac c1734b66a3035e6a563bbb60b43ab69cee84e502 008f51a4b0f851f47f470db8261fce505715d9edbdbff4e43c67c15e69bd0a77 Loading...

	accdn.lpsnmedia.net/api/account/11478817/configuration/setting/accountproperties/?cb=lpCb58086x65116	6.5 kB	2023-03-13	2023-03-13
Pretty URL accdn.lpsnmedia.net/api/account/11478817/configuration/setting/accountproperties/?cb=lpCb58086x65116 IP 178.249.101.99 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:37:19 Last Seen2023-03-13 14:37:19 Times Seen1 Hash 8a53244cd92a1b0f90427fe1d0145c6a f69957825d939487afb451f479379c37c7ded67c 1366f6c69ad3d050caf48ac612a9bc1149b7c5db2fa73cf7860fe2a826aae05f Loading...

	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/f67c327263eti209967cda713cd843baa	72 kB	2023-03-07	2024-04-08
Pretty URL gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/f67c327263eti209967cda713cd843baa IP 216.172.184.77 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2024-04-08 20:09:58 Times Seen386 Hash 335f2776eaf4ca7eca9953d2240c3316 5f5702f072d8e721dd3557ccd2a0944b3cc58fa5 ca9ee108c9cd3072864c1fcfe42f8fa40f829a33267388e0adbf41fa8b2da9a5 Loading...

	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/dropdown-ec401aee041a200e3dd94ec7982f0f2f.js	4.9 kB	2023-03-07	2024-02-01
Pretty URL gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/dropdown-ec401aee041a200e3dd94ec7982f0f2f.js IP 216.172.184.77 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2024-02-01 18:23:17 Times Seen159 Hash 26c4780f6299ba4f720dab0845618646 938da0075c2184a7c6094246fce05e6e0b21cf2f 35e2381bb52cbaa02e75cad7884d790260ebc1f611b6b710e8df10762d577575 Loading...

	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/recaptcha__en.js	352 kB	2023-03-07	2024-02-01
Pretty URL gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/recaptcha__en.js IP 216.172.184.77 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2024-02-01 18:23:17 Times Seen135 Hash f81a718ba9cbc63dc4693e60a848ac58 ec9b71f6971dd4f1a118613b362da793981f87f3 dd828162a2e54e24de6f167733fea047e61317ac2f573b83b75589bcbe00e6af Loading...

	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/le2-mtagconfig.js	20 kB	2023-03-07	2024-02-01
Pretty URL gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/le2-mtagconfig.js IP 216.172.184.77 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2024-02-01 18:23:17 Times Seen158 Hash d1c10a4d0eb46eea9bc096a0ac839e86 e8e8a945aa8bf827c6d65e3a9e3796855db01254 922dcba31ffcce26f6f457bd0c08982fa134c32ac0d1bebe2366df18938ca645 Loading...

	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/cookieGenerator-ec401aee041a200e3dd94ec7982f0f2f.js	2.4 kB	2023-03-07	2024-02-01
Pretty URL gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/cookieGenerator-ec401aee041a200e3dd94ec7982f0f2f.js IP 216.172.184.77 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2024-02-01 18:23:17 Times Seen147 Hash 8f26ad6fa5294d8a49c7578811cc8a54 73561359c7e366898f25e578322322d52eb60d0f bfd0527fd2725ac551051f5efeb3c0a79dc815fc727e311706840907134db819 Loading...

	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/	60 B	2023-03-07	2024-02-01
Pretty URL gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/ IP 216.172.184.77 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2024-02-01 18:23:16 Times Seen114 Hash 891e157245486c9463cca56c6f3d46b1 55f1436336195681a40e02e193fbea571a387976 752d2805073d864ab5ead5baffd3f8dd48c477dd5fbb4471277f0ea6e3c25736 Loading...

	lptag.liveperson.net/tag/tag.js?site=11478817	22 kB	2023-03-13	2023-09-05
Pretty URL lptag.liveperson.net/tag/tag.js?site=11478817 IP 178.249.101.23 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 09:30:56 Last Seen2023-09-05 14:58:41 Times Seen555 Hash 94df05334fa65d831f5666f26d87fb81 2c7b450783b48d21d0f32c9daaa922785670940f 5624aeb2703037c9b669b4903e1961a38778408edcd3bea47e370e5de9f6c571 Loading...

	va.v.liveperson.net/api/js/11478817?&cb=lpCb15372x82689&t=sp&ts=1675303466387&pid=5076385291&tid=2225793849&pt=Navy%20Federal%20Credit%20Union%20-%20Our%20Members%20are%20the%20Mission%EF%BF%BD&u=https%3A%2F%2Fgww-word.com%2Fwp-admin%2Fusr%2Fbbfcdb0c114ac68edb0d8796b68c9baf%2F&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%5D	239 B	2023-03-13	2023-03-13
Pretty URL va.v.liveperson.net/api/js/11478817?&cb=lpCb15372x82689&t=sp&ts=1675303466387&pid=5076385291&tid=2225793849&pt=Navy%20Federal%20Credit%20Union%20-%20Our%20Members%20are%20the%20Mission%EF%BF%BD&u=https%3A%2F%2Fgww-word.com%2Fwp-admin%2Fusr%2Fbbfcdb0c114ac68edb0d8796b68c9baf%2F&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%5D IP 208.89.12.87 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:37:19 Last Seen2023-03-13 14:37:19 Times Seen1 Hash 52be908a5ca13612370783dff468a129 193162d66cfbced4fe13d5e20f10975f1b72aed9 cecf027f9fc2b6e8ab199c55dee0e6c0377d9d38e93614a7c0527abc1ec1b088 Loading...

	gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/common-ec401aee041a200e3dd94ec7982f0f2f.js	7.5 kB	2023-03-07	2024-02-01
Pretty URL gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/common-ec401aee041a200e3dd94ec7982f0f2f.js IP 216.172.184.77 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:41 Last Seen2024-02-01 18:23:17 Times Seen150 Hash 01b858916957e3870308909c7076f556 2473567555dcdca88b29fb8749124c682eeb889d efabe5e66d3050a56038cc09a5ae655cc6636d6ccea5d0d87de0ce89d2bafee2 Loading...

HTTP Transactions (87)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7e05c8461bd2dc5a149f71e2c465ea29
705983959c887e243cb55a8a1796757b579ee977
4d9ea085d5dda9dabed11af9847c2b0aa6182358673b356a4e2bd631e22a9922

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D9EA085D5DDA9DABED11AF9847C2B0AA6182358673B356A4E2BD631E22A9922"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12820
Expires: Thu, 02 Feb 2023 05:37:36 GMT
Date: Thu, 02 Feb 2023 02:03:56 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11754
Expires: Thu, 02 Feb 2023 05:19:50 GMT
Date: Thu, 02 Feb 2023 02:03:56 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9a76feabb767086ae0fa54e0ffbf763f
3655d78994a1e9838340669462728b67c8c12e54
bf215ab858c7785b7c01f7d3d437a918f056f00fe9b065820e1cdd09b7bba8f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BF215AB858C7785B7C01F7D3D437A918F056F00FE9B065820E1CDD09B7BBA8F9"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6951
Expires: Thu, 02 Feb 2023 03:59:47 GMT
Date: Thu, 02 Feb 2023 02:03:56 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 02 Feb 2023 01:36:02 GMT
content-type: application/json
age: 1674
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: ErlmOBSa4KvmMVaayns1GW359NQM/er3sN8uDuzX5YPuLzrg7j0Vhi6haG9BM/+BH4L6s6L+keU=
x-amz-request-id: A05MSDXKY3K2ZNTW
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 02 Feb 2023 01:51:47 GMT
age: 729
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 02:03:56 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 02 Feb 2023 01:41:43 GMT
age: 1333
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/

216.172.184.77

301 Moved Permanently

275 B

URL HTTP/1.1
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
275 B (275 bytes)
Hash
4e0fa2e90f660da61702fed9b09bd900
08426f0cb053813ed149bda1a7d53799402980a1
18395976f33697128af786320d83e625631bac859f1cf86140af4302a2663636

Detections

Analyzer	Verdict	Alert
openphish	Navy Federal Credit Union
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/ HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Feb 2023 02:03:56 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
Location: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Cache-Control: max-age=300
Expires: Thu, 02 Feb 2023 02:08:56 GMT
Content-Length: 275
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11116
Expires: Thu, 02 Feb 2023 05:09:13 GMT
Date: Thu, 02 Feb 2023 02:03:57 GMT
Connection: keep-alive

push.services.mozilla.com/

54.149.203.40

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.149.203.40:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: uQk9XzqCOXaIDSt88s6Oqg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: HZtVxb3QD6T+NpPhcYJ5DP5Lx/M=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6a4cc6f647ee0c695170a5b462192de3
a9d56d7f5582bddbb8dec9cca8ca9593130bfed2
8b860082c109cc91652382fa7db26ffa0c77b60820269dfaec5eae76ed6da207

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B860082C109CC91652382FA7DB26FFA0C77B60820269DFAEC5EAE76ED6DA207"
Last-Modified: Mon, 30 Jan 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21497
Expires: Thu, 02 Feb 2023 08:02:14 GMT
Date: Thu, 02 Feb 2023 02:03:57 GMT
Connection: keep-alive

