r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7e05c8461bd2dc5a149f71e2c465ea29
705983959c887e243cb55a8a1796757b579ee977
4d9ea085d5dda9dabed11af9847c2b0aa6182358673b356a4e2bd631e22a9922
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D9EA085D5DDA9DABED11AF9847C2B0AA6182358673B356A4E2BD631E22A9922"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12820
Expires: Thu, 02 Feb 2023 05:37:36 GMT
Date: Thu, 02 Feb 2023 02:03:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11754
Expires: Thu, 02 Feb 2023 05:19:50 GMT
Date: Thu, 02 Feb 2023 02:03:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9a76feabb767086ae0fa54e0ffbf763f
3655d78994a1e9838340669462728b67c8c12e54
bf215ab858c7785b7c01f7d3d437a918f056f00fe9b065820e1cdd09b7bba8f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BF215AB858C7785B7C01F7D3D437A918F056F00FE9B065820E1CDD09B7BBA8F9"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6951
Expires: Thu, 02 Feb 2023 03:59:47 GMT
Date: Thu, 02 Feb 2023 02:03:56 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 02 Feb 2023 01:36:02 GMT
content-type: application/json
age: 1674
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ErlmOBSa4KvmMVaayns1GW359NQM/er3sN8uDuzX5YPuLzrg7j0Vhi6haG9BM/+BH4L6s6L+keU=
x-amz-request-id: A05MSDXKY3K2ZNTW
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 02 Feb 2023 01:51:47 GMT
age: 729
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 02:03:56 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 02 Feb 2023 01:41:43 GMT
age: 1333
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
216.172.184.77301 Moved Permanently 275 B URL HTTP/1.1 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 4e0fa2e90f660da61702fed9b09bd900
08426f0cb053813ed149bda1a7d53799402980a1
18395976f33697128af786320d83e625631bac859f1cf86140af4302a2663636
Analyzer Verdict Alert openphish Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/ HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Feb 2023 02:03:56 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
Location: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Cache-Control: max-age=300
Expires: Thu, 02 Feb 2023 02:08:56 GMT
Content-Length: 275
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11116
Expires: Thu, 02 Feb 2023 05:09:13 GMT
Date: Thu, 02 Feb 2023 02:03:57 GMT
Connection: keep-alive
push.services.mozilla.com/
54.149.203.40101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.203.40:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: uQk9XzqCOXaIDSt88s6Oqg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: HZtVxb3QD6T+NpPhcYJ5DP5Lx/M=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6a4cc6f647ee0c695170a5b462192de3
a9d56d7f5582bddbb8dec9cca8ca9593130bfed2
8b860082c109cc91652382fa7db26ffa0c77b60820269dfaec5eae76ed6da207
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B860082C109CC91652382FA7DB26FFA0C77B60820269DFAEC5EAE76ED6DA207"
Last-Modified: Mon, 30 Jan 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21497
Expires: Thu, 02 Feb 2023 08:02:14 GMT
Date: Thu, 02 Feb 2023 02:03:57 GMT
Connection: keep-alive
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
216.172.184.77200 OK 6.5 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Non-ISO extended-ASCII text, with very long lines (466), with CRLF line terminators
Hash cb043b71e382688ed4f226ae7ce1707d
7142366ac3c91143efaa9bd3ef14dae2e69604a6
3a0cb36a97b82461dc794b65e4d8a8f2469b592155901a01e1c0300447eca64c
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
openphish Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/ HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 6489
content-type: text/html
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/css.css
216.172.184.77200 OK 865 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/css.css
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d02e38268578172d773c65be520c57e7
079966d15fcf3510861e9e55fbab4a43520b3a3b
543c1dbc35f28af1e9fde0e49c80550a8e1adaacf57d8434ec247782ed49d269
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/css.css HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Sat, 04 Mar 2023 02:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 865
content-type: text/css
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/nfcu-icons-599150400912c8247ee1872211972b2a.css
216.172.184.77200 OK 1.9 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/nfcu-icons-599150400912c8247ee1872211972b2a.css
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 551b7f0f3c8f8fc30c58b7d6211902c2
bc98f0bcfcb86c66efc4605e3338b143684e01a5
3737d1d94e0fe103df0abb9c28e53cf5d8cd9fc4d28c4c5ab35cca5c0f0dec80
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/nfcu-icons-599150400912c8247ee1872211972b2a.css HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Sat, 04 Mar 2023 02:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 1866
content-type: text/css
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/nauth-599150400912c8247ee1872211972b2a.css
216.172.184.77200 OK 1.5 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/nauth-599150400912c8247ee1872211972b2a.css
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 60f4b22e91296cf3751f169af3b55719
19a6f1d77ab79cbc3dcbbed6a364da83f6905d0a
ad04f02376698c398bfd4ab5d98eff3335f3505d526b30cac8415264ad5a6bda
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/nauth-599150400912c8247ee1872211972b2a.css HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Sat, 04 Mar 2023 02:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 1457
content-type: text/css
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/all-599150400912c8247ee1872211972b2a.css
216.172.184.77200 OK 11 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/all-599150400912c8247ee1872211972b2a.css
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (50194), with CRLF line terminators
Hash 451fe0b791ab243968de31f9b02a4d73
b354fd8c1e9854ee3128eef6a208f9207000bc63
b960b0ad591e14dd5d88706912da23bc4fd044e5d794a93935e870a74da93f15
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/all-599150400912c8247ee1872211972b2a.css HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Sat, 04 Mar 2023 02:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 11002
content-type: text/css
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/common-ec401aee041a200e3dd94ec7982f0f2f.js
216.172.184.77200 OK 2.7 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/common-ec401aee041a200e3dd94ec7982f0f2f.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 5098d2c7f79ad8d65eeec3b84b4f1b86
243334a14e555ffeeaa41a378938545b5854b742
853faed9b0a824f7b1091bc653661f32915afcba8c3cf987568f4f5c48d70200
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/common-ec401aee041a200e3dd94ec7982f0f2f.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 2678
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 74cdb739b0155f9deccbbc334a2be050
fb451169aa1c80028a115f86decfda9ebbb4d548
6586dda034a3b6dac63e065989e9e1b1cdcb13bbc177aae4b2cb0a55597afbb4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3601
Cache-Control: max-age=87325
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 02:03:57 GMT
Etag: "63d9be19-1d7"
Expires: Fri, 03 Feb 2023 02:19:22 GMT
Last-Modified: Wed, 01 Feb 2023 01:19:21 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 74cdb739b0155f9deccbbc334a2be050
fb451169aa1c80028a115f86decfda9ebbb4d548
6586dda034a3b6dac63e065989e9e1b1cdcb13bbc177aae4b2cb0a55597afbb4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6023
Cache-Control: max-age=89747
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 02:03:57 GMT
Etag: "63d9be19-1d7"
Expires: Fri, 03 Feb 2023 02:59:44 GMT
Last-Modified: Wed, 01 Feb 2023 01:19:21 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a7295a27c6e56b48eae1c5defeaf70cf
cfcd3454939e07d9e84808a20214a2225c95fe3d
72efa51956cd62ad32cbc75662b9f9d7c97ace6ef09e836a2ccd6f48c1adac9e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2320