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/

216.172.184.77

200 OK

6.5 kB

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Non-ISO extended-ASCII text, with very long lines (466), with CRLF line terminators
Size
6.5 kB (6489 bytes)
Hash
cb043b71e382688ed4f226ae7ce1707d
7142366ac3c91143efaa9bd3ef14dae2e69604a6
3a0cb36a97b82461dc794b65e4d8a8f2469b592155901a01e1c0300447eca64c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Navy Federal Credit Union
urlquery	phishing	Phishing - Navy Federal Credit Union
openphish	Navy Federal Credit Union
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/ HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 6489
content-type: text/html
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/css.css

216.172.184.77

200 OK

865 B

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/css.css
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text
Size
865 B (865 bytes)
Hash
d02e38268578172d773c65be520c57e7
079966d15fcf3510861e9e55fbab4a43520b3a3b
543c1dbc35f28af1e9fde0e49c80550a8e1adaacf57d8434ec247782ed49d269

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Navy Federal Credit Union
urlquery	phishing	Phishing - Navy Federal Credit Union

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/css.css HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Sat, 04 Mar 2023 02:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 865
content-type: text/css
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/nfcu-icons-599150400912c8247ee1872211972b2a.css

216.172.184.77

200 OK

1.9 kB

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/nfcu-icons-599150400912c8247ee1872211972b2a.css
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with CRLF line terminators
Size
1.9 kB (1866 bytes)
Hash
551b7f0f3c8f8fc30c58b7d6211902c2
bc98f0bcfcb86c66efc4605e3338b143684e01a5
3737d1d94e0fe103df0abb9c28e53cf5d8cd9fc4d28c4c5ab35cca5c0f0dec80

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Navy Federal Credit Union
urlquery	phishing	Phishing - Navy Federal Credit Union

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/nfcu-icons-599150400912c8247ee1872211972b2a.css HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Sat, 04 Mar 2023 02:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 1866
content-type: text/css
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/nauth-599150400912c8247ee1872211972b2a.css

216.172.184.77

200 OK

1.5 kB

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/nauth-599150400912c8247ee1872211972b2a.css
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with CRLF line terminators
Size
1.5 kB (1457 bytes)
Hash
60f4b22e91296cf3751f169af3b55719
19a6f1d77ab79cbc3dcbbed6a364da83f6905d0a
ad04f02376698c398bfd4ab5d98eff3335f3505d526b30cac8415264ad5a6bda

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Navy Federal Credit Union
urlquery	phishing	Phishing - Navy Federal Credit Union

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/nauth-599150400912c8247ee1872211972b2a.css HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Sat, 04 Mar 2023 02:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 1457
content-type: text/css
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/all-599150400912c8247ee1872211972b2a.css

216.172.184.77

200 OK

11 kB

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/all-599150400912c8247ee1872211972b2a.css
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (50194), with CRLF line terminators
Size
11 kB (11002 bytes)
Hash
451fe0b791ab243968de31f9b02a4d73
b354fd8c1e9854ee3128eef6a208f9207000bc63
b960b0ad591e14dd5d88706912da23bc4fd044e5d794a93935e870a74da93f15

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Navy Federal Credit Union
urlquery	phishing	Phishing - Navy Federal Credit Union

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/all-599150400912c8247ee1872211972b2a.css HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Sat, 04 Mar 2023 02:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 11002
content-type: text/css
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/common-ec401aee041a200e3dd94ec7982f0f2f.js

216.172.184.77

200 OK

2.7 kB

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/common-ec401aee041a200e3dd94ec7982f0f2f.js
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with CRLF line terminators
Size
2.7 kB (2678 bytes)
Hash
5098d2c7f79ad8d65eeec3b84b4f1b86
243334a14e555ffeeaa41a378938545b5854b742
853faed9b0a824f7b1091bc653661f32915afcba8c3cf987568f4f5c48d70200

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Navy Federal Credit Union
urlquery	phishing	Phishing - Navy Federal Credit Union
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/common-ec401aee041a200e3dd94ec7982f0f2f.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 2678
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
74cdb739b0155f9deccbbc334a2be050
fb451169aa1c80028a115f86decfda9ebbb4d548
6586dda034a3b6dac63e065989e9e1b1cdcb13bbc177aae4b2cb0a55597afbb4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3601
Cache-Control: max-age=87325
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 02:03:57 GMT
Etag: "63d9be19-1d7"
Expires: Fri, 03 Feb 2023 02:19:22 GMT
Last-Modified: Wed, 01 Feb 2023 01:19:21 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
74cdb739b0155f9deccbbc334a2be050
fb451169aa1c80028a115f86decfda9ebbb4d548
6586dda034a3b6dac63e065989e9e1b1cdcb13bbc177aae4b2cb0a55597afbb4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6023
Cache-Control: max-age=89747
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 02:03:57 GMT
Etag: "63d9be19-1d7"
Expires: Fri, 03 Feb 2023 02:59:44 GMT
Last-Modified: Wed, 01 Feb 2023 01:19:21 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a7295a27c6e56b48eae1c5defeaf70cf
cfcd3454939e07d9e84808a20214a2225c95fe3d
72efa51956cd62ad32cbc75662b9f9d7c97ace6ef09e836a2ccd6f48c1adac9e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2320
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 02:03:57 GMT
Last-Modified: Thu, 02 Feb 2023 01:25:17 GMT
Server: ECS (amb/6BC3)
X-Cache: HIT
Content-Length: 471

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/cookieGenerator-ec401aee041a200e3dd94ec7982f0f2f.js

216.172.184.77

200 OK

947 B

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/cookieGenerator-ec401aee041a200e3dd94ec7982f0f2f.js
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with CRLF line terminators
Size
947 B (947 bytes)
Hash
0fecde5e44685c6c0354fa673ee6d991
ab9e6f9b04cdb2631f28ae7bc0e29f67abfc52bb
f7f56ebc8141501c2061f521f0fc7ce296835e3ffd67d027431aacb4eadcd75f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Navy Federal Credit Union
urlquery	phishing	Phishing - Navy Federal Credit Union
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/cookieGenerator-ec401aee041a200e3dd94ec7982f0f2f.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 947
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/dropdown-ec401aee041a200e3dd94ec7982f0f2f.js

216.172.184.77

200 OK

1.8 kB

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/dropdown-ec401aee041a200e3dd94ec7982f0f2f.js
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with CRLF line terminators
Size
1.8 kB (1804 bytes)
Hash
9844fa0b12f1b7719f2765088c8f1016
c7f5a52c7b33c2f98dff9b82b791120f02d01e50
eda28f0f228845a3174a65dade1e191b7050439f4ffd2c4ea8c91b168b5b6103

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Navy Federal Credit Union
urlquery	phishing	Phishing - Navy Federal Credit Union
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/dropdown-ec401aee041a200e3dd94ec7982f0f2f.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 1804
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2

my.navyfederal.org/NFOAA_Auth/resources/images/contact-us-1d62888b4b662af9142e3c385f423f32.svg

104.88.20.141

404 Not Found

1.0 kB

URL HTTP/1.1
my.navyfederal.org/NFOAA_Auth/resources/images/contact-us-1d62888b4b662af9142e3c385f423f32.svg
IP
104.88.20.141:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.0 kB (1018 bytes)
Hash
1536cc36842f2165300106001ee4b19a
d3bd2ed7be7778ebb3fef66672f216982e1d2e45
4ece4a1ee577bdbd46f9f55ee93ad77713bdd635c5a547e575f230fca329ae42

HTTP Headers

GET /NFOAA_Auth/resources/images/contact-us-1d62888b4b662af9142e3c385f423f32.svg HTTP/1.1
Host: my.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
X-Powered-By: Servlet/3.0
X-Frame-Options: DENY
$WSEP: 
Last-Modified: Wed, 07 Sep 2022 21:50:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html
Content-Language: en-US
Content-Length: 1018
Date: Thu, 02 Feb 2023 02:03:58 GMT
Connection: keep-alive
Set-Cookie: navyfed-opentoken=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-extracted=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-deviceprint=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-useractive=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-pingolb=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-obo=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
SMSESSION=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
acctsvcs_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=w; path=/; domain=.navyfederal.org; secure
akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=15~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=cae747ade05e281795af67f85fdab8ad; path=/; Secure; SameSite=None; Domain=.navyfederal.org
akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=80~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=f876820ea699c8e3b6d5486218117fd7; path=/; Secure; SameSite=None; Domain=.navyfederal.org
ak_bmsc=027F0018883240FC19C346D31D51E0D7~000000000000000000000000000000~YAAQPDIQYJqHUMaFAQAAX8fdDxL4nk5A6C7X7/zhSucYMNjkf9JzweaS0dt9lnL598zT/kMwR7C/ldgYioroYiXpo5AjGjkL6Og9xjCZ97XDzSWZMza24ulR9MrAoZI/ocSOCsU97PwgxyVmi0pZneyUIevlkTzlSeV4TtixWeZCbqvXgFxm9c7lUWSGG4Ntuu+FUvbBF5JE62boS9GndzgB9iKbq5BzPQ1dXdQt5PRH+kjVEMIj/q2+shtTOc4m8ASFWk5U4USrsbliPW7OGJubfVNOKhLXzWqi+S2WZ7E4hqmRyxYVtZ5UQnoAq3u0C+mmzC4sIvLSK2ciAhx0bpiKBK/tfylq8MPZs7RjvTPb0ChdNTsG6H92RqtkknluuQ2Kng==; Domain=.navyfederal.org; Path=/; Expires=Thu, 02 Feb 2023 04:03:57 GMT; Max-Age=7199; HttpOnly
Strict-Transport-Security: max-age=31536000

my.navyfederal.org/NFOAA_Auth/resources/images/Group5158-1d62888b4b662af9142e3c385f423f32.svg