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 02:03:57 GMT
Last-Modified: Thu, 02 Feb 2023 01:25:17 GMT
Server: ECS (amb/6BC3)
X-Cache: HIT
Content-Length: 471
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/cookieGenerator-ec401aee041a200e3dd94ec7982f0f2f.js
216.172.184.77200 OK 947 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/cookieGenerator-ec401aee041a200e3dd94ec7982f0f2f.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 0fecde5e44685c6c0354fa673ee6d991
ab9e6f9b04cdb2631f28ae7bc0e29f67abfc52bb
f7f56ebc8141501c2061f521f0fc7ce296835e3ffd67d027431aacb4eadcd75f
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/cookieGenerator-ec401aee041a200e3dd94ec7982f0f2f.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 947
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/dropdown-ec401aee041a200e3dd94ec7982f0f2f.js
216.172.184.77200 OK 1.8 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/dropdown-ec401aee041a200e3dd94ec7982f0f2f.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 9844fa0b12f1b7719f2765088c8f1016
c7f5a52c7b33c2f98dff9b82b791120f02d01e50
eda28f0f228845a3174a65dade1e191b7050439f4ffd2c4ea8c91b168b5b6103
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/dropdown-ec401aee041a200e3dd94ec7982f0f2f.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 1804
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2
my.navyfederal.org/NFOAA_Auth/resources/images/contact-us-1d62888b4b662af9142e3c385f423f32.svg
104.88.20.141404 Not Found 1.0 kB URL HTTP/1.1 my.navyfederal.org/NFOAA_Auth/resources/images/contact-us-1d62888b4b662af9142e3c385f423f32.svg
IP 104.88.20.141:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 1536cc36842f2165300106001ee4b19a
d3bd2ed7be7778ebb3fef66672f216982e1d2e45
4ece4a1ee577bdbd46f9f55ee93ad77713bdd635c5a547e575f230fca329ae42
GET /NFOAA_Auth/resources/images/contact-us-1d62888b4b662af9142e3c385f423f32.svg HTTP/1.1
Host: my.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
X-Powered-By: Servlet/3.0
X-Frame-Options: DENY
$WSEP:
Last-Modified: Wed, 07 Sep 2022 21:50:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html
Content-Language: en-US
Content-Length: 1018
Date: Thu, 02 Feb 2023 02:03:58 GMT
Connection: keep-alive
Set-Cookie: navyfed-opentoken=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-extracted=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-deviceprint=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-useractive=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-pingolb=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-obo=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
SMSESSION=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
acctsvcs_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=w; path=/; domain=.navyfederal.org; secure
akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=15~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=cae747ade05e281795af67f85fdab8ad; path=/; Secure; SameSite=None; Domain=.navyfederal.org
akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=80~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=f876820ea699c8e3b6d5486218117fd7; path=/; Secure; SameSite=None; Domain=.navyfederal.org
ak_bmsc=027F0018883240FC19C346D31D51E0D7~000000000000000000000000000000~YAAQPDIQYJqHUMaFAQAAX8fdDxL4nk5A6C7X7/zhSucYMNjkf9JzweaS0dt9lnL598zT/kMwR7C/ldgYioroYiXpo5AjGjkL6Og9xjCZ97XDzSWZMza24ulR9MrAoZI/ocSOCsU97PwgxyVmi0pZneyUIevlkTzlSeV4TtixWeZCbqvXgFxm9c7lUWSGG4Ntuu+FUvbBF5JE62boS9GndzgB9iKbq5BzPQ1dXdQt5PRH+kjVEMIj/q2+shtTOc4m8ASFWk5U4USrsbliPW7OGJubfVNOKhLXzWqi+S2WZ7E4hqmRyxYVtZ5UQnoAq3u0C+mmzC4sIvLSK2ciAhx0bpiKBK/tfylq8MPZs7RjvTPb0ChdNTsG6H92RqtkknluuQ2Kng==; Domain=.navyfederal.org; Path=/; Expires=Thu, 02 Feb 2023 04:03:57 GMT; Max-Age=7199; HttpOnly
Strict-Transport-Security: max-age=31536000
my.navyfederal.org/NFOAA_Auth/resources/images/Group5158-1d62888b4b662af9142e3c385f423f32.svg
104.88.20.141404 Not Found 1.0 kB URL HTTP/1.1 my.navyfederal.org/NFOAA_Auth/resources/images/Group5158-1d62888b4b662af9142e3c385f423f32.svg
IP 104.88.20.141:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 1536cc36842f2165300106001ee4b19a
d3bd2ed7be7778ebb3fef66672f216982e1d2e45
4ece4a1ee577bdbd46f9f55ee93ad77713bdd635c5a547e575f230fca329ae42
GET /NFOAA_Auth/resources/images/Group5158-1d62888b4b662af9142e3c385f423f32.svg HTTP/1.1
Host: my.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
X-Powered-By: Servlet/3.0
X-Frame-Options: DENY
$WSEP:
Last-Modified: Wed, 07 Sep 2022 21:50:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html
Content-Language: en-US
Content-Length: 1018
Date: Thu, 02 Feb 2023 02:03:58 GMT
Connection: keep-alive
Set-Cookie: navyfed-opentoken=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-extracted=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-deviceprint=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-useractive=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-pingolb=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-obo=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
SMSESSION=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
acctsvcs_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=w; path=/; domain=.navyfederal.org; secure
akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=55~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=cc5f7980a0225442be704409abea5269; path=/; Secure; SameSite=None; Domain=.navyfederal.org
akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=78~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=33841ea726693fe38b327d521c13d3d8; path=/; Secure; SameSite=None; Domain=.navyfederal.org
ak_bmsc=26DAAEF616B4E413C063B805A182D3BD~000000000000000000000000000000~YAAQPDIQYJuHUMaFAQAAYcfdDxIFAqWuyu8CvsQWHEQTkMWpfN2doSY3FYSPaTgQAVdm7Mmwnk4sLzjI1OEvRsbnQLhhSWBC9P3XxECYw7VrXlslsEx2eGoMkYwg+n6d36dHfdezWS+dTjDyDl2pwyqtJt6yxg2+6+I6rhgWsjXwaODNF995/rpupmaxSD3Cly1WGUpa9DmejUG3yoWqT46ou39+Z2TdzuTJQlJarCsqoZ5ZX1xWsVM6Q+qxRmbWisTRLKFgu/pyNHwTUGxuE6/aPcCkpLC7RSHS8YuVNbdCO3nj82E53DuhU3wUpRTRIRp80N0clIbYmdlu+8ODdeTVGq7CnoB7xmX8jdOHi7pd66Ca0XcxawNOY3o8jrdnwbWqyQ==; Domain=.navyfederal.org; Path=/; Expires=Thu, 02 Feb 2023 04:03:57 GMT; Max-Age=7199; HttpOnly
Strict-Transport-Security: max-age=31536000
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/tag.js
216.172.184.77200 OK 9.1 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/tag.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (21652), with no line terminators
Hash ff5a1baedd30f131b97f3c012245e423
750abb823d81773ea6546d93dff844a1752cfe20
db6299bc5bc23671fc25dd62a5acd79d69a9cbc10d0d6a4052aee8f30b8d6e62
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/tag.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 9066
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/keypad-ec401aee041a200e3dd94ec7982f0f2f.js
216.172.184.77200 OK 809 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/keypad-ec401aee041a200e3dd94ec7982f0f2f.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with very long lines (1213), with CRLF line terminators
Hash 45aebf5c2b18c946a50740e31f811676
6c01eb6f3b907dce39d258b203b96a42703fed00
1e66b8120ad1a52baa0ae15343ec31775bb0329db16ca70927ba1a58e013e782
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/keypad-ec401aee041a200e3dd94ec7982f0f2f.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 809
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/bootstrap-select.js
216.172.184.77200 OK 11 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/bootstrap-select.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (31148), with CRLF, LF line terminators
Hash 79b07f8c5ed334eebcfc3499758a2e17
d33b2949948f61d1835f40a0733bdee35a1505a3
6a90dee90ed1ebac761aa3162c2fc288111664ff4c5e4b62910d18a9463d7e1e
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/bootstrap-select.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 11396