104.88.20.141

404 Not Found

1.0 kB

URL HTTP/1.1
my.navyfederal.org/NFOAA_Auth/resources/images/Group5158-1d62888b4b662af9142e3c385f423f32.svg
IP
104.88.20.141:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.0 kB (1018 bytes)
Hash
1536cc36842f2165300106001ee4b19a
d3bd2ed7be7778ebb3fef66672f216982e1d2e45
4ece4a1ee577bdbd46f9f55ee93ad77713bdd635c5a547e575f230fca329ae42

HTTP Headers

GET /NFOAA_Auth/resources/images/Group5158-1d62888b4b662af9142e3c385f423f32.svg HTTP/1.1
Host: my.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
X-Powered-By: Servlet/3.0
X-Frame-Options: DENY
$WSEP: 
Last-Modified: Wed, 07 Sep 2022 21:50:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html
Content-Language: en-US
Content-Length: 1018
Date: Thu, 02 Feb 2023 02:03:58 GMT
Connection: keep-alive
Set-Cookie: navyfed-opentoken=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-extracted=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-deviceprint=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-useractive=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-pingolb=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-obo=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
SMSESSION=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
acctsvcs_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=w; path=/; domain=.navyfederal.org; secure
akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=55~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=cc5f7980a0225442be704409abea5269; path=/; Secure; SameSite=None; Domain=.navyfederal.org
akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=78~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=33841ea726693fe38b327d521c13d3d8; path=/; Secure; SameSite=None; Domain=.navyfederal.org
ak_bmsc=26DAAEF616B4E413C063B805A182D3BD~000000000000000000000000000000~YAAQPDIQYJuHUMaFAQAAYcfdDxIFAqWuyu8CvsQWHEQTkMWpfN2doSY3FYSPaTgQAVdm7Mmwnk4sLzjI1OEvRsbnQLhhSWBC9P3XxECYw7VrXlslsEx2eGoMkYwg+n6d36dHfdezWS+dTjDyDl2pwyqtJt6yxg2+6+I6rhgWsjXwaODNF995/rpupmaxSD3Cly1WGUpa9DmejUG3yoWqT46ou39+Z2TdzuTJQlJarCsqoZ5ZX1xWsVM6Q+qxRmbWisTRLKFgu/pyNHwTUGxuE6/aPcCkpLC7RSHS8YuVNbdCO3nj82E53DuhU3wUpRTRIRp80N0clIbYmdlu+8ODdeTVGq7CnoB7xmX8jdOHi7pd66Ca0XcxawNOY3o8jrdnwbWqyQ==; Domain=.navyfederal.org; Path=/; Expires=Thu, 02 Feb 2023 04:03:57 GMT; Max-Age=7199; HttpOnly
Strict-Transport-Security: max-age=31536000

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/tag.js

216.172.184.77

200 OK

9.1 kB

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/tag.js
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (21652), with no line terminators
Size
9.1 kB (9066 bytes)
Hash
ff5a1baedd30f131b97f3c012245e423
750abb823d81773ea6546d93dff844a1752cfe20
db6299bc5bc23671fc25dd62a5acd79d69a9cbc10d0d6a4052aee8f30b8d6e62

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Navy Federal Credit Union
urlquery	phishing	Phishing - Navy Federal Credit Union
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/tag.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 9066
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/keypad-ec401aee041a200e3dd94ec7982f0f2f.js

216.172.184.77

200 OK

809 B

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/keypad-ec401aee041a200e3dd94ec7982f0f2f.js
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document, ASCII text, with very long lines (1213), with CRLF line terminators
Size
809 B (809 bytes)
Hash
45aebf5c2b18c946a50740e31f811676
6c01eb6f3b907dce39d258b203b96a42703fed00
1e66b8120ad1a52baa0ae15343ec31775bb0329db16ca70927ba1a58e013e782

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Navy Federal Credit Union
urlquery	phishing	Phishing - Navy Federal Credit Union
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/keypad-ec401aee041a200e3dd94ec7982f0f2f.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 809
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/bootstrap-select.js

216.172.184.77

200 OK

11 kB

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/bootstrap-select.js
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (31148), with CRLF, LF line terminators
Size
11 kB (11396 bytes)
Hash
79b07f8c5ed334eebcfc3499758a2e17
d33b2949948f61d1835f40a0733bdee35a1505a3
6a90dee90ed1ebac761aa3162c2fc288111664ff4c5e4b62910d18a9463d7e1e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Navy Federal Credit Union
urlquery	phishing	Phishing - Navy Federal Credit Union
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/bootstrap-select.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 11396
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2

my.navyfederal.org/NFOAA_Auth/resources/images/Group5166-1d62888b4b662af9142e3c385f423f32.svg

104.88.20.141

404 Not Found

1.0 kB

URL HTTP/1.1
my.navyfederal.org/NFOAA_Auth/resources/images/Group5166-1d62888b4b662af9142e3c385f423f32.svg
IP
104.88.20.141:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.0 kB (1018 bytes)
Hash
1536cc36842f2165300106001ee4b19a
d3bd2ed7be7778ebb3fef66672f216982e1d2e45
4ece4a1ee577bdbd46f9f55ee93ad77713bdd635c5a547e575f230fca329ae42

HTTP Headers

GET /NFOAA_Auth/resources/images/Group5166-1d62888b4b662af9142e3c385f423f32.svg HTTP/1.1
Host: my.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
X-Powered-By: Servlet/3.0
X-Frame-Options: DENY
$WSEP: 
Last-Modified: Wed, 07 Sep 2022 21:50:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html
Content-Language: en-US
Content-Length: 1018
Date: Thu, 02 Feb 2023 02:03:58 GMT
Connection: keep-alive
Set-Cookie: navyfed-opentoken=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-extracted=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-deviceprint=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-useractive=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-pingolb=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-obo=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
SMSESSION=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
acctsvcs_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=w; path=/; domain=.navyfederal.org; secure
akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=73~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=59fcea7c0fcd855e2dc514df410c2bf5; path=/; Secure; SameSite=None; Domain=.navyfederal.org
akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=98~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=7bbf97b8ceacdc72693b9ef5ee198713; path=/; Secure; SameSite=None; Domain=.navyfederal.org
ak_bmsc=CDAB82DC2A68A555E7A016FD4A6D5527~000000000000000000000000000000~YAAQPDIQYJyHUMaFAQAAZcfdDxLmgofBBhgnjaPoN6CeMJzZUpWnp9vNCRZh/W1ASvjXjZ7AQAyk9Kou1veic/YtHBnItYObsk3Iecrr/6LCDdoeaKln0sW2W85yG8woCJoXrffd7ZW6PG7eix4kUAR9J6sYtC49Uty0J+R6r0UYax1whgjB+xl/5RT5zQzPqO/1ym8pmnYfLLvuyng7TkP3OZffzlt8JdpefCMYB9squLHVhm5kBeDkcr1NL6APZHL/Tbc9elN7wy5PXNH3qvdUtITOrXWp5FBqZSAfeh/yTfh432ZanTkNUcuFXVvAoyOMYKHsIfVkRdo5QNZFFOCCV05dnItaTafTqgBLDRuO/fo7vVjeP3K/scyokUo6vM8myg==; Domain=.navyfederal.org; Path=/; Expires=Thu, 02 Feb 2023 04:03:57 GMT; Max-Age=7199; HttpOnly
Strict-Transport-Security: max-age=31536000

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/api.js

216.172.184.77

200 OK

558 B

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/api.js
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (850), with no line terminators
Size
558 B (558 bytes)
Hash
2a0fbeaff401daf7f8d961960efa46c4
8c4c3f2d10be69f7fb0fcb659e9232a03f7d7955
8d6f9522208a16b57d9930f7b2b0d828c91492d747c2d9cdd8915abe57842e63

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Navy Federal Credit Union
urlquery	phishing	Phishing - Navy Federal Credit Union
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/api.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 558
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/login-ec401aee041a200e3dd94ec7982f0f2f.js

216.172.184.77

200 OK

1.1 kB

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/login-ec401aee041a200e3dd94ec7982f0f2f.js
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with CRLF line terminators
Size
1.1 kB (1127 bytes)
Hash
ae9cf250ae0e95a05cf79864a6a9733b
f70b5a2eb90895813fcba6d2b7ca0e572f601663
35b41994ff8bc04c6c752e477eceef7f262688ee832891624f2f4b0714d9a6f8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Navy Federal Credit Union
urlquery	phishing	Phishing - Navy Federal Credit Union
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/login-ec401aee041a200e3dd94ec7982f0f2f.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 1127
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/modal-ec401aee041a200e3dd94ec7982f0f2f.js

216.172.184.77

200 OK

3.4 kB

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/modal-ec401aee041a200e3dd94ec7982f0f2f.js
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with CRLF line terminators
Size
3.4 kB (3379 bytes)
Hash
509395c0534009e4764a584a4531ecf6
740964e4c50e24c932a7430faacd895072f70acb
ed5409d2e4c24fcacfb9885676b2e3c93a5f5d9ad00eb4f03c7c036ab62e74e4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Navy Federal Credit Union
urlquery	phishing	Phishing - Navy Federal Credit Union
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/modal-ec401aee041a200e3dd94ec7982f0f2f.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 3379
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/le2-mtagconfig.js

216.172.184.77

200 OK

6.3 kB

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/le2-mtagconfig.js
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (1788)
Size
6.3 kB (6320 bytes)
Hash
ff03bc1e2abf22d3fddcddbb66a117f9
92b92a8c319971623952b279773fbb92c6a872ad
1fea4db473f153cd0d025a2a9dd2a675e256c46c4c66faf28aafbeb8eb307279

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Navy Federal Credit Union
urlquery	phishing	Phishing - Navy Federal Credit Union
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/le2-mtagconfig.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 6320
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/img_logo-veterans-1d62888b4b662af9142e3c385f423f32.svg

216.172.184.77

200 OK

22 kB

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/img_logo-veterans-1d62888b4b662af9142e3c385f423f32.svg
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2618), with CRLF line terminators
Size
22 kB (21962 bytes)
Hash
e9412a7e111241810e74c5cf267fb64a
cae22fc983a55384e31ad2a4e43f812bc68efbfc
3e700f9ff93a023fcaee00daeb83062c9492803afc78643532d41d369133f991

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Navy Federal Credit Union
urlquery	phishing	Phishing - Navy Federal Credit Union
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/img_logo-veterans-1d62888b4b662af9142e3c385f423f32.svg HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
content-length: 21962
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
x-endurance-cache-level: 2
content-type: image/svg+xml
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/img-BecomeAMember-1d62888b4b662af9142e3c385f423f32.jpg

216.172.184.77

200 OK

186 kB

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/img-BecomeAMember-1d62888b4b662af9142e3c385f423f32.jpg
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1024x500, components 3\012- data
Size
186 kB (185745 bytes)
Hash
71bb90e5a3fb345196f166e4389c4ac1
5687c3c6f0146d9094d49cc6fe4cd5390a170672
ee4321efb356cf875dacf07419eb2649351e5907c159754a94b7b3be02479fe9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Navy Federal Credit Union
urlquery	phishing	Phishing - Navy Federal Credit Union

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/img-BecomeAMember-1d62888b4b662af9142e3c385f423f32.jpg HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
content-length: 185745
cache-control: max-age=31536000
expires: Fri, 02 Feb 2024 02:03:57 GMT
x-endurance-cache-level: 2
content-type: image/jpeg
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2475
Expires: Thu, 02 Feb 2023 02:45:13 GMT
Date: Thu, 02 Feb 2023 02:03:58 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2475
Expires: Thu, 02 Feb 2023 02:45:13 GMT
Date: Thu, 02 Feb 2023 02:03:58 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2475
Expires: Thu, 02 Feb 2023 02:45:13 GMT
Date: Thu, 02 Feb 2023 02:03:58 GMT
Connection: keep-alive

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm

216.172.184.77

200 OK

108 B

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
108 B (108 bytes)
Hash
1a7562ff802f8301970ff574c2e4277f
3532997324bc5f31ad7ad464603226c08ed2eedd
f6a6049d8f3fdd43ab20af67a303f4d00f211e367b5a026384bf0e7283875a0b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Navy Federal Credit Union
urlquery	phishing	Phishing - Navy Federal Credit Union
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Cookie: s_fid=61E08011D7F4BC4C-038B3B19C2AE7099
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 108
content-type: text/html
date: Thu, 02 Feb 2023 02:03:58 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
42d54c8c12a2f90c448a11bf42800e86
bb66d35435411c825bfcd0a091f33b7d1708191e
3b67d91fbb38e5c47b6ebff53da366b87af3a308e5c588775ac66a808761dbb1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 02:03:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
42d54c8c12a2f90c448a11bf42800e86
bb66d35435411c825bfcd0a091f33b7d1708191e
3b67d91fbb38e5c47b6ebff53da366b87af3a308e5c588775ac66a808761dbb1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 02:03:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

gww-word.com/static/f67c327263eti209967cda713cd843baa

216.172.184.77

200 OK

335 B

URL HTTP/2
gww-word.com/static/f67c327263eti209967cda713cd843baa
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document, ASCII text, with very long lines (688), with no line terminators
Size
335 B (335 bytes)
Hash
abcb784e43e1efc28729290bbfd1b8ea
3871864db560c9ad4bdbb0a4d8e2582c95bb32e9
4bda48d670a4722419a3aa793c540e23c6ac0ab210dd8b67083d119d89f7c60e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /static/f67c327263eti209967cda713cd843baa HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1005
Origin: https://gww-word.com
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Cookie: s_fid=61E08011D7F4BC4C-038B3B19C2AE7099
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 335
content-type: text/html; charset=UTF-8
date: Thu, 02 Feb 2023 02:03:58 GMT
server: Apache
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9600 bytes)
Hash
3366ef4f8733cb9c89a5c88f63a0a441
7da46843b6d885f38a4759a08e6c899906ab7b97
7114397ee5c251cc5cb46f3433c2cc17ff68a08e0872e227671198e9b61eba0a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: 91987222-d376-4099-a4e9-5f877b5212be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLzO2FSDIAMFktg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ce325e-281a7e062ee3039d42ae8f83;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 07:08:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: SEH32iK4aCkxhxQyu3fSlW8uVM1Oj5hwnl2U09k_THEOdAqdEeVMJw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:03:43 GMT
age: 14415
etag: "7da46843b6d885f38a4759a08e6c899906ab7b97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/storage.htm

216.172.184.77

200 OK

17 kB

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/storage.htm
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (32192), with CRLF line terminators
Size
17 kB (16602 bytes)
Hash
beb16499bbd73c457678fef1d69445e3
6655c3c37e7fb97177c24f937a2959be323217eb
6d9709a66ea5f4e4cd0b2d670e5efb0d71cbcbe79401ad2688a1b32a6ab49c08

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Navy Federal Credit Union
urlquery	phishing	Phishing - Navy Federal Credit Union
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/storage.htm HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Cookie: s_fid=61E08011D7F4BC4C-038B3B19C2AE7099
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 16602
content-type: text/html
date: Thu, 02 Feb 2023 02:03:58 GMT
server: Apache
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/img-billboard-BG.svg

216.172.184.77

200 OK

335 B

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/img-billboard-BG.svg
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document, ASCII text, with very long lines (688), with no line terminators
Size
335 B (335 bytes)
Hash
abcb784e43e1efc28729290bbfd1b8ea
3871864db560c9ad4bdbb0a4d8e2582c95bb32e9
4bda48d670a4722419a3aa793c540e23c6ac0ab210dd8b67083d119d89f7c60e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/img-billboard-BG.svg HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css
Cookie: s_fid=61E08011D7F4BC4C-038B3B19C2AE7099
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 335
content-type: text/html; charset=UTF-8
date: Thu, 02 Feb 2023 02:03:58 GMT
server: Apache
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/toolTip.svg

216.172.184.77

200 OK

335 B

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/toolTip.svg
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document, ASCII text, with very long lines (688), with no line terminators
Size
335 B (335 bytes)
Hash
abcb784e43e1efc28729290bbfd1b8ea
3871864db560c9ad4bdbb0a4d8e2582c95bb32e9
4bda48d670a4722419a3aa793c540e23c6ac0ab210dd8b67083d119d89f7c60e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/toolTip.svg HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css
Cookie: s_fid=61E08011D7F4BC4C-038B3B19C2AE7099
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 335
content-type: text/html; charset=UTF-8
date: Thu, 02 Feb 2023 02:03:58 GMT
server: Apache
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/f67c327263eti209967cda713cd843baa

216.172.184.77

200 OK

335 B

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/f67c327263eti209967cda713cd843baa
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
gzip compressed data, from Unix\012- data
Size
335 B (335 bytes)
Hash
abcb784e43e1efc28729290bbfd1b8ea
3871864db560c9ad4bdbb0a4d8e2582c95bb32e9
4bda48d670a4722419a3aa793c540e23c6ac0ab210dd8b67083d119d89f7c60e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/f67c327263eti209967cda713cd843baa HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
content-length: 72012
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
x-endurance-cache-level: 2
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdd8c5ba-bd1b-4dda-ae36-680f02b388f8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10807 bytes)
Hash
b91a1323efe4b01a2d1a2e8485117934
43d04a554f6ef512e7b21ac09287efc0e4e5efee
393e3ab81aee9fda022d06c25789be66e56aaf56f81b0514ab5dfec445087bdf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdd8c5ba-bd1b-4dda-ae36-680f02b388f8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10807
x-amzn-requestid: 9fff89ce-35f7-4b09-b766-6e65b4586c10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJ5PHm7oAMFdfw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bd07-0ed090976c8a74542e225f4c;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Hhd99jugAUeT4SMDkgOSFkc9q5jWXE0qAq51OVq8ct4juyFrYH0IhA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 07:23:30 GMT
age: 67228
etag: "43d04a554f6ef512e7b21ac09287efc0e4e5efee"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/icons.png