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2
my.navyfederal.org/NFOAA_Auth/resources/images/Group5166-1d62888b4b662af9142e3c385f423f32.svg
104.88.20.141404 Not Found 1.0 kB URL HTTP/1.1 my.navyfederal.org/NFOAA_Auth/resources/images/Group5166-1d62888b4b662af9142e3c385f423f32.svg
IP 104.88.20.141:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 1536cc36842f2165300106001ee4b19a
d3bd2ed7be7778ebb3fef66672f216982e1d2e45
4ece4a1ee577bdbd46f9f55ee93ad77713bdd635c5a547e575f230fca329ae42
GET /NFOAA_Auth/resources/images/Group5166-1d62888b4b662af9142e3c385f423f32.svg HTTP/1.1
Host: my.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
X-Powered-By: Servlet/3.0
X-Frame-Options: DENY
$WSEP:
Last-Modified: Wed, 07 Sep 2022 21:50:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html
Content-Language: en-US
Content-Length: 1018
Date: Thu, 02 Feb 2023 02:03:58 GMT
Connection: keep-alive
Set-Cookie: navyfed-opentoken=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-extracted=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-deviceprint=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-useractive=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-pingolb=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-obo=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
SMSESSION=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
acctsvcs_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=w; path=/; domain=.navyfederal.org; secure
akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=73~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=59fcea7c0fcd855e2dc514df410c2bf5; path=/; Secure; SameSite=None; Domain=.navyfederal.org
akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=98~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=7bbf97b8ceacdc72693b9ef5ee198713; path=/; Secure; SameSite=None; Domain=.navyfederal.org
ak_bmsc=CDAB82DC2A68A555E7A016FD4A6D5527~000000000000000000000000000000~YAAQPDIQYJyHUMaFAQAAZcfdDxLmgofBBhgnjaPoN6CeMJzZUpWnp9vNCRZh/W1ASvjXjZ7AQAyk9Kou1veic/YtHBnItYObsk3Iecrr/6LCDdoeaKln0sW2W85yG8woCJoXrffd7ZW6PG7eix4kUAR9J6sYtC49Uty0J+R6r0UYax1whgjB+xl/5RT5zQzPqO/1ym8pmnYfLLvuyng7TkP3OZffzlt8JdpefCMYB9squLHVhm5kBeDkcr1NL6APZHL/Tbc9elN7wy5PXNH3qvdUtITOrXWp5FBqZSAfeh/yTfh432ZanTkNUcuFXVvAoyOMYKHsIfVkRdo5QNZFFOCCV05dnItaTafTqgBLDRuO/fo7vVjeP3K/scyokUo6vM8myg==; Domain=.navyfederal.org; Path=/; Expires=Thu, 02 Feb 2023 04:03:57 GMT; Max-Age=7199; HttpOnly
Strict-Transport-Security: max-age=31536000
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/api.js
216.172.184.77200 OK 558 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/api.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (850), with no line terminators
Hash 2a0fbeaff401daf7f8d961960efa46c4
8c4c3f2d10be69f7fb0fcb659e9232a03f7d7955
8d6f9522208a16b57d9930f7b2b0d828c91492d747c2d9cdd8915abe57842e63
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/api.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 558
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/login-ec401aee041a200e3dd94ec7982f0f2f.js
216.172.184.77200 OK 1.1 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/login-ec401aee041a200e3dd94ec7982f0f2f.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash ae9cf250ae0e95a05cf79864a6a9733b
f70b5a2eb90895813fcba6d2b7ca0e572f601663
35b41994ff8bc04c6c752e477eceef7f262688ee832891624f2f4b0714d9a6f8
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/login-ec401aee041a200e3dd94ec7982f0f2f.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 1127
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/modal-ec401aee041a200e3dd94ec7982f0f2f.js
216.172.184.77200 OK 3.4 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/modal-ec401aee041a200e3dd94ec7982f0f2f.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 509395c0534009e4764a584a4531ecf6
740964e4c50e24c932a7430faacd895072f70acb
ed5409d2e4c24fcacfb9885676b2e3c93a5f5d9ad00eb4f03c7c036ab62e74e4
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/modal-ec401aee041a200e3dd94ec7982f0f2f.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 3379
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/le2-mtagconfig.js
216.172.184.77200 OK 6.3 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/le2-mtagconfig.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1788)
Hash ff03bc1e2abf22d3fddcddbb66a117f9
92b92a8c319971623952b279773fbb92c6a872ad
1fea4db473f153cd0d025a2a9dd2a675e256c46c4c66faf28aafbeb8eb307279
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/le2-mtagconfig.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 6320
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/img_logo-veterans-1d62888b4b662af9142e3c385f423f32.svg
216.172.184.77200 OK 22 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/img_logo-veterans-1d62888b4b662af9142e3c385f423f32.svg
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2618), with CRLF line terminators
Hash e9412a7e111241810e74c5cf267fb64a
cae22fc983a55384e31ad2a4e43f812bc68efbfc
3e700f9ff93a023fcaee00daeb83062c9492803afc78643532d41d369133f991
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/img_logo-veterans-1d62888b4b662af9142e3c385f423f32.svg HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
content-length: 21962
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
x-endurance-cache-level: 2
content-type: image/svg+xml
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/img-BecomeAMember-1d62888b4b662af9142e3c385f423f32.jpg
216.172.184.77200 OK 186 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/img-BecomeAMember-1d62888b4b662af9142e3c385f423f32.jpg
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1024x500, components 3\012- data
Size 186 kB (185745 bytes)
Hash 71bb90e5a3fb345196f166e4389c4ac1
5687c3c6f0146d9094d49cc6fe4cd5390a170672
ee4321efb356cf875dacf07419eb2649351e5907c159754a94b7b3be02479fe9
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/img-BecomeAMember-1d62888b4b662af9142e3c385f423f32.jpg HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
content-length: 185745
cache-control: max-age=31536000
expires: Fri, 02 Feb 2024 02:03:57 GMT
x-endurance-cache-level: 2
content-type: image/jpeg
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2475
Expires: Thu, 02 Feb 2023 02:45:13 GMT
Date: Thu, 02 Feb 2023 02:03:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2475
Expires: Thu, 02 Feb 2023 02:45:13 GMT
Date: Thu, 02 Feb 2023 02:03:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2475
Expires: Thu, 02 Feb 2023 02:45:13 GMT
Date: Thu, 02 Feb 2023 02:03:58 GMT
Connection: keep-alive
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm
216.172.184.77200 OK 108 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 1a7562ff802f8301970ff574c2e4277f
3532997324bc5f31ad7ad464603226c08ed2eedd
f6a6049d8f3fdd43ab20af67a303f4d00f211e367b5a026384bf0e7283875a0b
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Cookie: s_fid=61E08011D7F4BC4C-038B3B19C2AE7099
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 108
content-type: text/html
date: Thu, 02 Feb 2023 02:03:58 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 42d54c8c12a2f90c448a11bf42800e86
bb66d35435411c825bfcd0a091f33b7d1708191e
3b67d91fbb38e5c47b6ebff53da366b87af3a308e5c588775ac66a808761dbb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 02:03:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 42d54c8c12a2f90c448a11bf42800e86
bb66d35435411c825bfcd0a091f33b7d1708191e
3b67d91fbb38e5c47b6ebff53da366b87af3a308e5c588775ac66a808761dbb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 02:03:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gww-word.com/static/f67c327263eti209967cda713cd843baa
216.172.184.77200 OK 335 B URL HTTP/2 gww-word.com/static/f67c327263eti209967cda713cd843baa
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with very long lines (688), with no line terminators
Hash abcb784e43e1efc28729290bbfd1b8ea
3871864db560c9ad4bdbb0a4d8e2582c95bb32e9
4bda48d670a4722419a3aa793c540e23c6ac0ab210dd8b67083d119d89f7c60e
Analyzer Verdict Alert fortinet Phishing
POST /static/f67c327263eti209967cda713cd843baa HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1005
Origin: https://gww-word.com
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Cookie: s_fid=61E08011D7F4BC4C-038B3B19C2AE7099
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 335
content-type: text/html; charset=UTF-8
date: Thu, 02 Feb 2023 02:03:58 GMT
server: Apache
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3366ef4f8733cb9c89a5c88f63a0a441
7da46843b6d885f38a4759a08e6c899906ab7b97
7114397ee5c251cc5cb46f3433c2cc17ff68a08e0872e227671198e9b61eba0a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: 91987222-d376-4099-a4e9-5f877b5212be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLzO2FSDIAMFktg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ce325e-281a7e062ee3039d42ae8f83;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 07:08:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: SEH32iK4aCkxhxQyu3fSlW8uVM1Oj5hwnl2U09k_THEOdAqdEeVMJw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:03:43 GMT
age: 14415
etag: "7da46843b6d885f38a4759a08e6c899906ab7b97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/storage.htm
216.172.184.77200 OK 17 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/storage.htm
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (32192), with CRLF line terminators
Hash beb16499bbd73c457678fef1d69445e3
6655c3c37e7fb97177c24f937a2959be323217eb
6d9709a66ea5f4e4cd0b2d670e5efb0d71cbcbe79401ad2688a1b32a6ab49c08
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/storage.htm HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Cookie: s_fid=61E08011D7F4BC4C-038B3B19C2AE7099
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 16602
content-type: text/html
date: Thu, 02 Feb 2023 02:03:58 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/img-billboard-BG.svg
216.172.184.77200 OK 335 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/img-billboard-BG.svg
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with very long lines (688), with no line terminators
Hash abcb784e43e1efc28729290bbfd1b8ea
3871864db560c9ad4bdbb0a4d8e2582c95bb32e9
4bda48d670a4722419a3aa793c540e23c6ac0ab210dd8b67083d119d89f7c60e
Analyzer Verdict Alert fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/img-billboard-BG.svg HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css
Cookie: s_fid=61E08011D7F4BC4C-038B3B19C2AE7099
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 335
content-type: text/html; charset=UTF-8
date: Thu, 02 Feb 2023 02:03:58 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/toolTip.svg
216.172.184.77200 OK 335 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/toolTip.svg
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with very long lines (688), with no line terminators
Hash abcb784e43e1efc28729290bbfd1b8ea
3871864db560c9ad4bdbb0a4d8e2582c95bb32e9
4bda48d670a4722419a3aa793c540e23c6ac0ab210dd8b67083d119d89f7c60e
Analyzer Verdict Alert fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/toolTip.svg HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css
Cookie: s_fid=61E08011D7F4BC4C-038B3B19C2AE7099
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 335
content-type: text/html; charset=UTF-8
date: Thu, 02 Feb 2023 02:03:58 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/f67c327263eti209967cda713cd843baa
216.172.184.77200 OK 335 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/f67c327263eti209967cda713cd843baa
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type gzip compressed data, from Unix\012- data
Hash abcb784e43e1efc28729290bbfd1b8ea
3871864db560c9ad4bdbb0a4d8e2582c95bb32e9
4bda48d670a4722419a3aa793c540e23c6ac0ab210dd8b67083d119d89f7c60e
Analyzer Verdict Alert fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/f67c327263eti209967cda713cd843baa HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
content-length: 72012
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
x-endurance-cache-level: 2
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdd8c5ba-bd1b-4dda-ae36-680f02b388f8.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdd8c5ba-bd1b-4dda-ae36-680f02b388f8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b91a1323efe4b01a2d1a2e8485117934
43d04a554f6ef512e7b21ac09287efc0e4e5efee
393e3ab81aee9fda022d06c25789be66e56aaf56f81b0514ab5dfec445087bdf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdd8c5ba-bd1b-4dda-ae36-680f02b388f8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10807
x-amzn-requestid: 9fff89ce-35f7-4b09-b766-6e65b4586c10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJ5PHm7oAMFdfw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bd07-0ed090976c8a74542e225f4c;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Hhd99jugAUeT4SMDkgOSFkc9q5jWXE0qAq51OVq8ct4juyFrYH0IhA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 07:23:30 GMT
age: 67228
etag: "43d04a554f6ef512e7b21ac09287efc0e4e5efee"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/icons.png
216.172.184.77200 OK 335 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/icons.png
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with very long lines (688), with no line terminators
Hash abcb784e43e1efc28729290bbfd1b8ea
3871864db560c9ad4bdbb0a4d8e2582c95bb32e9
4bda48d670a4722419a3aa793c540e23c6ac0ab210dd8b67083d119d89f7c60e
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/icons.png HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css
Cookie: s_fid=61E08011D7F4BC4C-038B3B19C2AE7099
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 335
content-type: text/html; charset=UTF-8
date: Thu, 02 Feb 2023 02:03:58 GMT
server: Apache
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab614ba-4572-4b54-9079-a26b68b1ece7.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab614ba-4572-4b54-9079-a26b68b1ece7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6bb5b89e738516f4862491eec286bf6d
8fb46b9ca85f2c578eb2a56d0007859183e12209
7f164a37b675bf39f8473392b07a2a383397da003303965fb190fd4f455bb43b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab614ba-4572-4b54-9079-a26b68b1ece7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15051
x-amzn-requestid: 72a3f2ae-538e-40dc-9496-86c28334ba0d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc6jGTAIAMFy4A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb76-72178ed13a2e70d462785b90;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CKTfQzCvXa4oL6Lm2n8Rw_9Uhj69YfgpDTP9s0zoaX5qW1vcqWIXDA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:54:58 GMT
age: 14940
etag: "8fb46b9ca85f2c578eb2a56d0007859183e12209"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15948, version 1.0\012- data
Hash c85615b296302af51e683eecb5e371d4
ff7c20b0947804c607759aa46eab666d94cf12ea
efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309
GET /s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gww-word.com
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15948
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 00:46:18 GMT
expires: Fri, 02 Feb 2024 00:46:18 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 15 Sep 2020 18:10:32 GMT
content-type: font/woff2
age: 4660
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ff2ba7c-95eb-402b-8e98-e95f8ac322aa.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ff2ba7c-95eb-402b-8e98-e95f8ac322aa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0f85742f336de59ca88f7f964a8b33f4
0fc7177f8cb06421a8807e93989f651bda743567
fbd5fd39c39c218b0fa956f8cb8050cbdbfcb109a92303f6175d73cc8c339526
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ff2ba7c-95eb-402b-8e98-e95f8ac322aa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8642