216.172.184.77

200 OK

335 B

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/icons.png
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document, ASCII text, with very long lines (688), with no line terminators
Size
335 B (335 bytes)
Hash
abcb784e43e1efc28729290bbfd1b8ea
3871864db560c9ad4bdbb0a4d8e2582c95bb32e9
4bda48d670a4722419a3aa793c540e23c6ac0ab210dd8b67083d119d89f7c60e

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/icons.png HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css
Cookie: s_fid=61E08011D7F4BC4C-038B3B19C2AE7099
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 335
content-type: text/html; charset=UTF-8
date: Thu, 02 Feb 2023 02:03:58 GMT
server: Apache
X-Firefox-Spdy: h2

34.120.237.76

200 OK

15 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab614ba-4572-4b54-9079-a26b68b1ece7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
15 kB (15051 bytes)
Hash
6bb5b89e738516f4862491eec286bf6d
8fb46b9ca85f2c578eb2a56d0007859183e12209
7f164a37b675bf39f8473392b07a2a383397da003303965fb190fd4f455bb43b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab614ba-4572-4b54-9079-a26b68b1ece7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 15051
x-amzn-requestid: 72a3f2ae-538e-40dc-9496-86c28334ba0d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc6jGTAIAMFy4A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb76-72178ed13a2e70d462785b90;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CKTfQzCvXa4oL6Lm2n8Rw_9Uhj69YfgpDTP9s0zoaX5qW1vcqWIXDA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:54:58 GMT
age: 14940
etag: "8fb46b9ca85f2c578eb2a56d0007859183e12209"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

142.250.74.35

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15948, version 1.0\012- data
Size
16 kB (15948 bytes)
Hash
c85615b296302af51e683eecb5e371d4
ff7c20b0947804c607759aa46eab666d94cf12ea
efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309

HTTP Headers

GET /s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gww-word.com
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15948
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 00:46:18 GMT
expires: Fri, 02 Feb 2024 00:46:18 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 15 Sep 2020 18:10:32 GMT
content-type: font/woff2
age: 4660
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ff2ba7c-95eb-402b-8e98-e95f8ac322aa.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8642 bytes)
Hash
0f85742f336de59ca88f7f964a8b33f4
0fc7177f8cb06421a8807e93989f651bda743567
fbd5fd39c39c218b0fa956f8cb8050cbdbfcb109a92303f6175d73cc8c339526

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ff2ba7c-95eb-402b-8e98-e95f8ac322aa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8642
x-amzn-requestid: f47f7616-41aa-4983-8ada-20f6f0b6856b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frfXtHkUoAMFr1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadf64-083a903959cdab540bd38265;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:53:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UqoeSWse0jZAC3IEIWk5fj9q_4xsAoZRkn67U4m2L5NkayHxsAYmlA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:00:35 GMT
age: 14603
etag: "0fc7177f8cb06421a8807e93989f651bda743567"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

142.250.74.35

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 16112, version 1.0\012- data
Size
16 kB (16112 bytes)
Hash
899c8f78ce650d4009d42443897aa723
d2e2faa9780b7fca5a5cb20a853dd7df55b3101e
a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199

HTTP Headers

GET /s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gww-word.com
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16112
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Jan 2023 18:56:43 GMT
expires: Sat, 27 Jan 2024 18:56:43 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 15 Sep 2020 18:10:09 GMT
content-type: font/woff2
age: 457635
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F868f7eb5-a922-48b3-b59c-21db2389409e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9416 bytes)
Hash
6790e3bf4d10b1ffba32a22dc588c640
cdae35517dfea800134393a1095f44462bc428a5
4f4132588ee7337fff24da64b89e43b277c4ef0a2646acfba37aea08fc0f4256

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F868f7eb5-a922-48b3-b59c-21db2389409e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9416
x-amzn-requestid: acc48967-4cc1-4bfd-bc33-7bcefd8e6547
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdKVGjqIAMFa2w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadbdb-1d1cd4de0a30760e792d32e5;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:38:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: byLFLKpRZa_blxNi2wh_ft4Ule-zNiZtSih_Quv-9BgKS87Y-wJlTA==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:00:40 GMT
age: 14598
etag: "cdae35517dfea800134393a1095f44462bc428a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11367 bytes)
Hash
395bb0f71f9eba82f5ca23548d08900f
b1fada280c7ea3eb775a6fa46ce173a51eb045f5
7443babb69532e1ee3ee779e05ad4f62de2c5bf62548bcb5702f8290a527664c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11367
x-amzn-requestid: 67702c15-9a68-46ec-95e5-efb57f08e2f1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5OGfBoAMF3Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6e-033182ba55fdd0230ad5a270;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Ybz4mmNUwsKOkpz6GFm4nLz7iGX5gJ--EiUjqrs8G92GBLn6qaF7IQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:57:51 GMT
age: 14767
etag: "b1fada280c7ea3eb775a6fa46ce173a51eb045f5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
42d54c8c12a2f90c448a11bf42800e86
bb66d35435411c825bfcd0a091f33b7d1708191e
3b67d91fbb38e5c47b6ebff53da366b87af3a308e5c588775ac66a808761dbb1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 02:03:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm

216.172.184.77

200 OK

108 B

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
108 B (108 bytes)
Hash
1a7562ff802f8301970ff574c2e4277f
3532997324bc5f31ad7ad464603226c08ed2eedd
f6a6049d8f3fdd43ab20af67a303f4d00f211e367b5a026384bf0e7283875a0b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Navy Federal Credit Union
urlquery	phishing	Phishing - Navy Federal Credit Union
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Cookie: s_fid=61E08011D7F4BC4C-038B3B19C2AE7099
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 108
content-type: text/html
date: Thu, 02 Feb 2023 02:03:58 GMT
server: Apache
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm

216.172.184.77

200 OK

108 B

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
108 B (108 bytes)
Hash
1a7562ff802f8301970ff574c2e4277f
3532997324bc5f31ad7ad464603226c08ed2eedd
f6a6049d8f3fdd43ab20af67a303f4d00f211e367b5a026384bf0e7283875a0b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Navy Federal Credit Union
urlquery	phishing	Phishing - Navy Federal Credit Union
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Cookie: s_fid=61E08011D7F4BC4C-038B3B19C2AE7099
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 108
content-type: text/html
date: Thu, 02 Feb 2023 02:03:58 GMT
server: Apache
X-Firefox-Spdy: h2

my.navyfederal.org/NFOAA_Auth/resources/images/Group5166-1d62888b4b662af9142e3c385f423f32.svg

104.88.20.141

404 Not Found

1.0 kB

URL HTTP/1.1
my.navyfederal.org/NFOAA_Auth/resources/images/Group5166-1d62888b4b662af9142e3c385f423f32.svg
IP
104.88.20.141:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.0 kB (1018 bytes)
Hash
1536cc36842f2165300106001ee4b19a
d3bd2ed7be7778ebb3fef66672f216982e1d2e45
4ece4a1ee577bdbd46f9f55ee93ad77713bdd635c5a547e575f230fca329ae42

HTTP Headers

GET /NFOAA_Auth/resources/images/Group5166-1d62888b4b662af9142e3c385f423f32.svg HTTP/1.1
Host: my.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=98~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=7bbf97b8ceacdc72693b9ef5ee198713
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
X-Powered-By: Servlet/3.0
X-Frame-Options: DENY
$WSEP: 
Last-Modified: Wed, 07 Sep 2022 21:50:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html
Content-Language: en-US
Content-Length: 1018
Date: Thu, 02 Feb 2023 02:03:58 GMT
Connection: keep-alive
Set-Cookie: navyfed-opentoken=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-extracted=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-deviceprint=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-useractive=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-pingolb=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-obo=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
SMSESSION=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
acctsvcs_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=w; path=/; domain=.navyfederal.org; secure
ak_bmsc=D1D84555438B828D38F1716C7CE52070~000000000000000000000000000000~YAAQPDIQYJ2HUMaFAQAASsndDxJHOeBQSH2KUQ1xyvvYay3lzmhmD4KWZl5DJ9LsuswE9OsHr8aadboWuRxIG/y86GrOY+De0PXH/ZE9AcI1sNMIAXxMs4yb7TTZkvbMMMy/cOsru/1yIsxPKuHIkGgLnryQbdou+A6YFES2uyMBmhmEVkh6OME9EIJI+jS99J8jDBX5SmAAv5t1s4mbFk/jchv7z9spiu4onYBhSviMkd4xIy8HIH/rbtyApebJ7XKlZn8EPln1lrnI9W9CaRh+UscVGdYN4fldhWfnN/NOMnOIpiSA9/B98asEjWTHViKiXb/rmYs0AeI6jtgcOCnhDS2HjTWvLbWrYYpKMqFZ29tvqONDE+TIus3suKhxev9eiQ==; Domain=.navyfederal.org; Path=/; Expires=Thu, 02 Feb 2023 04:03:58 GMT; Max-Age=7200; HttpOnly
Strict-Transport-Security: max-age=31536000

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/nfcu-icons.ttf

216.172.184.77

200 OK

335 B

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/nfcu-icons.ttf
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document, ASCII text, with very long lines (688), with no line terminators
Size
335 B (335 bytes)
Hash
abcb784e43e1efc28729290bbfd1b8ea
3871864db560c9ad4bdbb0a4d8e2582c95bb32e9
4bda48d670a4722419a3aa793c540e23c6ac0ab210dd8b67083d119d89f7c60e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/nfcu-icons.ttf HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css
Cookie: s_fid=61E08011D7F4BC4C-038B3B19C2AE7099
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 335
content-type: text/html; charset=UTF-8
date: Thu, 02 Feb 2023 02:03:58 GMT
server: Apache
X-Firefox-Spdy: h2

my.navyfederal.org/NFOAA_Auth/resources/images/Group5158-1d62888b4b662af9142e3c385f423f32.svg

104.88.20.141

404 Not Found

1.0 kB

URL HTTP/1.1
my.navyfederal.org/NFOAA_Auth/resources/images/Group5158-1d62888b4b662af9142e3c385f423f32.svg
IP
104.88.20.141:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.0 kB (1018 bytes)
Hash
1536cc36842f2165300106001ee4b19a
d3bd2ed7be7778ebb3fef66672f216982e1d2e45
4ece4a1ee577bdbd46f9f55ee93ad77713bdd635c5a547e575f230fca329ae42

HTTP Headers

GET /NFOAA_Auth/resources/images/Group5158-1d62888b4b662af9142e3c385f423f32.svg HTTP/1.1
Host: my.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=98~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=7bbf97b8ceacdc72693b9ef5ee198713
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
X-Powered-By: Servlet/3.0
X-Frame-Options: DENY
$WSEP: 
Last-Modified: Wed, 07 Sep 2022 21:50:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html
Content-Language: en-US
Content-Length: 1018
Date: Thu, 02 Feb 2023 02:03:58 GMT
Connection: keep-alive
Set-Cookie: navyfed-opentoken=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-extracted=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-deviceprint=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-useractive=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-pingolb=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-obo=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
SMSESSION=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
acctsvcs_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=w; path=/; domain=.navyfederal.org; secure
ak_bmsc=03011ECE20F40FCC6DC1F63D9472E192~000000000000000000000000000000~YAAQPDIQYJ6HUMaFAQAAZMndDxKhJnNg7ZmMU/KdyGTc3XgVKnE9W6fT/4O9sA6FSk21Zd3/bv9JmpeGFTm0jLHEufk5sqQ0Fzq1PqbOpqiQl4xubUrFY7qkmLXg4QVjjFa1G6ejF8NsP0xz0CBadBnKZFvf/y70U0LdDN8+rocv3R9wtErw9SOu+E5sLFMwyM9L/ZPIxk7XFpCtwtbjPPvaW5PbfXtcU97SsTOZ3BNQ7wkfvL+J2rI/PW7U6t+SJA5IZKyER+KgDQrCr4cg9VFQVH7cvq4svr7XDo4aNmMr6ls+Wwjd0dxXobHuh6+8FZMyeZf1iUDxnM2H0SfS0mIbtuaRxFs80Yy0Z1gcvry6skyj2yH6qbAAHgpz3UH75qWgNA==; Domain=.navyfederal.org; Path=/; Expires=Thu, 02 Feb 2023 04:03:58 GMT; Max-Age=7200; HttpOnly
Strict-Transport-Security: max-age=31536000

my.navyfederal.org/NFOAA_Auth/resources/images/contact-us-1d62888b4b662af9142e3c385f423f32.svg

104.88.20.141

404 Not Found

1.0 kB

URL HTTP/1.1
my.navyfederal.org/NFOAA_Auth/resources/images/contact-us-1d62888b4b662af9142e3c385f423f32.svg
IP
104.88.20.141:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.0 kB (1018 bytes)
Hash
1536cc36842f2165300106001ee4b19a
d3bd2ed7be7778ebb3fef66672f216982e1d2e45
4ece4a1ee577bdbd46f9f55ee93ad77713bdd635c5a547e575f230fca329ae42

HTTP Headers

GET /NFOAA_Auth/resources/images/contact-us-1d62888b4b662af9142e3c385f423f32.svg HTTP/1.1
Host: my.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=98~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=7bbf97b8ceacdc72693b9ef5ee198713
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
X-Powered-By: Servlet/3.0
X-Frame-Options: DENY
$WSEP: 
Last-Modified: Wed, 07 Sep 2022 21:50:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html
Content-Language: en-US
Content-Length: 1018
Date: Thu, 02 Feb 2023 02:03:58 GMT
Connection: keep-alive
Set-Cookie: navyfed-opentoken=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-extracted=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-deviceprint=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-useractive=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-pingolb=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-obo=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
SMSESSION=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
acctsvcs_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=w; path=/; domain=.navyfederal.org; secure
ak_bmsc=C37BFAB91F5B5F909AE8B56F59DDB7A7~000000000000000000000000000000~YAAQPDIQYJ+HUMaFAQAAjMndDxKCNcC8o0AX7m5oyibfMzHQvhKlQp7yewpauWMsVEhJmbt8Mf3J7U/+YC7nJYL8z56xoBVtO+2A+htj1IfU75m13xRS9glqwrl9DTBITr7NnOFRaGrVNwK5QeBLdGzmxNUI7M2X2qBhirid1Phfg+qruNOpXlR08AmKrVNzrbnfw4LS5+CSxo5DvHX8pnpyKpNkUo4I8gHutvAYaJe2WMWi5R+BnXXhQr3GWhBC3XF2V3Cxg30rBBEYZ6hjKejV76vn1ZOXKrKFsRbPQ2HzMMjrkSnM6mg6n9IeL5LYZz69/Drx3J20zVZVPMdICbIa2yFHKKVW72J+3s/dTVIMnEZsbPKewMoYmOCsNt0FPLDs7w==; Domain=.navyfederal.org; Path=/; Expires=Thu, 02 Feb 2023 04:03:58 GMT; Max-Age=7200; HttpOnly
Strict-Transport-Security: max-age=31536000

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
00014a5c06c7745309f74c5b7be00586
76341f113c35c10afe1d527340cf205dce9c5595
9ac845fcd050af72032d650cfad2b35508d3d316a5d97f72296fe32e7eb88007

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 02:03:58 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 31 Jan 2023 02:32:15 GMT
Expires: Tue, 07 Feb 2023 02:32:14 GMT
Etag: "76341f113c35c10afe1d527340cf205dce9c5595"
Cache-Control: max-age=433095,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792f5a7bca26b527-OSL

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
00014a5c06c7745309f74c5b7be00586
76341f113c35c10afe1d527340cf205dce9c5595
9ac845fcd050af72032d650cfad2b35508d3d316a5d97f72296fe32e7eb88007

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 02:03:58 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 31 Jan 2023 02:32:15 GMT
Expires: Tue, 07 Feb 2023 02:32:14 GMT
Etag: "76341f113c35c10afe1d527340cf205dce9c5595"
Cache-Control: max-age=433095,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792f5a7bcae5b50f-OSL

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/sourcesanspro-semibold-webfont.woff2

216.172.184.77

200 OK

1.7 kB

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/sourcesanspro-semibold-webfont.woff2
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
data
Size
1.7 kB (1711 bytes)
Hash
79f3f11bb34524117e1303520a45eb64
62fba9e0625ce0ba24d345e7e3eb36a195081ec5
fdc33691e22bbfa9163e162bd3c7b310a1f3a806ff247fd9ab61847ce385125e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/sourcesanspro-semibold-webfont.woff2 HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css
Cookie: s_fid=61E08011D7F4BC4C-038B3B19C2AE7099
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:58 GMT
vary: Accept-Encoding
x-endurance-cache-level: 2
content-type: text/html; charset=UTF-8
date: Thu, 02 Feb 2023 02:03:58 GMT
server: Apache
X-Firefox-Spdy: h2

gww-word.com/static/f67c327263eti209967cda713cd843baa

216.172.184.77

200 OK

335 B

URL HTTP/2
gww-word.com/static/f67c327263eti209967cda713cd843baa
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document, ASCII text, with very long lines (688), with no line terminators
Size
335 B (335 bytes)
Hash
abcb784e43e1efc28729290bbfd1b8ea
3871864db560c9ad4bdbb0a4d8e2582c95bb32e9
4bda48d670a4722419a3aa793c540e23c6ac0ab210dd8b67083d119d89f7c60e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /static/f67c327263eti209967cda713cd843baa HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1260
Origin: https://gww-word.com
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Cookie: s_fid=61E08011D7F4BC4C-038B3B19C2AE7099
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 335
content-type: text/html; charset=UTF-8
date: Thu, 02 Feb 2023 02:03:58 GMT
server: Apache
X-Firefox-Spdy: h2

my.navyfederal.org/NFOAA_Auth/favicon.ico

104.88.20.141

200 OK

351 B

URL HTTP/1.1
my.navyfederal.org/NFOAA_Auth/favicon.ico
IP
104.88.20.141:0
ASN
#16625 AKAMAI-AS

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
351 B (351 bytes)
Hash
1ff701ad319400203220d48758838e99
e603d649127b743e4c32988dd40cde0c0924c11b
4bb25e1c20ad9bb64afc21206c14f5c25140a4056b8bddc06ac554559d59c71e

HTTP Headers

GET /NFOAA_Auth/favicon.ico HTTP/1.1
Host: my.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=98~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=7bbf97b8ceacdc72693b9ef5ee198713
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
X-Frame-Options: DENY
Last-Modified: Wed, 07 Sep 2022 21:50:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: image/x-icon
Content-Language: en-US
Content-Length: 351
Date: Thu, 02 Feb 2023 02:03:59 GMT
Connection: keep-alive
Set-Cookie: my_dc=w; path=/; domain=.navyfederal.org; secure
Strict-Transport-Security: max-age=31536000

accdn.lpsnmedia.net/api/account/11478817/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB

178.249.101.99

200 OK

2.1 kB

URL HTTP/2
accdn.lpsnmedia.net/api/account/11478817/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
IP
178.249.101.99:0
ASN
#11054 LIVEPERSON

File type
data
Size
2.1 kB (2080 bytes)
Hash
72025f56570bbb145acfc4ce49161aae
b3309919ddfb1782076095e5f12d5fd1c7b2b128
8c0ee2111a5492ebbbdb8f0df84196d3323506a8927d692e1d234ae384a61f31

HTTP Headers

GET /api/account/11478817/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 02 Feb 2023 02:03:58 GMT
content-type: application/javascript
set-cookie: ADRUM_BTa=R:21|g:d8282e3c-544b-40a3-8ef7-a8044423fcdf; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:28 GMT; Path=/
ADRUM_BTa=R:21|g:d8282e3c-544b-40a3-8ef7-a8044423fcdf|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:28 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:28 GMT; Path=/; Secure
ADRUM_BT1=R:21|i:2241585; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:28 GMT; Path=/
ADRUM_BT1=R:21|i:2241585|e:10; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:28 GMT; Path=/
vary: Accept
expires: Thu, 02 Feb 2023 02:04:58 GMT
x-envoy-upstream-service-time: 1
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: EXPIRED
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d153ba1d9f8522d8c456a98d4f7d1301
7a3a518230e65b90766883aacd1956b98dba8c69
78ae39af04d498d314a642da1d6f2452d2ed012c54eb7ea27087340db422b6f7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 02:03:59 GMT
Etag: "63da070a-1d7"
Server: ECS (amb/6B8D)
Content-Length: 471

my.navyfederal.org/NFOAA_Auth/resources/images/apple-touch-icon-72x72-precomposed-1d62888b4b662af9142e3c385f423f32.png

104.88.20.141

404 Not Found

1.9 kB

URL HTTP/1.1
my.navyfederal.org/NFOAA_Auth/resources/images/apple-touch-icon-72x72-precomposed-1d62888b4b662af9142e3c385f423f32.png
IP
104.88.20.141:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.9 kB (1941 bytes)
Hash
726ecf2df6a19b5a3c655e4941eb5135
1fdf86a26d04338d4f5394cc852a5c8387d95048
d3ba0f9d4c73e11ca995ac01df41b72c0ba60290454319cac7232e90c535a98e

HTTP Headers

GET /NFOAA_Auth/resources/images/apple-touch-icon-72x72-precomposed-1d62888b4b662af9142e3c385f423f32.png HTTP/1.1
Host: my.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=98~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=7bbf97b8ceacdc72693b9ef5ee198713
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
X-Powered-By: Servlet/3.0
X-Frame-Options: DENY
$WSEP: 
Last-Modified: Wed, 07 Sep 2022 21:50:18 GMT
Content-Length: 1941
Content-Type: text/html
Content-Language: en-US
Date: Thu, 02 Feb 2023 02:03:59 GMT
Connection: keep-alive
Set-Cookie: navyfed-opentoken=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-extracted=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-deviceprint=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-useractive=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-pingolb=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-obo=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
SMSESSION=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
acctsvcs_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=w; path=/; domain=.navyfederal.org; secure
ak_bmsc=7B599F0CEAA859C75B78671DC8FB7FEB~000000000000000000000000000000~YAAQPDIQYKCHUMaFAQAACszdDxKXiFFwX3epMhVvQY7qipvwvEtXnO3XvyjRPDC2TFFfe/gMNv+IKjj9h94tKO48pD6haGBIE5n14N5IcK9IiHRz98M1tCHBAMNpNIsCmR+q92uENzjqQAd8CUDKYKUS4DzWLtPPLX33Uk8y9uvSceyu5suPjnaHQ2FG8cyuqVlksLPsC6JNbA4gxzpvb6/RbbrJCjGkXUEvbOOnxBI/v8u/Tq4Zmm1MkpC8psCPoaFqK0To45L8DO5venS0nOKMAsTqP+fJBqJ3n0rYpDopyAQZMmJuRqrkn7Tv2Fkek3N1T557SBDvropYbG7yd0WqgLczjKmuwCkOHYU/VLcSiLMpfVUI+Rd5ybrQSUOoaObfHQ==; Domain=.navyfederal.org; Path=/; Expires=Thu, 02 Feb 2023 04:03:59 GMT; Max-Age=7200; HttpOnly
Strict-Transport-Security: max-age=31536000

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
d97ed0916d168d58352b521432ab7028
61b617b33e1a72cef8c8d39e73b3f9418882abd0
8cbb1c9c21a8c2bbbcaa84a79e86f9f8005e01909885a3fab8b00088a047edf6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 02:03:59 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 03:43:28 GMT
Expires: Wed, 08 Feb 2023 03:43:27 GMT
Etag: "61b617b33e1a72cef8c8d39e73b3f9418882abd0"
Cache-Control: max-age=523767,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792f5a7eccd3b50f-OSL

accdn.lpsnmedia.net/api/account/11478817/configuration/setting/accountproperties/?cb=lpCb58086x65116

178.249.101.99

200 OK

2.1 kB

URL HTTP/2
accdn.lpsnmedia.net/api/account/11478817/configuration/setting/accountproperties/?cb=lpCb58086x65116
IP
178.249.101.99:0
ASN
#11054 LIVEPERSON

File type
data
Size
2.1 kB (2083 bytes)
Hash
93349a7e7bb9bfa5d1bdc1c2eb0391ca
409f06bd080c7417a23bb85cff8c725a0c580238
30babf908b28e436cf307c946e0aefbfc0f4f671205c8ef8c33211f1c6d71856

HTTP Headers

GET /api/account/11478817/configuration/setting/accountproperties/?cb=lpCb58086x65116 HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 02 Feb 2023 02:03:58 GMT
content-type: application/javascript
set-cookie: ADRUM_BTa=R:21|g:1d929125-bf23-4177-9d35-dab4f240055f; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:28 GMT; Path=/
ADRUM_BTa=R:21|g:1d929125-bf23-4177-9d35-dab4f240055f|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:28 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:28 GMT; Path=/; Secure
ADRUM_BT1=R:21|i:2241585; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:28 GMT; Path=/
ADRUM_BT1=R:21|i:2241585|e:11; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:28 GMT; Path=/
vary: Accept
expires: Thu, 02 Feb 2023 02:04:58 GMT
x-envoy-upstream-service-time: 1
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: EXPIRED
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

lptag.liveperson.net/tag/tag.js?site=11478817

178.249.101.23

200 OK

7.6 kB

URL HTTP/2
lptag.liveperson.net/tag/tag.js?site=11478817
IP
178.249.101.23:0
ASN
#11054 LIVEPERSON

File type
ASCII text, with very long lines (21707), with no line terminators
Size
7.6 kB (7588 bytes)
Hash
73fffd7c64707f625983cd93bc412dca
f001f558aa7ae9281baa111933728d47185e00bd
520582f871580aa30933c2b10be35b68c2cd1f3631addb4d8dcae9bd8c51b3df

HTTP Headers

GET /tag/tag.js?site=11478817 HTTP/1.1
Host: lptag.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 02 Feb 2023 02:03:59 GMT
content-type: application/javascript
content-length: 7588
last-modified: Wed, 07 Dec 2022 20:20:28 GMT
etag: "6390f58c-1da4"
content-encoding: gzip
server: ws
strict-transport-security: max-age=63072000; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
cache-control: public, max-age=630
x-content-type-options: nosniff
X-Firefox-Spdy: h2

rnemsg.navyfederal.org/ci/pta/logout

147.154.117.92

302 Found

25 B

URL HTTP/1.1
rnemsg.navyfederal.org/ci/pta/logout
IP
147.154.117.92:0
ASN
#31898 ORACLE-BMC-31898

File type
data
Size
25 B (25 bytes)
Hash
3f8372f15e761c5f9e4ed6515f744df3
81a6e71371d2a46f6116e045fce6feb258b2d9f3
61c08f21cca5983f6f115bd91b9cc97bd29ef835d1cabed197d79fa7e1e7bd76