x-amzn-requestid: f47f7616-41aa-4983-8ada-20f6f0b6856b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frfXtHkUoAMFr1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadf64-083a903959cdab540bd38265;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:53:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UqoeSWse0jZAC3IEIWk5fj9q_4xsAoZRkn67U4m2L5NkayHxsAYmlA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:00:35 GMT
age: 14603
etag: "0fc7177f8cb06421a8807e93989f651bda743567"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 16112, version 1.0\012- data
Hash 899c8f78ce650d4009d42443897aa723
d2e2faa9780b7fca5a5cb20a853dd7df55b3101e
a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199
GET /s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gww-word.com
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16112
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Jan 2023 18:56:43 GMT
expires: Sat, 27 Jan 2024 18:56:43 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 15 Sep 2020 18:10:09 GMT
content-type: font/woff2
age: 457635
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F868f7eb5-a922-48b3-b59c-21db2389409e.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F868f7eb5-a922-48b3-b59c-21db2389409e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6790e3bf4d10b1ffba32a22dc588c640
cdae35517dfea800134393a1095f44462bc428a5
4f4132588ee7337fff24da64b89e43b277c4ef0a2646acfba37aea08fc0f4256
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F868f7eb5-a922-48b3-b59c-21db2389409e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9416
x-amzn-requestid: acc48967-4cc1-4bfd-bc33-7bcefd8e6547
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdKVGjqIAMFa2w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadbdb-1d1cd4de0a30760e792d32e5;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:38:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: byLFLKpRZa_blxNi2wh_ft4Ule-zNiZtSih_Quv-9BgKS87Y-wJlTA==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:00:40 GMT
age: 14598
etag: "cdae35517dfea800134393a1095f44462bc428a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 395bb0f71f9eba82f5ca23548d08900f
b1fada280c7ea3eb775a6fa46ce173a51eb045f5
7443babb69532e1ee3ee779e05ad4f62de2c5bf62548bcb5702f8290a527664c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11367
x-amzn-requestid: 67702c15-9a68-46ec-95e5-efb57f08e2f1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5OGfBoAMF3Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6e-033182ba55fdd0230ad5a270;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Ybz4mmNUwsKOkpz6GFm4nLz7iGX5gJ--EiUjqrs8G92GBLn6qaF7IQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:57:51 GMT
age: 14767
etag: "b1fada280c7ea3eb775a6fa46ce173a51eb045f5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 42d54c8c12a2f90c448a11bf42800e86
bb66d35435411c825bfcd0a091f33b7d1708191e
3b67d91fbb38e5c47b6ebff53da366b87af3a308e5c588775ac66a808761dbb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 02:03:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm
216.172.184.77200 OK 108 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 1a7562ff802f8301970ff574c2e4277f
3532997324bc5f31ad7ad464603226c08ed2eedd
f6a6049d8f3fdd43ab20af67a303f4d00f211e367b5a026384bf0e7283875a0b
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Cookie: s_fid=61E08011D7F4BC4C-038B3B19C2AE7099
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 108
content-type: text/html
date: Thu, 02 Feb 2023 02:03:58 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm
216.172.184.77200 OK 108 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 1a7562ff802f8301970ff574c2e4277f
3532997324bc5f31ad7ad464603226c08ed2eedd
f6a6049d8f3fdd43ab20af67a303f4d00f211e367b5a026384bf0e7283875a0b
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Cookie: s_fid=61E08011D7F4BC4C-038B3B19C2AE7099
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 108
content-type: text/html
date: Thu, 02 Feb 2023 02:03:58 GMT
server: Apache
X-Firefox-Spdy: h2
my.navyfederal.org/NFOAA_Auth/resources/images/Group5166-1d62888b4b662af9142e3c385f423f32.svg
104.88.20.141404 Not Found 1.0 kB URL HTTP/1.1 my.navyfederal.org/NFOAA_Auth/resources/images/Group5166-1d62888b4b662af9142e3c385f423f32.svg
IP 104.88.20.141:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 1536cc36842f2165300106001ee4b19a
d3bd2ed7be7778ebb3fef66672f216982e1d2e45
4ece4a1ee577bdbd46f9f55ee93ad77713bdd635c5a547e575f230fca329ae42
GET /NFOAA_Auth/resources/images/Group5166-1d62888b4b662af9142e3c385f423f32.svg HTTP/1.1
Host: my.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=98~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=7bbf97b8ceacdc72693b9ef5ee198713
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
X-Powered-By: Servlet/3.0
X-Frame-Options: DENY
$WSEP:
Last-Modified: Wed, 07 Sep 2022 21:50:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html
Content-Language: en-US
Content-Length: 1018
Date: Thu, 02 Feb 2023 02:03:58 GMT
Connection: keep-alive
Set-Cookie: navyfed-opentoken=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-extracted=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-deviceprint=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-useractive=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-pingolb=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-obo=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
SMSESSION=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
acctsvcs_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=w; path=/; domain=.navyfederal.org; secure
ak_bmsc=D1D84555438B828D38F1716C7CE52070~000000000000000000000000000000~YAAQPDIQYJ2HUMaFAQAASsndDxJHOeBQSH2KUQ1xyvvYay3lzmhmD4KWZl5DJ9LsuswE9OsHr8aadboWuRxIG/y86GrOY+De0PXH/ZE9AcI1sNMIAXxMs4yb7TTZkvbMMMy/cOsru/1yIsxPKuHIkGgLnryQbdou+A6YFES2uyMBmhmEVkh6OME9EIJI+jS99J8jDBX5SmAAv5t1s4mbFk/jchv7z9spiu4onYBhSviMkd4xIy8HIH/rbtyApebJ7XKlZn8EPln1lrnI9W9CaRh+UscVGdYN4fldhWfnN/NOMnOIpiSA9/B98asEjWTHViKiXb/rmYs0AeI6jtgcOCnhDS2HjTWvLbWrYYpKMqFZ29tvqONDE+TIus3suKhxev9eiQ==; Domain=.navyfederal.org; Path=/; Expires=Thu, 02 Feb 2023 04:03:58 GMT; Max-Age=7200; HttpOnly
Strict-Transport-Security: max-age=31536000
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/nfcu-icons.ttf
216.172.184.77200 OK 335 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/nfcu-icons.ttf
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with very long lines (688), with no line terminators
Hash abcb784e43e1efc28729290bbfd1b8ea
3871864db560c9ad4bdbb0a4d8e2582c95bb32e9
4bda48d670a4722419a3aa793c540e23c6ac0ab210dd8b67083d119d89f7c60e
Analyzer Verdict Alert fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/nfcu-icons.ttf HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css
Cookie: s_fid=61E08011D7F4BC4C-038B3B19C2AE7099
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 335
content-type: text/html; charset=UTF-8
date: Thu, 02 Feb 2023 02:03:58 GMT
server: Apache
X-Firefox-Spdy: h2
my.navyfederal.org/NFOAA_Auth/resources/images/Group5158-1d62888b4b662af9142e3c385f423f32.svg
104.88.20.141404 Not Found 1.0 kB URL HTTP/1.1 my.navyfederal.org/NFOAA_Auth/resources/images/Group5158-1d62888b4b662af9142e3c385f423f32.svg
IP 104.88.20.141:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 1536cc36842f2165300106001ee4b19a
d3bd2ed7be7778ebb3fef66672f216982e1d2e45
4ece4a1ee577bdbd46f9f55ee93ad77713bdd635c5a547e575f230fca329ae42
GET /NFOAA_Auth/resources/images/Group5158-1d62888b4b662af9142e3c385f423f32.svg HTTP/1.1
Host: my.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=98~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=7bbf97b8ceacdc72693b9ef5ee198713
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
X-Powered-By: Servlet/3.0
X-Frame-Options: DENY
$WSEP:
Last-Modified: Wed, 07 Sep 2022 21:50:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html
Content-Language: en-US
Content-Length: 1018
Date: Thu, 02 Feb 2023 02:03:58 GMT
Connection: keep-alive
Set-Cookie: navyfed-opentoken=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-extracted=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-deviceprint=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-useractive=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-pingolb=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-obo=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
SMSESSION=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
acctsvcs_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=w; path=/; domain=.navyfederal.org; secure
ak_bmsc=03011ECE20F40FCC6DC1F63D9472E192~000000000000000000000000000000~YAAQPDIQYJ6HUMaFAQAAZMndDxKhJnNg7ZmMU/KdyGTc3XgVKnE9W6fT/4O9sA6FSk21Zd3/bv9JmpeGFTm0jLHEufk5sqQ0Fzq1PqbOpqiQl4xubUrFY7qkmLXg4QVjjFa1G6ejF8NsP0xz0CBadBnKZFvf/y70U0LdDN8+rocv3R9wtErw9SOu+E5sLFMwyM9L/ZPIxk7XFpCtwtbjPPvaW5PbfXtcU97SsTOZ3BNQ7wkfvL+J2rI/PW7U6t+SJA5IZKyER+KgDQrCr4cg9VFQVH7cvq4svr7XDo4aNmMr6ls+Wwjd0dxXobHuh6+8FZMyeZf1iUDxnM2H0SfS0mIbtuaRxFs80Yy0Z1gcvry6skyj2yH6qbAAHgpz3UH75qWgNA==; Domain=.navyfederal.org; Path=/; Expires=Thu, 02 Feb 2023 04:03:58 GMT; Max-Age=7200; HttpOnly
Strict-Transport-Security: max-age=31536000
my.navyfederal.org/NFOAA_Auth/resources/images/contact-us-1d62888b4b662af9142e3c385f423f32.svg
104.88.20.141404 Not Found 1.0 kB URL HTTP/1.1 my.navyfederal.org/NFOAA_Auth/resources/images/contact-us-1d62888b4b662af9142e3c385f423f32.svg
IP 104.88.20.141:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 1536cc36842f2165300106001ee4b19a
d3bd2ed7be7778ebb3fef66672f216982e1d2e45
4ece4a1ee577bdbd46f9f55ee93ad77713bdd635c5a547e575f230fca329ae42
GET /NFOAA_Auth/resources/images/contact-us-1d62888b4b662af9142e3c385f423f32.svg HTTP/1.1
Host: my.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=98~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=7bbf97b8ceacdc72693b9ef5ee198713
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
X-Powered-By: Servlet/3.0
X-Frame-Options: DENY
$WSEP:
Last-Modified: Wed, 07 Sep 2022 21:50:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html
Content-Language: en-US
Content-Length: 1018
Date: Thu, 02 Feb 2023 02:03:58 GMT
Connection: keep-alive
Set-Cookie: navyfed-opentoken=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-extracted=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-deviceprint=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-useractive=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-pingolb=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-obo=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
SMSESSION=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
acctsvcs_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=w; path=/; domain=.navyfederal.org; secure
ak_bmsc=C37BFAB91F5B5F909AE8B56F59DDB7A7~000000000000000000000000000000~YAAQPDIQYJ+HUMaFAQAAjMndDxKCNcC8o0AX7m5oyibfMzHQvhKlQp7yewpauWMsVEhJmbt8Mf3J7U/+YC7nJYL8z56xoBVtO+2A+htj1IfU75m13xRS9glqwrl9DTBITr7NnOFRaGrVNwK5QeBLdGzmxNUI7M2X2qBhirid1Phfg+qruNOpXlR08AmKrVNzrbnfw4LS5+CSxo5DvHX8pnpyKpNkUo4I8gHutvAYaJe2WMWi5R+BnXXhQr3GWhBC3XF2V3Cxg30rBBEYZ6hjKejV76vn1ZOXKrKFsRbPQ2HzMMjrkSnM6mg6n9IeL5LYZz69/Drx3J20zVZVPMdICbIa2yFHKKVW72J+3s/dTVIMnEZsbPKewMoYmOCsNt0FPLDs7w==; Domain=.navyfederal.org; Path=/; Expires=Thu, 02 Feb 2023 04:03:58 GMT; Max-Age=7200; HttpOnly
Strict-Transport-Security: max-age=31536000
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 00014a5c06c7745309f74c5b7be00586
76341f113c35c10afe1d527340cf205dce9c5595
9ac845fcd050af72032d650cfad2b35508d3d316a5d97f72296fe32e7eb88007
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 02:03:58 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 31 Jan 2023 02:32:15 GMT
Expires: Tue, 07 Feb 2023 02:32:14 GMT
Etag: "76341f113c35c10afe1d527340cf205dce9c5595"
Cache-Control: max-age=433095,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792f5a7bca26b527-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 00014a5c06c7745309f74c5b7be00586
76341f113c35c10afe1d527340cf205dce9c5595
9ac845fcd050af72032d650cfad2b35508d3d316a5d97f72296fe32e7eb88007
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 02:03:58 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 31 Jan 2023 02:32:15 GMT
Expires: Tue, 07 Feb 2023 02:32:14 GMT
Etag: "76341f113c35c10afe1d527340cf205dce9c5595"
Cache-Control: max-age=433095,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792f5a7bcae5b50f-OSL
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/sourcesanspro-semibold-webfont.woff2
216.172.184.77200 OK 1.7 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/sourcesanspro-semibold-webfont.woff2
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 79f3f11bb34524117e1303520a45eb64
62fba9e0625ce0ba24d345e7e3eb36a195081ec5
fdc33691e22bbfa9163e162bd3c7b310a1f3a806ff247fd9ab61847ce385125e
Analyzer Verdict Alert fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/sourcesanspro-semibold-webfont.woff2 HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css
Cookie: s_fid=61E08011D7F4BC4C-038B3B19C2AE7099
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:58 GMT
vary: Accept-Encoding
x-endurance-cache-level: 2
content-type: text/html; charset=UTF-8
date: Thu, 02 Feb 2023 02:03:58 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/static/f67c327263eti209967cda713cd843baa
216.172.184.77200 OK 335 B URL HTTP/2 gww-word.com/static/f67c327263eti209967cda713cd843baa
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with very long lines (688), with no line terminators
Hash abcb784e43e1efc28729290bbfd1b8ea
3871864db560c9ad4bdbb0a4d8e2582c95bb32e9
4bda48d670a4722419a3aa793c540e23c6ac0ab210dd8b67083d119d89f7c60e
Analyzer Verdict Alert fortinet Phishing
POST /static/f67c327263eti209967cda713cd843baa HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1260
Origin: https://gww-word.com
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Cookie: s_fid=61E08011D7F4BC4C-038B3B19C2AE7099
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:58 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 335
content-type: text/html; charset=UTF-8
date: Thu, 02 Feb 2023 02:03:58 GMT
server: Apache
X-Firefox-Spdy: h2
my.navyfederal.org/NFOAA_Auth/favicon.ico
104.88.20.141200 OK 351 B URL HTTP/1.1 my.navyfederal.org/NFOAA_Auth/favicon.ico
IP 104.88.20.141:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 1ff701ad319400203220d48758838e99
e603d649127b743e4c32988dd40cde0c0924c11b
4bb25e1c20ad9bb64afc21206c14f5c25140a4056b8bddc06ac554559d59c71e
GET /NFOAA_Auth/favicon.ico HTTP/1.1
Host: my.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=98~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=7bbf97b8ceacdc72693b9ef5ee198713
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
X-Frame-Options: DENY
Last-Modified: Wed, 07 Sep 2022 21:50:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: image/x-icon
Content-Language: en-US
Content-Length: 351
Date: Thu, 02 Feb 2023 02:03:59 GMT
Connection: keep-alive
Set-Cookie: my_dc=w; path=/; domain=.navyfederal.org; secure
Strict-Transport-Security: max-age=31536000
accdn.lpsnmedia.net/api/account/11478817/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
178.249.101.99200 OK 2.1 kB URL HTTP/2 accdn.lpsnmedia.net/api/account/11478817/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
IP 178.249.101.99:0
Hash 72025f56570bbb145acfc4ce49161aae
b3309919ddfb1782076095e5f12d5fd1c7b2b128
8c0ee2111a5492ebbbdb8f0df84196d3323506a8927d692e1d234ae384a61f31
GET /api/account/11478817/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 02:03:58 GMT
content-type: application/javascript
set-cookie: ADRUM_BTa=R:21|g:d8282e3c-544b-40a3-8ef7-a8044423fcdf; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:28 GMT; Path=/
ADRUM_BTa=R:21|g:d8282e3c-544b-40a3-8ef7-a8044423fcdf|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:28 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:28 GMT; Path=/; Secure
ADRUM_BT1=R:21|i:2241585; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:28 GMT; Path=/
ADRUM_BT1=R:21|i:2241585|e:10; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:28 GMT; Path=/
vary: Accept
expires: Thu, 02 Feb 2023 02:04:58 GMT
x-envoy-upstream-service-time: 1
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: EXPIRED
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d153ba1d9f8522d8c456a98d4f7d1301
7a3a518230e65b90766883aacd1956b98dba8c69
78ae39af04d498d314a642da1d6f2452d2ed012c54eb7ea27087340db422b6f7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 02:03:59 GMT
Etag: "63da070a-1d7"
Server: ECS (amb/6B8D)
Content-Length: 471
my.navyfederal.org/NFOAA_Auth/resources/images/apple-touch-icon-72x72-precomposed-1d62888b4b662af9142e3c385f423f32.png
104.88.20.141404 Not Found 1.9 kB URL HTTP/1.1 my.navyfederal.org/NFOAA_Auth/resources/images/apple-touch-icon-72x72-precomposed-1d62888b4b662af9142e3c385f423f32.png
IP 104.88.20.141:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 726ecf2df6a19b5a3c655e4941eb5135
1fdf86a26d04338d4f5394cc852a5c8387d95048
d3ba0f9d4c73e11ca995ac01df41b72c0ba60290454319cac7232e90c535a98e
GET /NFOAA_Auth/resources/images/apple-touch-icon-72x72-precomposed-1d62888b4b662af9142e3c385f423f32.png HTTP/1.1
Host: my.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=98~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=7bbf97b8ceacdc72693b9ef5ee198713
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
X-Powered-By: Servlet/3.0
X-Frame-Options: DENY
$WSEP:
Last-Modified: Wed, 07 Sep 2022 21:50:18 GMT
Content-Length: 1941
Content-Type: text/html
Content-Language: en-US
Date: Thu, 02 Feb 2023 02:03:59 GMT
Connection: keep-alive
Set-Cookie: navyfed-opentoken=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-extracted=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-deviceprint=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-useractive=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-pingolb=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-obo=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
SMSESSION=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
acctsvcs_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=w; path=/; domain=.navyfederal.org; secure
ak_bmsc=7B599F0CEAA859C75B78671DC8FB7FEB~000000000000000000000000000000~YAAQPDIQYKCHUMaFAQAACszdDxKXiFFwX3epMhVvQY7qipvwvEtXnO3XvyjRPDC2TFFfe/gMNv+IKjj9h94tKO48pD6haGBIE5n14N5IcK9IiHRz98M1tCHBAMNpNIsCmR+q92uENzjqQAd8CUDKYKUS4DzWLtPPLX33Uk8y9uvSceyu5suPjnaHQ2FG8cyuqVlksLPsC6JNbA4gxzpvb6/RbbrJCjGkXUEvbOOnxBI/v8u/Tq4Zmm1MkpC8psCPoaFqK0To45L8DO5venS0nOKMAsTqP+fJBqJ3n0rYpDopyAQZMmJuRqrkn7Tv2Fkek3N1T557SBDvropYbG7yd0WqgLczjKmuwCkOHYU/VLcSiLMpfVUI+Rd5ybrQSUOoaObfHQ==; Domain=.navyfederal.org; Path=/; Expires=Thu, 02 Feb 2023 04:03:59 GMT; Max-Age=7200; HttpOnly
Strict-Transport-Security: max-age=31536000
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash d97ed0916d168d58352b521432ab7028
61b617b33e1a72cef8c8d39e73b3f9418882abd0
8cbb1c9c21a8c2bbbcaa84a79e86f9f8005e01909885a3fab8b00088a047edf6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 02:03:59 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 03:43:28 GMT
Expires: Wed, 08 Feb 2023 03:43:27 GMT
Etag: "61b617b33e1a72cef8c8d39e73b3f9418882abd0"
Cache-Control: max-age=523767,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792f5a7eccd3b50f-OSL
accdn.lpsnmedia.net/api/account/11478817/configuration/setting/accountproperties/?cb=lpCb58086x65116
178.249.101.99200 OK 2.1 kB URL HTTP/2 accdn.lpsnmedia.net/api/account/11478817/configuration/setting/accountproperties/?cb=lpCb58086x65116
IP 178.249.101.99:0
Hash 93349a7e7bb9bfa5d1bdc1c2eb0391ca
409f06bd080c7417a23bb85cff8c725a0c580238
30babf908b28e436cf307c946e0aefbfc0f4f671205c8ef8c33211f1c6d71856
GET /api/account/11478817/configuration/setting/accountproperties/?cb=lpCb58086x65116 HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 02:03:58 GMT
content-type: application/javascript
set-cookie: ADRUM_BTa=R:21|g:1d929125-bf23-4177-9d35-dab4f240055f; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:28 GMT; Path=/
ADRUM_BTa=R:21|g:1d929125-bf23-4177-9d35-dab4f240055f|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:28 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:28 GMT; Path=/; Secure
ADRUM_BT1=R:21|i:2241585; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:28 GMT; Path=/
ADRUM_BT1=R:21|i:2241585|e:11; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:28 GMT; Path=/
vary: Accept
expires: Thu, 02 Feb 2023 02:04:58 GMT
x-envoy-upstream-service-time: 1
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: EXPIRED
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
lptag.liveperson.net/tag/tag.js?site=11478817
178.249.101.23200 OK 7.6 kB URL HTTP/2 lptag.liveperson.net/tag/tag.js?site=11478817
IP 178.249.101.23:0
File type ASCII text, with very long lines (21707), with no line terminators
Hash 73fffd7c64707f625983cd93bc412dca
f001f558aa7ae9281baa111933728d47185e00bd
520582f871580aa30933c2b10be35b68c2cd1f3631addb4d8dcae9bd8c51b3df
GET /tag/tag.js?site=11478817 HTTP/1.1
Host: lptag.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 02:03:59 GMT
content-type: application/javascript
content-length: 7588
last-modified: Wed, 07 Dec 2022 20:20:28 GMT
etag: "6390f58c-1da4"
content-encoding: gzip
server: ws
strict-transport-security: max-age=63072000; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
cache-control: public, max-age=630
x-content-type-options: nosniff
X-Firefox-Spdy: h2
rnemsg.navyfederal.org/ci/pta/logout
147.154.117.92302 Found 25 B URL HTTP/1.1 rnemsg.navyfederal.org/ci/pta/logout
IP 147.154.117.92:0
ASN #31898 ORACLE-BMC-31898
Hash 3f8372f15e761c5f9e4ed6515f744df3
81a6e71371d2a46f6116e045fce6feb258b2d9f3
61c08f21cca5983f6f115bd91b9cc97bd29ef835d1cabed197d79fa7e1e7bd76
GET /ci/pta/logout HTTP/1.1
Host: rnemsg.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=98~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=7bbf97b8ceacdc72693b9ef5ee198713
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Thu, 02 Feb 2023 02:03:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
F5_do_compression: yes
Content-Encoding: gzip
RNT-JN-Ext-Machine: 43.4
Strict-Transport-Security: max-age=31536000
Set-Cookie: cp_session=fU6u9_oQJi36_~dHNkPie8teTsHxy29FW0241Lzj7eOlvZ~oQYbBatRYRuY5hpDBqnlba9mYGs1hxgBa9lH5DR3rKfDuMcLhsHO2izmbj74Ff4_rGIdJPj7yukjBbg9tPmEMlZIF11EYdXoI4jstgiqRe0f~~EY_gq_Cm5rtCFnf6pIqalldYNCeiVh9Ue6zShRY0g_nN3~Let0HmgrYwweQH6Z6FQH0VtEySFsnSPvXq1OjiWs41iyV1TeSFXCKDeSIm6ns_ZhtjRFTbrQRekbokvqbp8nL1dHYzcBYg~tRblNxu0SXy4OGhnrOz20mtzkIr07U_DHWEcqEzhgPAJEceJ6b5ivk_DzAVe7KR2I2U7jhdtg8R9czEsyiOOgrnvSQX6iC6RyQQx2ZxxfrUxJOz6_Zmp~vFMVQGX85Pub1APFh_4fJPjgFzgOntEfMik2ipny_cQrgH8YxCxpbpT1ukXBe_0Zv1EOkinKLN9nhSw9Q77ce8LcQ!!; path=/; httponly; SameSite=None; Secure
cp_session=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
RNT-JN-Ext-UUID: 45c84b1a-7619-4f04-ad2a-27bd36da7b2b
RNT-Time: D=186133 t=1675303439208463
Location: https://www.navyfederal.org/images/spacer.gif
RNT-Machine: 0.84
www.navyfederal.org/images/spacer.gif
104.110.18.91301 Moved Permanently 0 B URL HTTP/2 www.navyfederal.org/images/spacer.gif
IP 104.110.18.91:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /images/spacer.gif HTTP/1.1
Host: www.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gww-word.com/
Connection: keep-alive
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=98~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=7bbf97b8ceacdc72693b9ef5ee198713
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: AkamaiGHost
content-length: 0
location: https://web.navyfederal.org/images/spacer.gif
cache-control: max-age=86400
expires: Fri, 03 Feb 2023 02:03:59 GMT
date: Thu, 02 Feb 2023 02:03:59 GMT
permissions-policy: interest-cohort=()
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
web.navyfederal.org/images/spacer.gif
104.110.18.91200 OK 43 B URL HTTP/2 web.navyfederal.org/images/spacer.gif
IP 104.110.18.91:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /images/spacer.gif HTTP/1.1
Host: web.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gww-word.com/
Connection: keep-alive
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=98~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=7bbf97b8ceacdc72693b9ef5ee198713
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Sun, 02 Jun 2013 10:22:19 GMT
etag: "2b-4de29390cacc0"
accept-ranges: bytes
content-length: 43
cache-control: max-age=7776000
expires: Wed, 19 Oct 2022 10:22:27 GMT
content-type: image/gif
date: Thu, 02 Feb 2023 02:03:59 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 81353767dd5ca7d4a52e8c553358f007
9a85056d5f47ef4757ecb2dae139ac058b147cb4
ba6dc780c83cc6bd42288ebdad8a8cf468d8f551680ab2441026ed9fb21c5d82
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 02:04:01 GMT
Server: ECS (amb/6B80)
Content-Length: 471
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 04baa2d73afb558b508f0533cf639e6b
28724e2db58f79c83817c3569a6c26ff04269708
68c423f13afe5792588d6638dbece45dbc5e793876e4527a95fad14aec79699f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 02:04:02 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 30 Jan 2023 23:37:43 GMT
Expires: Mon, 06 Feb 2023 23:37:42 GMT
Etag: "28724e2db58f79c83817c3569a6c26ff04269708"
Cache-Control: max-age=422619,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792f5a951ef1b50f-OSL
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d335250-c4ff-42af-b9c2-48711573ab39.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d335250-c4ff-42af-b9c2-48711573ab39.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 86664b4d1fc27ba7b5bff8a245604326
b8c7ef73101a497b6c78ad59aafe66a391fdc3fa
e4596faadf14051299036a79632951d90183dd0635293687edef11985799a752
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d335250-c4ff-42af-b9c2-48711573ab39.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 4814
x-amzn-requestid: 90da23ab-2c54-40ec-8e26-bdf4eeb1e27b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdKWFpvoAMFyPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadbdb-70c4cb89413ed6bd44731d76;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:38:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: axFfTgcGtvqt1RcbyLpovD5Fr7J2Wx9pNwb92m2rwTdj-sGp0bIq-Q==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:59:10 GMT
age: 14695
etag: "b8c7ef73101a497b6c78ad59aafe66a391fdc3fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
liveengage.navyfederal.org/le_secure_storage/3.11.0.2-release_5036/storage.secure.min.html?loc=https%3A%2F%2Fgww-word.com&site=11478817&env=prod
178.249.97.98200 OK 0 B URL HTTP/2 liveengage.navyfederal.org/le_secure_storage/3.11.0.2-release_5036/storage.secure.min.html?loc=https%3A%2F%2Fgww-word.com&site=11478817&env=prod
IP 178.249.97.98:0
GET /le_secure_storage/3.11.0.2-release_5036/storage.secure.min.html?loc=https%3A%2F%2Fgww-word.com&site=11478817&env=prod HTTP/1.1
Host: liveengage.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=98~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=7bbf97b8ceacdc72693b9ef5ee198713
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 02:04:02 GMT
content-type: text/html
last-modified: Tue, 29 Sep 2020 18:27:10 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Fri, 02 Feb 2024 02:04:02 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: MISS
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/recaptcha__en.js
216.172.184.77200 OK 0 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/recaptcha__en.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/recaptcha__en.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/nfcu-icons.woff
216.172.184.77200 OK 0 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/nfcu-icons.woff
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/nfcu-icons.woff HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css
Cookie: s_fid=61E08011D7F4BC4C-038B3B19C2AE7099
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Thu, 02 Feb 2023 02:08:58 GMT
vary: Accept-Encoding
x-endurance-cache-level: 2
content-type: text/html; charset=UTF-8
date: Thu, 02 Feb 2023 02:03:58 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a.js
216.172.184.77200 OK 0 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/jquery-ec401aee041a200e3dd94ec7982f0f2f.js
216.172.184.77200 OK 0 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/jquery-ec401aee041a200e3dd94ec7982f0f2f.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/jquery-ec401aee041a200e3dd94ec7982f0f2f.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2
va.v.liveperson.net/api/js/11478817?&cb=lpCb15372x82689&t=sp&ts=1675303466387&pid=5076385291&tid=2225793849&pt=Navy%20Federal%20Credit%20Union%20-%20Our%20Members%20are%20the%20Mission%EF%BF%BD&u=https%3A%2F%2Fgww-word.com%2Fwp-admin%2Fusr%2Fbbfcdb0c114ac68edb0d8796b68c9baf%2F&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%5D
208.89.12.87200 OK 0 B URL HTTP/2 va.v.liveperson.net/api/js/11478817?&cb=lpCb15372x82689&t=sp&ts=1675303466387&pid=5076385291&tid=2225793849&pt=Navy%20Federal%20Credit%20Union%20-%20Our%20Members%20are%20the%20Mission%EF%BF%BD&u=https%3A%2F%2Fgww-word.com%2Fwp-admin%2Fusr%2Fbbfcdb0c114ac68edb0d8796b68c9baf%2F&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%5D
IP 208.89.12.87:0
GET /api/js/11478817?&cb=lpCb15372x82689&t=sp&ts=1675303466387&pid=5076385291&tid=2225793849&pt=Navy%20Federal%20Credit%20Union%20-%20Our%20Members%20are%20the%20Mission%EF%BF%BD&u=https%3A%2F%2Fgww-word.com%2Fwp-admin%2Fusr%2Fbbfcdb0c114ac68edb0d8796b68c9baf%2F&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%5D HTTP/1.1
Host: va.v.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 02:04:03 GMT
content-type: application/javascript
set-cookie: LPVisitorID=QzZTMzZTViNDE2NWNkZWJl; Expires=Fri, 02-Feb-2024 02:04:03 GMT; Path=/; HttpOnly
LPSessionID=glvvnzB-Ry2jJVqa2H-Nhw; Path=/api/js/11478817; HttpOnly
cache-control: no-store
server: ws
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2
lptag.liveperson.net/lptag/api/account/11478817/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3
178.249.101.23200 OK 0 B URL HTTP/2 lptag.liveperson.net/lptag/api/account/11478817/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3
IP 178.249.101.23:0
GET /lptag/api/account/11478817/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3 HTTP/1.1
Host: lptag.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 02:03:59 GMT
content-type: application/x-javascript
set-cookie: ADRUM_BTa=R:21|g:eed3ac11-58ec-45f9-b59b-d9b9dbd3e72a; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:29 GMT; Path=/
ADRUM_BTa=R:21|g:eed3ac11-58ec-45f9-b59b-d9b9dbd3e72a|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:29 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:29 GMT; Path=/; Secure
ADRUM_BT1=R:21|i:1758155; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:29 GMT; Path=/
ADRUM_BT1=R:21|i:1758155|e:2; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:29 GMT; Path=/
ADRUM_BT1=R:21|i:1758155|e:2|d:3; Max-Age=30; Expires=Thu, 02-Feb-2023 02:04:29 GMT; Path=/
cache-control: public, max-age=630
server: ws
strict-transport-security: max-age=63072000; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: MISS
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css
216.172.184.77200 OK 0 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Sat, 04 Mar 2023 02:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-type: text/css
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/s_code.js
216.172.184.77200 OK 0 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/s_code.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/s_code.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 08:03:57 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-type: application/javascript
date: Thu, 02 Feb 2023 02:03:57 GMT
server: Apache
X-Firefox-Spdy: h2