HTTP Headers

GET /ci/pta/logout HTTP/1.1
Host: rnemsg.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=98~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=7bbf97b8ceacdc72693b9ef5ee198713
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Date: Thu, 02 Feb 2023 02:03:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
F5_do_compression: yes
Content-Encoding: gzip
RNT-JN-Ext-Machine: 43.4
Strict-Transport-Security: max-age=31536000
Set-Cookie: cp_session=fU6u9_oQJi36_~dHNkPie8teTsHxy29FW0241Lzj7eOlvZ~oQYbBatRYRuY5hpDBqnlba9mYGs1hxgBa9lH5DR3rKfDuMcLhsHO2izmbj74Ff4_rGIdJPj7yukjBbg9tPmEMlZIF11EYdXoI4jstgiqRe0f~~EY_gq_Cm5rtCFnf6pIqalldYNCeiVh9Ue6zShRY0g_nN3~Let0HmgrYwweQH6Z6FQH0VtEySFsnSPvXq1OjiWs41iyV1TeSFXCKDeSIm6ns_ZhtjRFTbrQRekbokvqbp8nL1dHYzcBYg~tRblNxu0SXy4OGhnrOz20mtzkIr07U_DHWEcqEzhgPAJEceJ6b5ivk_DzAVe7KR2I2U7jhdtg8R9czEsyiOOgrnvSQX6iC6RyQQx2ZxxfrUxJOz6_Zmp~vFMVQGX85Pub1APFh_4fJPjgFzgOntEfMik2ipny_cQrgH8YxCxpbpT1ukXBe_0Zv1EOkinKLN9nhSw9Q77ce8LcQ!!; path=/; httponly; SameSite=None; Secure
cp_session=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
RNT-JN-Ext-UUID: 45c84b1a-7619-4f04-ad2a-27bd36da7b2b
RNT-Time: D=186133 t=1675303439208463
Location: https://www.navyfederal.org/images/spacer.gif
RNT-Machine: 0.84

www.navyfederal.org/images/spacer.gif

104.110.18.91

301 Moved Permanently

0 B

URL HTTP/2
www.navyfederal.org/images/spacer.gif
IP
104.110.18.91:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /images/spacer.gif HTTP/1.1
Host: www.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gww-word.com/
Connection: keep-alive
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=98~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=7bbf97b8ceacdc72693b9ef5ee198713
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
server: AkamaiGHost
content-length: 0
location: https://web.navyfederal.org/images/spacer.gif
cache-control: max-age=86400
expires: Fri, 03 Feb 2023 02:03:59 GMT
date: Thu, 02 Feb 2023 02:03:59 GMT
permissions-policy: interest-cohort=()
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

web.navyfederal.org/images/spacer.gif

104.110.18.91

200 OK

43 B

URL HTTP/2
web.navyfederal.org/images/spacer.gif
IP
104.110.18.91:0
ASN
#16625 AKAMAI-AS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

GET /images/spacer.gif HTTP/1.1
Host: web.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gww-word.com/
Connection: keep-alive
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=98~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=7bbf97b8ceacdc72693b9ef5ee198713
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: Apache
last-modified: Sun, 02 Jun 2013 10:22:19 GMT
etag: "2b-4de29390cacc0"
accept-ranges: bytes
content-length: 43
cache-control: max-age=7776000
expires: Wed, 19 Oct 2022 10:22:27 GMT
content-type: image/gif
date: Thu, 02 Feb 2023 02:03:59 GMT
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
81353767dd5ca7d4a52e8c553358f007
9a85056d5f47ef4757ecb2dae139ac058b147cb4
ba6dc780c83cc6bd42288ebdad8a8cf468d8f551680ab2441026ed9fb21c5d82

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 02:04:01 GMT
Server: ECS (amb/6B80)
Content-Length: 471

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
04baa2d73afb558b508f0533cf639e6b
28724e2db58f79c83817c3569a6c26ff04269708
68c423f13afe5792588d6638dbece45dbc5e793876e4527a95fad14aec79699f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 02:04:02 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 30 Jan 2023 23:37:43 GMT
Expires: Mon, 06 Feb 2023 23:37:42 GMT
Etag: "28724e2db58f79c83817c3569a6c26ff04269708"
Cache-Control: max-age=422619,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792f5a951ef1b50f-OSL

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d335250-c4ff-42af-b9c2-48711573ab39.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4814 bytes)
Hash
86664b4d1fc27ba7b5bff8a245604326
b8c7ef73101a497b6c78ad59aafe66a391fdc3fa
e4596faadf14051299036a79632951d90183dd0635293687edef11985799a752

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d335250-c4ff-42af-b9c2-48711573ab39.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 4814
x-amzn-requestid: 90da23ab-2c54-40ec-8e26-bdf4eeb1e27b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdKWFpvoAMFyPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadbdb-70c4cb89413ed6bd44731d76;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:38:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: axFfTgcGtvqt1RcbyLpovD5Fr7J2Wx9pNwb92m2rwTdj-sGp0bIq-Q==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:59:10 GMT
age: 14695
etag: "b8c7ef73101a497b6c78ad59aafe66a391fdc3fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

liveengage.navyfederal.org/le_secure_storage/3.11.0.2-release_5036/storage.secure.min.html?loc=https%3A%2F%2Fgww-word.com&site=11478817&env=prod

178.249.97.98

200 OK

0 B

URL HTTP/2
liveengage.navyfederal.org/le_secure_storage/3.11.0.2-release_5036/storage.secure.min.html?loc=https%3A%2F%2Fgww-word.com&site=11478817&env=prod
IP
178.249.97.98:0
ASN
#11054 LIVEPERSON

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /le_secure_storage/3.11.0.2-release_5036/storage.secure.min.html?loc=https%3A%2F%2Fgww-word.com&site=11478817&env=prod HTTP/1.1
Host: liveengage.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=98~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=7bbf97b8ceacdc72693b9ef5ee198713
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 02 Feb 2023 02:04:02 GMT
content-type: text/html
last-modified: Tue, 29 Sep 2020 18:27:10 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Fri, 02 Feb 2024 02:04:02 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: MISS
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/recaptcha__en.js

216.172.184.77

200 OK

0 B

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/recaptcha__en.js
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/recaptcha__en.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/nfcu-icons.woff

216.172.184.77

200 OK

0 B

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/nfcu-icons.woff
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/nfcu-icons.woff HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css
Cookie: s_fid=61E08011D7F4BC4C-038B3B19C2AE7099
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:58 GMT
vary: Accept-Encoding
x-endurance-cache-level: 2
content-type: text/html; charset=UTF-8
date: Thu, 02 Feb 2023 02:03:58 GMT
server: Apache
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a.js

216.172.184.77

200 OK

0 B

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a.js
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/jquery-ec401aee041a200e3dd94ec7982f0f2f.js

216.172.184.77

200 OK

0 B

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/jquery-ec401aee041a200e3dd94ec7982f0f2f.js
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/jquery-ec401aee041a200e3dd94ec7982f0f2f.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2

va.v.liveperson.net/api/js/11478817?&cb=lpCb15372x82689&t=sp&ts=1675303466387&pid=5076385291&tid=2225793849&pt=Navy%20Federal%20Credit%20Union%20-%20Our%20Members%20are%20the%20Mission%EF%BF%BD&u=https%3A%2F%2Fgww-word.com%2Fwp-admin%2Fusr%2Fbbfcdb0c114ac68edb0d8796b68c9baf%2F&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%5D

208.89.12.87

200 OK

0 B

URL HTTP/2
va.v.liveperson.net/api/js/11478817?&cb=lpCb15372x82689&t=sp&ts=1675303466387&pid=5076385291&tid=2225793849&pt=Navy%20Federal%20Credit%20Union%20-%20Our%20Members%20are%20the%20Mission%EF%BF%BD&u=https%3A%2F%2Fgww-word.com%2Fwp-admin%2Fusr%2Fbbfcdb0c114ac68edb0d8796b68c9baf%2F&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%5D
IP
208.89.12.87:0
ASN
#11054 LIVEPERSON

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /api/js/11478817?&cb=lpCb15372x82689&t=sp&ts=1675303466387&pid=5076385291&tid=2225793849&pt=Navy%20Federal%20Credit%20Union%20-%20Our%20Members%20are%20the%20Mission%EF%BF%BD&u=https%3A%2F%2Fgww-word.com%2Fwp-admin%2Fusr%2Fbbfcdb0c114ac68edb0d8796b68c9baf%2F&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%5D HTTP/1.1
Host: va.v.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 02 Feb 2023 02:04:03 GMT
content-type: application/javascript
set-cookie: LPVisitorID=QzZTMzZTViNDE2NWNkZWJl; Expires=Fri, 02-Feb-2024 02:04:03 GMT; Path=/; HttpOnly
LPSessionID=glvvnzB-Ry2jJVqa2H-Nhw; Path=/api/js/11478817; HttpOnly
cache-control: no-store
server: ws
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2

lptag.liveperson.net/lptag/api/account/11478817/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3

178.249.101.23

200 OK

0 B

URL HTTP/2
lptag.liveperson.net/lptag/api/account/11478817/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3
IP
178.249.101.23:0
ASN
#11054 LIVEPERSON

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /lptag/api/account/11478817/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3 HTTP/1.1
Host: lptag.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 02 Feb 2023 02:03:59 GMT
content-type: application/x-javascript
set-cookie: ADRUM_BTa=R:21|g:eed3ac11-58ec-45f9-b59b-d9b9dbd3e72a; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:29 GMT; Path=/
ADRUM_BTa=R:21|g:eed3ac11-58ec-45f9-b59b-d9b9dbd3e72a|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:29 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:29 GMT; Path=/; Secure
ADRUM_BT1=R:21|i:1758155; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:29 GMT; Path=/
ADRUM_BT1=R:21|i:1758155|e:2; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:29 GMT; Path=/
ADRUM_BT1=R:21|i:1758155|e:2|d:3; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:29 GMT; Path=/
cache-control: public, max-age=630
server: ws
strict-transport-security: max-age=63072000; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: MISS
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css

216.172.184.77

200 OK

0 B

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Sat, 04 Mar 2023 02:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-type: text/css
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2

gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/s_code.js

216.172.184.77

200 OK

0 B

URL HTTP/2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/s_code.js
IP
216.172.184.77:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/s_code.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (23)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML