gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
216.172.184.77301 Moved Permanently 290 B URL HTTP/1.1 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 45f4f1fe2b5a83a0a42e3b68593555a6
81003e4ba8ab512fd6dd590548093d8e3f8a5290
9c560062e3e78aed428599ae476937a8f7475a580ec3ecadd4df56932c052fd6
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173 HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 01 Feb 2023 18:35:51 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
Location: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Cache-Control: max-age=300
Expires: Wed, 01 Feb 2023 18:40:51 GMT
Content-Length: 290
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 62de35a6c8e4efd7633fc5236b5b086f
6a92912a86dfcd0330d040cef06bef36889c76ab
ebb8ca05df5ba73b92174105d54d192a8d9e3e10fba48bf96161b0cb759220ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EBB8CA05DF5BA73B92174105D54D192A8D9E3E10FBA48BF96161B0CB759220EC"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19152
Expires: Wed, 01 Feb 2023 23:55:03 GMT
Date: Wed, 01 Feb 2023 18:35:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash d2e72d45afe3d391c204b5391599607c
149d68b9d00a720b6f380fa2324779dca9dbe26d
f6f1c295c68dfebadacb1fc812b44e01c7ede0e203615ef3e2cced2ce2251e7e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6F1C295C68DFEBADACB1FC812B44E01C7EDE0E203615EF3E2CCED2CE2251E7E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2582
Expires: Wed, 01 Feb 2023 19:18:53 GMT
Date: Wed, 01 Feb 2023 18:35:51 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 01 Feb 2023 17:43:25 GMT
content-type: application/json
age: 3146
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 09ee4b0fe6cf4ca5ed31b24452338d00
7e62b6e20f0d4737f4a8d94f9818a0883027839e
56da08e18a408d7313de4e598984a251a0ecf85bbba98b421be9aebeb98835af
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "56DA08E18A408D7313DE4E598984A251A0ECF85BBBA98B421BE9AEBEB98835AF"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13088
Expires: Wed, 01 Feb 2023 22:13:59 GMT
Date: Wed, 01 Feb 2023 18:35:51 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: JTFFNCNSAuOgC5eeO/mMaxlgwbPNtcqWNjsgTF3XG5WQQrWMNfSjsrmQ7cl4kHxdML3SDweEwzU=
x-amz-request-id: 90YAS715SMQDT4J6
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 01 Feb 2023 17:51:39 GMT
age: 2652
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 18:35:51 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6a4cc6f647ee0c695170a5b462192de3
a9d56d7f5582bddbb8dec9cca8ca9593130bfed2
8b860082c109cc91652382fa7db26ffa0c77b60820269dfaec5eae76ed6da207
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B860082C109CC91652382FA7DB26FFA0C77B60820269DFAEC5EAE76ED6DA207"
Last-Modified: Mon, 30 Jan 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21549
Expires: Thu, 02 Feb 2023 00:35:01 GMT
Date: Wed, 01 Feb 2023 18:35:52 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 01 Feb 2023 17:41:42 GMT
age: 3250
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
216.172.184.77200 OK 6.5 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Non-ISO extended-ASCII text, with very long lines (466), with CRLF line terminators
Hash cb043b71e382688ed4f226ae7ce1707d
7142366ac3c91143efaa9bd3ef14dae2e69604a6
3a0cb36a97b82461dc794b65e4d8a8f2469b592155901a01e1c0300447eca64c
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173 HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=300
expires: Wed, 01 Feb 2023 18:40:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 6489
content-type: text/html
date: Wed, 01 Feb 2023 18:35:52 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9073
Expires: Wed, 01 Feb 2023 21:07:05 GMT
Date: Wed, 01 Feb 2023 18:35:52 GMT
Connection: keep-alive
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/css.css
216.172.184.77200 OK 865 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/css.css
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d02e38268578172d773c65be520c57e7
079966d15fcf3510861e9e55fbab4a43520b3a3b
543c1dbc35f28af1e9fde0e49c80550a8e1adaacf57d8434ec247782ed49d269
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/css.css HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Fri, 03 Mar 2023 18:35:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 865
content-type: text/css
date: Wed, 01 Feb 2023 18:35:52 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/nauth-599150400912c8247ee1872211972b2a.css
216.172.184.77200 OK 1.5 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/nauth-599150400912c8247ee1872211972b2a.css
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 60f4b22e91296cf3751f169af3b55719
19a6f1d77ab79cbc3dcbbed6a364da83f6905d0a
ad04f02376698c398bfd4ab5d98eff3335f3505d526b30cac8415264ad5a6bda
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/nauth-599150400912c8247ee1872211972b2a.css HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Fri, 03 Mar 2023 18:35:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 1457
content-type: text/css
date: Wed, 01 Feb 2023 18:35:52 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/nfcu-icons-599150400912c8247ee1872211972b2a.css
216.172.184.77200 OK 1.9 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/nfcu-icons-599150400912c8247ee1872211972b2a.css
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 551b7f0f3c8f8fc30c58b7d6211902c2
bc98f0bcfcb86c66efc4605e3338b143684e01a5
3737d1d94e0fe103df0abb9c28e53cf5d8cd9fc4d28c4c5ab35cca5c0f0dec80
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/nfcu-icons-599150400912c8247ee1872211972b2a.css HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Fri, 03 Mar 2023 18:35:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 1866
content-type: text/css
date: Wed, 01 Feb 2023 18:35:52 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 74cdb739b0155f9deccbbc334a2be050
fb451169aa1c80028a115f86decfda9ebbb4d548
6586dda034a3b6dac63e065989e9e1b1cdcb13bbc177aae4b2cb0a55597afbb4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4693
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 18:35:52 GMT
Last-Modified: Wed, 01 Feb 2023 17:17:40 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 74cdb739b0155f9deccbbc334a2be050
fb451169aa1c80028a115f86decfda9ebbb4d548
6586dda034a3b6dac63e065989e9e1b1cdcb13bbc177aae4b2cb0a55597afbb4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5953
Cache-Control: max-age=116562
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 18:35:52 GMT
Etag: "63d9be19-1d7"
Expires: Fri, 03 Feb 2023 02:58:34 GMT
Last-Modified: Wed, 01 Feb 2023 01:19:21 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 74cdb739b0155f9deccbbc334a2be050
fb451169aa1c80028a115f86decfda9ebbb4d548
6586dda034a3b6dac63e065989e9e1b1cdcb13bbc177aae4b2cb0a55597afbb4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4786
Cache-Control: max-age=115395
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 18:35:52 GMT
Etag: "63d9be19-1d7"
Expires: Fri, 03 Feb 2023 02:39:07 GMT
Last-Modified: Wed, 01 Feb 2023 01:19:21 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/dropdown-ec401aee041a200e3dd94ec7982f0f2f.js
216.172.184.77200 OK 1.8 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/dropdown-ec401aee041a200e3dd94ec7982f0f2f.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 9844fa0b12f1b7719f2765088c8f1016
c7f5a52c7b33c2f98dff9b82b791120f02d01e50
eda28f0f228845a3174a65dade1e191b7050439f4ffd2c4ea8c91b168b5b6103
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/dropdown-ec401aee041a200e3dd94ec7982f0f2f.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 00:35:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 1804
content-type: application/javascript
date: Wed, 01 Feb 2023 18:35:52 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/common-ec401aee041a200e3dd94ec7982f0f2f.js
216.172.184.77200 OK 2.7 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/common-ec401aee041a200e3dd94ec7982f0f2f.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 5098d2c7f79ad8d65eeec3b84b4f1b86
243334a14e555ffeeaa41a378938545b5854b742
853faed9b0a824f7b1091bc653661f32915afcba8c3cf987568f4f5c48d70200
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/common-ec401aee041a200e3dd94ec7982f0f2f.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 00:35:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 2678
content-type: application/javascript
date: Wed, 01 Feb 2023 18:35:52 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/all-599150400912c8247ee1872211972b2a.css
216.172.184.77200 OK 11 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/all-599150400912c8247ee1872211972b2a.css
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (50194), with CRLF line terminators
Hash 451fe0b791ab243968de31f9b02a4d73
b354fd8c1e9854ee3128eef6a208f9207000bc63
b960b0ad591e14dd5d88706912da23bc4fd044e5d794a93935e870a74da93f15
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/all-599150400912c8247ee1872211972b2a.css HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Fri, 03 Mar 2023 18:35:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 11002
content-type: text/css
date: Wed, 01 Feb 2023 18:35:52 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/bootstrap-select.js
216.172.184.77200 OK 11 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/bootstrap-select.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (31148), with CRLF, LF line terminators
Hash 79b07f8c5ed334eebcfc3499758a2e17
d33b2949948f61d1835f40a0733bdee35a1505a3
6a90dee90ed1ebac761aa3162c2fc288111664ff4c5e4b62910d18a9463d7e1e
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/bootstrap-select.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 00:35:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 11396
content-type: application/javascript
date: Wed, 01 Feb 2023 18:35:52 GMT
server: Apache
X-Firefox-Spdy: h2
push.services.mozilla.com/
44.241.148.153101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.241.148.153:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: V9cgIjjygb+iakkIrN5CEg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kpnc54Xvqe8HOHd1SbCwN7TwA1c=
my.navyfederal.org/NFOAA_Auth/resources/images/Group5166-1d62888b4b662af9142e3c385f423f32.svg
104.88.20.141404 Not Found 1.0 kB URL HTTP/1.1 my.navyfederal.org/NFOAA_Auth/resources/images/Group5166-1d62888b4b662af9142e3c385f423f32.svg
IP 104.88.20.141:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 1536cc36842f2165300106001ee4b19a
d3bd2ed7be7778ebb3fef66672f216982e1d2e45
4ece4a1ee577bdbd46f9f55ee93ad77713bdd635c5a547e575f230fca329ae42
GET /NFOAA_Auth/resources/images/Group5166-1d62888b4b662af9142e3c385f423f32.svg HTTP/1.1
Host: my.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
X-Powered-By: Servlet/3.0
X-Frame-Options: DENY
$WSEP:
Last-Modified: Wed, 07 Sep 2022 21:50:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html
Content-Language: en-US
Content-Length: 1018
Date: Wed, 01 Feb 2023 18:35:52 GMT
Connection: keep-alive
Set-Cookie: navyfed-opentoken=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-extracted=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-deviceprint=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-useractive=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-pingolb=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-obo=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
SMSESSION=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
acctsvcs_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=w; path=/; domain=.navyfederal.org; secure
akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=24~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=efcea0aeac7b4ba9d2f5e8fcdd4aa00d; path=/; Secure; SameSite=None; Domain=.navyfederal.org
akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=83~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=030d65e89e6724f88081a11dae4a99af; path=/; Secure; SameSite=None; Domain=.navyfederal.org
ak_bmsc=2C055060A404D80F9E322D46238AE5AB~000000000000000000000000000000~YAAQPDIQYIyiTsaFAQAAX4pDDhJhYYZv+FgrI2916L+fI8u80RaanGZ606nbzPZikxRSCKzRf5239bVLRlkqxQiLzMGBonsCZLy1R8pnAn0QOp6zrxu67zyW/p61jgTePbZ/mJt45DhtaFFis3JXVcc3pD2F+9n6cm8LE91ZS8PTSSOXc6YMfRiYS0Y3OCg+JRn6u9j0YcoKMLW8HAJ4SP/EWGsky5T6KN6qy87YedojOn+eNZjqIWmV/PFfuXOstyC5CmY0+1q1j5mt/t+w15YHH27x4e6mxIb5yTmIqVkmWGCUtX9QxKmDL0ArjgQGCjcDbfEeOFW1j5j1W0tfv4e6G+42HCd27np3X3yTBhMNJRBTwZCE0nU75jepttJ+sv/ADg==; Domain=.navyfederal.org; Path=/; Expires=Wed, 01 Feb 2023 20:35:52 GMT; Max-Age=7200; HttpOnly
Strict-Transport-Security: max-age=31536000
my.navyfederal.org/NFOAA_Auth/resources/images/contact-us-1d62888b4b662af9142e3c385f423f32.svg
104.88.20.141404 Not Found 1.0 kB URL HTTP/1.1 my.navyfederal.org/NFOAA_Auth/resources/images/contact-us-1d62888b4b662af9142e3c385f423f32.svg
IP 104.88.20.141:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 1536cc36842f2165300106001ee4b19a
d3bd2ed7be7778ebb3fef66672f216982e1d2e45
4ece4a1ee577bdbd46f9f55ee93ad77713bdd635c5a547e575f230fca329ae42
GET /NFOAA_Auth/resources/images/contact-us-1d62888b4b662af9142e3c385f423f32.svg HTTP/1.1
Host: my.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
X-Powered-By: Servlet/3.0
X-Frame-Options: DENY
$WSEP:
Last-Modified: Wed, 07 Sep 2022 21:50:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html
Content-Language: en-US
Content-Length: 1018
Date: Wed, 01 Feb 2023 18:35:52 GMT
Connection: keep-alive
Set-Cookie: navyfed-opentoken=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-extracted=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-deviceprint=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-useractive=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-pingolb=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-obo=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
SMSESSION=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
acctsvcs_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=w; path=/; domain=.navyfederal.org; secure
akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=35~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=afa061c0928a750eda1c51c88ec67c2f; path=/; Secure; SameSite=None; Domain=.navyfederal.org
akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=28~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=700de3620ab126e7152b12b18e782975; path=/; Secure; SameSite=None; Domain=.navyfederal.org
ak_bmsc=343DB570AA903070B4C3E5955E1C8674~000000000000000000000000000000~YAAQPDIQYI2iTsaFAQAAe4pDDhKzcgMifUwbNxXDKyClAvpIUjyeq2ofmD+36CcIFU8XZXHhuxhavmKALKWsi1oDmspp9kLC67I2s77zu1T/eRUynqYbA5CBQahZa2jEjpmenlPqfKUfvP987peJf6PNGvOMAUKwyu+t7PqQ03d98vFaicCs5/Evk392eDMQpPNek0zpjwnvw+v2HutEMsyecPuLXXPLwKMYzsYisEpEHvedMLUXXV/wLxA/DMXQ5mPxhv+PdMyKI4dMd/Rvt0rPKJATNOAMRCMHXKBYmiuRvC8JhKIqmwPZRRrYYO4eKIZATSV4fA6ntEiVJHNpnEYOiWt6C57T2pzOwA6fzs4SYnk89XsZGzk7Tkn8m4uvMIhpbg==; Domain=.navyfederal.org; Path=/; Expires=Wed, 01 Feb 2023 20:35:52 GMT; Max-Age=7200; HttpOnly
Strict-Transport-Security: max-age=31536000
my.navyfederal.org/NFOAA_Auth/resources/images/Group5158-1d62888b4b662af9142e3c385f423f32.svg
104.88.20.141404 Not Found 1.0 kB URL HTTP/1.1 my.navyfederal.org/NFOAA_Auth/resources/images/Group5158-1d62888b4b662af9142e3c385f423f32.svg
IP 104.88.20.141:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 1536cc36842f2165300106001ee4b19a
d3bd2ed7be7778ebb3fef66672f216982e1d2e45
4ece4a1ee577bdbd46f9f55ee93ad77713bdd635c5a547e575f230fca329ae42
GET /NFOAA_Auth/resources/images/Group5158-1d62888b4b662af9142e3c385f423f32.svg HTTP/1.1
Host: my.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
X-Powered-By: Servlet/3.0
X-Frame-Options: DENY
$WSEP:
Last-Modified: Wed, 07 Sep 2022 21:50:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html
Content-Language: en-US
Content-Length: 1018
Date: Wed, 01 Feb 2023 18:35:52 GMT
Connection: keep-alive
Set-Cookie: navyfed-opentoken=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-extracted=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-deviceprint=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-useractive=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-pingolb=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-obo=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
SMSESSION=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
acctsvcs_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=w; path=/; domain=.navyfederal.org; secure
akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=63~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=20afa0dcfdeeb75848bcae16416a1e86; path=/; Secure; SameSite=None; Domain=.navyfederal.org
akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=70~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=d0b023e2a7e1535675af934e3d2b3f01; path=/; Secure; SameSite=None; Domain=.navyfederal.org
ak_bmsc=D4A5030B59114BA40377F6266996F190~000000000000000000000000000000~YAAQPDIQYI6iTsaFAQAAf4pDDhIfaLzdJJ1o2AOGtSUAAdxfAOZ/jm6JFVpzf8lZWi1gH79tPPaBvdAtugfxU+ALkdaNZTKvga8vv4pzZ50EbC394OvhvTpX+0KqfzUse2OvyG6DXFrO3OXquApzq7A3QS9ErjjlFNNn/+i954JLPMpgR+7HRyojjdA06b6Fj6N86asWCKxcPDbQg3AkAJhuviG5Gf88bRec9OtVu9aOe8pdqfA4DsBxGmd2G3EMUrgE589dTgH9gsqK1FagCo7pCAQIB+IYLWOPN4PFVqY1A3sOBdvXMWrnNXjUYKkbjBTcJjWz/8ril1YomhGeL4D1Cc8JNPU275fJDfrU2jqcVNS6qxlrDXz5TU6a9REHW99sqA==; Domain=.navyfederal.org; Path=/; Expires=Wed, 01 Feb 2023 20:35:52 GMT; Max-Age=7200; HttpOnly
Strict-Transport-Security: max-age=31536000
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/login-ec401aee041a200e3dd94ec7982f0f2f.js
216.172.184.77200 OK 1.1 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/login-ec401aee041a200e3dd94ec7982f0f2f.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash ae9cf250ae0e95a05cf79864a6a9733b
f70b5a2eb90895813fcba6d2b7ca0e572f601663
35b41994ff8bc04c6c752e477eceef7f262688ee832891624f2f4b0714d9a6f8
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/login-ec401aee041a200e3dd94ec7982f0f2f.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 00:35:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 1127
content-type: application/javascript
date: Wed, 01 Feb 2023 18:35:52 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/keypad-ec401aee041a200e3dd94ec7982f0f2f.js
216.172.184.77200 OK 809 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/keypad-ec401aee041a200e3dd94ec7982f0f2f.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with very long lines (1213), with CRLF line terminators
Hash 45aebf5c2b18c946a50740e31f811676
6c01eb6f3b907dce39d258b203b96a42703fed00
1e66b8120ad1a52baa0ae15343ec31775bb0329db16ca70927ba1a58e013e782
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/keypad-ec401aee041a200e3dd94ec7982f0f2f.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 00:35:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 809
content-type: application/javascript
date: Wed, 01 Feb 2023 18:35:52 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/modal-ec401aee041a200e3dd94ec7982f0f2f.js
216.172.184.77200 OK 3.4 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/modal-ec401aee041a200e3dd94ec7982f0f2f.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 509395c0534009e4764a584a4531ecf6
740964e4c50e24c932a7430faacd895072f70acb
ed5409d2e4c24fcacfb9885676b2e3c93a5f5d9ad00eb4f03c7c036ab62e74e4
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/modal-ec401aee041a200e3dd94ec7982f0f2f.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 00:35:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 3379
content-type: application/javascript
date: Wed, 01 Feb 2023 18:35:52 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/api.js
216.172.184.77200 OK 558 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/api.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (850), with no line terminators
Hash 2a0fbeaff401daf7f8d961960efa46c4
8c4c3f2d10be69f7fb0fcb659e9232a03f7d7955
8d6f9522208a16b57d9930f7b2b0d828c91492d747c2d9cdd8915abe57842e63
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/api.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 00:35:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 558
content-type: application/javascript
date: Wed, 01 Feb 2023 18:35:52 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/cookieGenerator-ec401aee041a200e3dd94ec7982f0f2f.js
216.172.184.77200 OK 947 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/cookieGenerator-ec401aee041a200e3dd94ec7982f0f2f.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 0fecde5e44685c6c0354fa673ee6d991
ab9e6f9b04cdb2631f28ae7bc0e29f67abfc52bb
f7f56ebc8141501c2061f521f0fc7ce296835e3ffd67d027431aacb4eadcd75f
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/cookieGenerator-ec401aee041a200e3dd94ec7982f0f2f.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 00:35:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 947
content-type: application/javascript
date: Wed, 01 Feb 2023 18:35:52 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/tag.js
216.172.184.77200 OK 9.1 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/tag.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (21652), with no line terminators
Hash ff5a1baedd30f131b97f3c012245e423
750abb823d81773ea6546d93dff844a1752cfe20
db6299bc5bc23671fc25dd62a5acd79d69a9cbc10d0d6a4052aee8f30b8d6e62
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/tag.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 00:35:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 9066
content-type: application/javascript
date: Wed, 01 Feb 2023 18:35:52 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/le2-mtagconfig.js
216.172.184.77200 OK 6.3 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/le2-mtagconfig.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1788)
Hash ff03bc1e2abf22d3fddcddbb66a117f9
92b92a8c319971623952b279773fbb92c6a872ad
1fea4db473f153cd0d025a2a9dd2a675e256c46c4c66faf28aafbeb8eb307279
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/le2-mtagconfig.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 00:35:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 6320
content-type: application/javascript
date: Wed, 01 Feb 2023 18:35:52 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/img_logo-veterans-1d62888b4b662af9142e3c385f423f32.svg
216.172.184.77200 OK 22 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/img_logo-veterans-1d62888b4b662af9142e3c385f423f32.svg
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2618), with CRLF line terminators
Hash e9412a7e111241810e74c5cf267fb64a
cae22fc983a55384e31ad2a4e43f812bc68efbfc
3e700f9ff93a023fcaee00daeb83062c9492803afc78643532d41d369133f991
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/img_logo-veterans-1d62888b4b662af9142e3c385f423f32.svg HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
content-length: 21962
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 00:35:52 GMT
x-endurance-cache-level: 2
content-type: image/svg+xml
date: Wed, 01 Feb 2023 18:35:52 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/f67c327263eti209967cda713cd843baa
216.172.184.77200 OK 72 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/f67c327263eti209967cda713cd843baa
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (65536), with no line terminators
Hash 335f2776eaf4ca7eca9953d2240c3316
5f5702f072d8e721dd3557ccd2a0944b3cc58fa5
ca9ee108c9cd3072864c1fcfe42f8fa40f829a33267388e0adbf41fa8b2da9a5
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/f67c327263eti209967cda713cd843baa HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
content-length: 72012
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 00:35:52 GMT
x-endurance-cache-level: 2
date: Wed, 01 Feb 2023 18:35:52 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 42d54c8c12a2f90c448a11bf42800e86
bb66d35435411c825bfcd0a091f33b7d1708191e
3b67d91fbb38e5c47b6ebff53da366b87af3a308e5c588775ac66a808761dbb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 18:35:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15948, version 1.0\012- data
Hash c85615b296302af51e683eecb5e371d4
ff7c20b0947804c607759aa46eab666d94cf12ea
efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309
GET /s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gww-word.com
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15948
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Jan 2023 04:00:37 GMT
expires: Sun, 28 Jan 2024 04:00:37 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 15 Sep 2020 18:10:32 GMT
content-type: font/woff2
age: 398116
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm
216.172.184.77200 OK 108 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 1a7562ff802f8301970ff574c2e4277f
3532997324bc5f31ad7ad464603226c08ed2eedd
f6a6049d8f3fdd43ab20af67a303f4d00f211e367b5a026384bf0e7283875a0b
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Cookie: s_fid=3CE42FBF024911AE-3DD3D1E11AC8E7F1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=300
expires: Wed, 01 Feb 2023 18:40:53 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 108
content-type: text/html
date: Wed, 01 Feb 2023 18:35:53 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/static/f67c327263eti209967cda713cd843baa
216.172.184.77200 OK 335 B URL HTTP/2 gww-word.com/static/f67c327263eti209967cda713cd843baa
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with very long lines (688), with no line terminators
Hash abcb784e43e1efc28729290bbfd1b8ea
3871864db560c9ad4bdbb0a4d8e2582c95bb32e9
4bda48d670a4722419a3aa793c540e23c6ac0ab210dd8b67083d119d89f7c60e
Analyzer Verdict Alert fortinet Phishing
POST /static/f67c327263eti209967cda713cd843baa HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1021
Origin: https://gww-word.com
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Cookie: s_fid=3CE42FBF024911AE-3DD3D1E11AC8E7F1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Wed, 01 Feb 2023 18:40:53 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 335
content-type: text/html; charset=UTF-8
date: Wed, 01 Feb 2023 18:35:53 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/storage.htm
216.172.184.77200 OK 17 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/storage.htm
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (32192), with CRLF line terminators
Hash beb16499bbd73c457678fef1d69445e3
6655c3c37e7fb97177c24f937a2959be323217eb
6d9709a66ea5f4e4cd0b2d670e5efb0d71cbcbe79401ad2688a1b32a6ab49c08
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/storage.htm HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Cookie: s_fid=3CE42FBF024911AE-3DD3D1E11AC8E7F1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=300
expires: Wed, 01 Feb 2023 18:40:53 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 16602
content-type: text/html
date: Wed, 01 Feb 2023 18:35:53 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/bg_globe.png
216.172.184.77200 OK 335 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/bg_globe.png
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with very long lines (688), with no line terminators
Hash abcb784e43e1efc28729290bbfd1b8ea
3871864db560c9ad4bdbb0a4d8e2582c95bb32e9
4bda48d670a4722419a3aa793c540e23c6ac0ab210dd8b67083d119d89f7c60e
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/bg_globe.png HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css
Cookie: s_fid=3CE42FBF024911AE-3DD3D1E11AC8E7F1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Wed, 01 Feb 2023 18:40:53 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 335
content-type: text/html; charset=UTF-8
date: Wed, 01 Feb 2023 18:35:53 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 42d54c8c12a2f90c448a11bf42800e86
bb66d35435411c825bfcd0a091f33b7d1708191e
3b67d91fbb38e5c47b6ebff53da366b87af3a308e5c588775ac66a808761dbb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 18:35:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/toolTip.svg
216.172.184.77200 OK 335 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/toolTip.svg
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with very long lines (688), with no line terminators
Hash abcb784e43e1efc28729290bbfd1b8ea
3871864db560c9ad4bdbb0a4d8e2582c95bb32e9
4bda48d670a4722419a3aa793c540e23c6ac0ab210dd8b67083d119d89f7c60e
Analyzer Verdict Alert fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/toolTip.svg HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css
Cookie: s_fid=3CE42FBF024911AE-3DD3D1E11AC8E7F1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Wed, 01 Feb 2023 18:40:53 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 335
content-type: text/html; charset=UTF-8
date: Wed, 01 Feb 2023 18:35:53 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/img-billboard-BG.svg
216.172.184.77200 OK 335 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/img-billboard-BG.svg
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with very long lines (688), with no line terminators
Hash abcb784e43e1efc28729290bbfd1b8ea
3871864db560c9ad4bdbb0a4d8e2582c95bb32e9
4bda48d670a4722419a3aa793c540e23c6ac0ab210dd8b67083d119d89f7c60e
Analyzer Verdict Alert fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/img-billboard-BG.svg HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css
Cookie: s_fid=3CE42FBF024911AE-3DD3D1E11AC8E7F1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Wed, 01 Feb 2023 18:40:53 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 335
content-type: text/html; charset=UTF-8
date: Wed, 01 Feb 2023 18:35:53 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/icons.png
216.172.184.77200 OK 335 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/icons.png
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with very long lines (688), with no line terminators
Hash abcb784e43e1efc28729290bbfd1b8ea
3871864db560c9ad4bdbb0a4d8e2582c95bb32e9
4bda48d670a4722419a3aa793c540e23c6ac0ab210dd8b67083d119d89f7c60e
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/images/css/icons.png HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css
Cookie: s_fid=3CE42FBF024911AE-3DD3D1E11AC8E7F1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Wed, 01 Feb 2023 18:40:53 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 335
content-type: text/html; charset=UTF-8
date: Wed, 01 Feb 2023 18:35:53 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 16112, version 1.0\012- data
Hash 899c8f78ce650d4009d42443897aa723
d2e2faa9780b7fca5a5cb20a853dd7df55b3101e
a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199
GET /s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gww-word.com
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16112
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Jan 2023 18:56:43 GMT
expires: Sat, 27 Jan 2024 18:56:43 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 15 Sep 2020 18:10:09 GMT
content-type: font/woff2
age: 430750
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 42d54c8c12a2f90c448a11bf42800e86
bb66d35435411c825bfcd0a091f33b7d1708191e
3b67d91fbb38e5c47b6ebff53da366b87af3a308e5c588775ac66a808761dbb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 18:35:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm
216.172.184.77200 OK 108 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 1a7562ff802f8301970ff574c2e4277f
3532997324bc5f31ad7ad464603226c08ed2eedd
f6a6049d8f3fdd43ab20af67a303f4d00f211e367b5a026384bf0e7283875a0b
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Cookie: s_fid=3CE42FBF024911AE-3DD3D1E11AC8E7F1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=300
expires: Wed, 01 Feb 2023 18:40:53 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 108
content-type: text/html
date: Wed, 01 Feb 2023 18:35:53 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm
216.172.184.77200 OK 108 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 1a7562ff802f8301970ff574c2e4277f
3532997324bc5f31ad7ad464603226c08ed2eedd
f6a6049d8f3fdd43ab20af67a303f4d00f211e367b5a026384bf0e7283875a0b
Analyzer Verdict Alert urlquery phishing Phishing - Navy Federal Credit Union
urlquery phishing Phishing - Navy Federal Credit Union
fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a_003.htm HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Cookie: s_fid=3CE42FBF024911AE-3DD3D1E11AC8E7F1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=300
expires: Wed, 01 Feb 2023 18:40:53 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 108
content-type: text/html
date: Wed, 01 Feb 2023 18:35:53 GMT
server: Apache
X-Firefox-Spdy: h2
my.navyfederal.org/NFOAA_Auth/resources/images/Group5166-1d62888b4b662af9142e3c385f423f32.svg
104.88.20.141404 Not Found 1.0 kB URL HTTP/1.1 my.navyfederal.org/NFOAA_Auth/resources/images/Group5166-1d62888b4b662af9142e3c385f423f32.svg
IP 104.88.20.141:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 1536cc36842f2165300106001ee4b19a
d3bd2ed7be7778ebb3fef66672f216982e1d2e45
4ece4a1ee577bdbd46f9f55ee93ad77713bdd635c5a547e575f230fca329ae42
GET /NFOAA_Auth/resources/images/Group5166-1d62888b4b662af9142e3c385f423f32.svg HTTP/1.1
Host: my.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=70~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=d0b023e2a7e1535675af934e3d2b3f01
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
X-Powered-By: Servlet/3.0
X-Frame-Options: DENY
$WSEP:
Last-Modified: Wed, 07 Sep 2022 21:50:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html
Content-Language: en-US
Content-Length: 1018
Date: Wed, 01 Feb 2023 18:35:53 GMT
Connection: keep-alive
Set-Cookie: navyfed-opentoken=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-extracted=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-deviceprint=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-useractive=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-pingolb=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-obo=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
SMSESSION=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
acctsvcs_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=w; path=/; domain=.navyfederal.org; secure
ak_bmsc=E85B7AC0765126F88A9E5C83C7072D9F~000000000000000000000000000000~YAAQPDIQYI+iTsaFAQAA1YxDDhI+xyI+MJCKEjM8JeyRjLQerZ2AKMtYJrL9/KfiV2mc8u2TrAdtr8wIFmFMbJCgGtikQo6ZcQ4ipdsa0Zjkg6OyKvRiOnUECUgZ8ScZZfH6XdytsabWRPzJu7prZJh2lWZkG9Z+bZMf+TpA035Wg00WCvacps2ylQPGdxZgBgQ8qFw4EFGizvTef5aKhExsVdNcR/VecXqfuT/pPsTEKrKMwk/XNKjabWg5lmPaatwS7hTK0Ha0B7FYB1bALKkXDXnycolFMA6OnSobbGabmllpezmPFGgXg/35wbS8fILioBOrHuwwzbSTqxtBdgJiNoNGz06Bj3CRGHmHdegKMfkIuaxsFCtTSApPExBxB61lJg==; Domain=.navyfederal.org; Path=/; Expires=Wed, 01 Feb 2023 20:35:53 GMT; Max-Age=7200; HttpOnly
Strict-Transport-Security: max-age=31536000
my.navyfederal.org/NFOAA_Auth/resources/images/Group5158-1d62888b4b662af9142e3c385f423f32.svg
104.88.20.141404 Not Found 1.0 kB URL HTTP/1.1 my.navyfederal.org/NFOAA_Auth/resources/images/Group5158-1d62888b4b662af9142e3c385f423f32.svg
IP 104.88.20.141:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 1536cc36842f2165300106001ee4b19a
d3bd2ed7be7778ebb3fef66672f216982e1d2e45
4ece4a1ee577bdbd46f9f55ee93ad77713bdd635c5a547e575f230fca329ae42
GET /NFOAA_Auth/resources/images/Group5158-1d62888b4b662af9142e3c385f423f32.svg HTTP/1.1
Host: my.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=70~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=d0b023e2a7e1535675af934e3d2b3f01
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
X-Powered-By: Servlet/3.0
X-Frame-Options: DENY
$WSEP:
Last-Modified: Wed, 07 Sep 2022 21:50:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html
Content-Language: en-US
Content-Length: 1018
Date: Wed, 01 Feb 2023 18:35:53 GMT
Connection: keep-alive
Set-Cookie: navyfed-opentoken=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-extracted=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-deviceprint=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-useractive=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-pingolb=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-obo=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
SMSESSION=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
acctsvcs_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=w; path=/; domain=.navyfederal.org; secure
ak_bmsc=CBEF343F5673BFE9CE882832A6CF0C99~000000000000000000000000000000~YAAQPDIQYJCiTsaFAQAA7YxDDhIYsiLgYT9r3+pECv+VgoAmacgJr+kpdwbCJNC/G+RJQ0LCaSiYdWevv0FDi9FUSJjf1RnIvzxSU/qDHSJL6whaGwgkOI1234BaeZkUkXG1HcFm0HwsxwbWGEXCTJu8R24rZ0p17Lz9WsyS1C/2RHiUvXIIAgjoocm0LWrEjK1qrPXv2nbm66mZx/gc4WbLRjfi9KWBzGB+dau92JLK862V25+pTRiL2DO7A2V3Xdk011BkJkPQtwbM8PcP9osRj7vxUD2pPjdeQ5YDCxObxt4rVF4w5ex+NtIggsI+C1hDruqryPIYeRyJO460MiWoDb3cLfm+SvgOcNuCAXh8jfpsVGcOs43oRm0i5IfGvH9wqg==; Domain=.navyfederal.org; Path=/; Expires=Wed, 01 Feb 2023 20:35:53 GMT; Max-Age=7200; HttpOnly
Strict-Transport-Security: max-age=31536000
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 00014a5c06c7745309f74c5b7be00586
76341f113c35c10afe1d527340cf205dce9c5595
9ac845fcd050af72032d650cfad2b35508d3d316a5d97f72296fe32e7eb88007
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 18:35:53 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 31 Jan 2023 02:32:15 GMT
Expires: Tue, 07 Feb 2023 02:32:14 GMT
Etag: "76341f113c35c10afe1d527340cf205dce9c5595"
Cache-Control: max-age=459980,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792cca1adf4fb523-OSL
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/nfcu-icons.ttf
216.172.184.77200 OK 335 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/nfcu-icons.ttf
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with very long lines (688), with no line terminators
Hash abcb784e43e1efc28729290bbfd1b8ea
3871864db560c9ad4bdbb0a4d8e2582c95bb32e9
4bda48d670a4722419a3aa793c540e23c6ac0ab210dd8b67083d119d89f7c60e
Analyzer Verdict Alert fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/nfcu-icons.ttf HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css
Cookie: s_fid=3CE42FBF024911AE-3DD3D1E11AC8E7F1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Wed, 01 Feb 2023 18:40:53 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 335
content-type: text/html; charset=UTF-8
date: Wed, 01 Feb 2023 18:35:53 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css
216.172.184.77200 OK 36 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 14a0a9d6842f71f9345d7b013413fa50
8d20f9c092dc0e7e07d6acee1e944997e7e1865c
6c0c26a396cd926622d066adfcdb5f38a1e25808caa98cbab1b96aa54389c976
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Fri, 03 Mar 2023 18:35:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-type: text/css
date: Wed, 01 Feb 2023 18:35:52 GMT
server: Apache
X-Firefox-Spdy: h2
my.navyfederal.org/NFOAA_Auth/resources/images/contact-us-1d62888b4b662af9142e3c385f423f32.svg
104.88.20.141404 Not Found 1.0 kB URL HTTP/1.1 my.navyfederal.org/NFOAA_Auth/resources/images/contact-us-1d62888b4b662af9142e3c385f423f32.svg
IP 104.88.20.141:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 1536cc36842f2165300106001ee4b19a
d3bd2ed7be7778ebb3fef66672f216982e1d2e45
4ece4a1ee577bdbd46f9f55ee93ad77713bdd635c5a547e575f230fca329ae42
GET /NFOAA_Auth/resources/images/contact-us-1d62888b4b662af9142e3c385f423f32.svg HTTP/1.1
Host: my.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=70~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=d0b023e2a7e1535675af934e3d2b3f01
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
X-Powered-By: Servlet/3.0
X-Frame-Options: DENY
$WSEP:
Last-Modified: Wed, 07 Sep 2022 21:50:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html
Content-Language: en-US
Content-Length: 1018
Date: Wed, 01 Feb 2023 18:35:53 GMT
Connection: keep-alive
Set-Cookie: navyfed-opentoken=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-extracted=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-deviceprint=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-useractive=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-pingolb=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-obo=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
SMSESSION=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
acctsvcs_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=w; path=/; domain=.navyfederal.org; secure
ak_bmsc=A78DB463E3C5EDA423474DA76757BC7E~000000000000000000000000000000~YAAQPDIQYJGiTsaFAQAArY1DDhLIZ4Kqn1Xhhq6CkbP3YDAlK9R1PkDoo8OcjO/mWF0MC4OGKmLLoefIpY8dmrnzMon9MIgjqNbf+osZX8H2tS9RkNYoIOJ6hN3b9u5EZY1nCHrQrdDCWtExKYZb00OUum3PGVJa8wxjoO4lQxsRfGPHKSpMcJ0RrAR9D3Ve5RvJPWu9trSnjWy5ebTmJLKgczwofQiE8RzHooCRULU55NPweZUnfEcei5gCL3bKsaVqxsyhQFKcSw7OtCznGYnRQrMb7RorkZBRId0SiF/bBAwJExABCnobJRX71NDX4kO0RwoOL67vIZTagigkhWoWXXuBW+3SHbr13q/IWsNSj7tjB8fGq+QeIMISqbYRPo/9Yw==; Domain=.navyfederal.org; Path=/; Expires=Wed, 01 Feb 2023 20:35:53 GMT; Max-Age=7200; HttpOnly
Strict-Transport-Security: max-age=31536000
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/s_code.js
216.172.184.77200 OK 22 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/s_code.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash fad625a2f9910edcffc4a4d9f21d7f5f
54b9c33b89f4976326d8ee66b5db886368bbd11a
8304a3200a9553f6cb1b6b3c8c6c1644d3c2fb842d86a388030f1e393c74ec12
Analyzer Verdict Alert fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/s_code.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 00:35:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-type: application/javascript
date: Wed, 01 Feb 2023 18:35:52 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/sourcesanspro-semibold-webfont.woff
216.172.184.77200 OK 1.0 kB URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/sourcesanspro-semibold-webfont.woff
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 3a034335de06f0f0fc4632d8163c17d7
816531081a1a7867a2d86c7749e159a3ab22683b
db110ebab00dccc2b175eb5405783a309c2de125f7a2c6de042309c5d8ed3054
Analyzer Verdict Alert fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/sourcesanspro-semibold-webfont.woff HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css
Cookie: s_fid=3CE42FBF024911AE-3DD3D1E11AC8E7F1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Wed, 01 Feb 2023 18:40:53 GMT
vary: Accept-Encoding
x-endurance-cache-level: 2
content-type: text/html; charset=UTF-8
date: Wed, 01 Feb 2023 18:35:53 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/static/f67c327263eti209967cda713cd843baa
216.172.184.77200 OK 335 B URL HTTP/2 gww-word.com/static/f67c327263eti209967cda713cd843baa
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with very long lines (688), with no line terminators
Hash abcb784e43e1efc28729290bbfd1b8ea
3871864db560c9ad4bdbb0a4d8e2582c95bb32e9
4bda48d670a4722419a3aa793c540e23c6ac0ab210dd8b67083d119d89f7c60e
Analyzer Verdict Alert fortinet Phishing
POST /static/f67c327263eti209967cda713cd843baa HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1277
Origin: https://gww-word.com
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Cookie: s_fid=3CE42FBF024911AE-3DD3D1E11AC8E7F1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Wed, 01 Feb 2023 18:40:53 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-length: 335
content-type: text/html; charset=UTF-8
date: Wed, 01 Feb 2023 18:35:53 GMT
server: Apache
X-Firefox-Spdy: h2
my.navyfederal.org/NFOAA_Auth/favicon.ico
104.88.20.141200 OK 351 B URL HTTP/1.1 my.navyfederal.org/NFOAA_Auth/favicon.ico
IP 104.88.20.141:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 1ff701ad319400203220d48758838e99
e603d649127b743e4c32988dd40cde0c0924c11b
4bb25e1c20ad9bb64afc21206c14f5c25140a4056b8bddc06ac554559d59c71e
GET /NFOAA_Auth/favicon.ico HTTP/1.1
Host: my.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=70~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=d0b023e2a7e1535675af934e3d2b3f01
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
X-Frame-Options: DENY
Last-Modified: Wed, 07 Sep 2022 21:50:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: image/x-icon
Content-Language: en-US
Content-Length: 351
Date: Wed, 01 Feb 2023 18:35:53 GMT
Connection: keep-alive
Set-Cookie: my_dc=w; path=/; domain=.navyfederal.org; secure
Strict-Transport-Security: max-age=31536000
www.gstatic.com/recaptcha/releases/1AZgzF1o3OlP73CVr69UmL65/recaptcha__en.js
216.58.211.3404 Not Found 1.6 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/1AZgzF1o3OlP73CVr69UmL65/recaptcha__en.js
IP 216.58.211.3:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Hash 42ce5054207c737a4539726fff1cea32
338e12cc1019e8e080cdb985f9afc817b0eb76b8
54a34b914df3e1ca89045c816c2080c66586977a941d241209038047f1ffea5c
GET /recaptcha/releases/1AZgzF1o3OlP73CVr69UmL65/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gww-word.com
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Wed, 01 Feb 2023 18:35:53 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
rnemsg.navyfederal.org/ci/pta/logout
147.154.117.92302 Found 25 B URL HTTP/1.1 rnemsg.navyfederal.org/ci/pta/logout
IP 147.154.117.92:0
ASN #31898 ORACLE-BMC-31898
Hash 3f8372f15e761c5f9e4ed6515f744df3
81a6e71371d2a46f6116e045fce6feb258b2d9f3
61c08f21cca5983f6f115bd91b9cc97bd29ef835d1cabed197d79fa7e1e7bd76
GET /ci/pta/logout HTTP/1.1
Host: rnemsg.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=70~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=d0b023e2a7e1535675af934e3d2b3f01
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Wed, 01 Feb 2023 18:35:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
F5_do_compression: yes
Content-Encoding: gzip
RNT-JN-Ext-Machine: 43.3
Strict-Transport-Security: max-age=31536000
Set-Cookie: cp_session=fUhlBtZuC8i5GSG8oPzwjfrMCBJTGAbusXR6TPqhlIseEh7Sv5vZYXe_ShDNb~xdOCSz4jY6Lg2ZuPitYkRqyTBCRz9YbFtxRW8E4x2euKUC~~nLk5QkwHTU_mBHEE2cLyIn6w1wPmDOwuHNm6Fn21D87jIKlTodj3eXkycxLUhIREIdB1mxePxNBfr1gYTE5R~VeAitzWlEqJgPc3UnLhucG71G4LnoW6Jt0FcLhumK9pWLaOaCLGnn_1Vbb_4qUHvbqwYyHcCNVZzVnf4TthlkadqxXcqYj_I3H9DbuAdJo8q73zgV5AbRzwu~LJ8CGO9cAdnM4_pHm2MBcBMRUrk9Vzvgn66hjcTzoLBwHmlbw~tF~~eFoYy8q7CzPVKQYnzH3bzWFMKNqsCqZIEet~nS_COG~pkLfyFfoGd4W41zjgoJRqDOtBix2WDtjXYqW6175vhcKkt~iPgntk9mEdsUXZy4b4tBLb; path=/; httponly; SameSite=None; Secure
cp_session=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
RNT-JN-Ext-UUID: ad86cb76-7c5f-495a-94c7-9dc217388e1d
RNT-Time: D=162495 t=1675276553761248
Location: https://www.navyfederal.org/images/spacer.gif
RNT-Machine: 0.73
www.navyfederal.org/images/spacer.gif
104.110.18.91301 Moved Permanently 0 B URL HTTP/2 www.navyfederal.org/images/spacer.gif
IP 104.110.18.91:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /images/spacer.gif HTTP/1.1
Host: www.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gww-word.com/
Connection: keep-alive
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=70~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=d0b023e2a7e1535675af934e3d2b3f01
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: AkamaiGHost
content-length: 0
location: https://web.navyfederal.org/images/spacer.gif
cache-control: max-age=86400
expires: Thu, 02 Feb 2023 18:35:54 GMT
date: Wed, 01 Feb 2023 18:35:54 GMT
permissions-policy: interest-cohort=()
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5816
Expires: Wed, 01 Feb 2023 20:12:50 GMT
Date: Wed, 01 Feb 2023 18:35:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5816
Expires: Wed, 01 Feb 2023 20:12:50 GMT
Date: Wed, 01 Feb 2023 18:35:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5816
Expires: Wed, 01 Feb 2023 20:12:50 GMT
Date: Wed, 01 Feb 2023 18:35:54 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3366ef4f8733cb9c89a5c88f63a0a441
7da46843b6d885f38a4759a08e6c899906ab7b97
7114397ee5c251cc5cb46f3433c2cc17ff68a08e0872e227671198e9b61eba0a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: 48094e1a-d550-4a91-b87c-4a08505f7cce
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVsWcFN7IAMF2pg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d2275c-5ced593a7e2126c9494563df;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:10:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aZOeDFqBJQoGwLpIs-GpPvY0FKGCAOXY6MgzG32qzX-kVzUCKKv-kw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 22:03:43 GMT
age: 73931
etag: "7da46843b6d885f38a4759a08e6c899906ab7b97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82a4ade3-0c43-4f21-9738-0bc1dbb9a6a6.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82a4ade3-0c43-4f21-9738-0bc1dbb9a6a6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 27e95b7912edc909d6b031e36fe83534
eb27fae0bb17dbe0929a620002195233ef50c1d0
b32e7e1a2eee367c5bf9e99bcb38f4c74c4e9e7bdfe7fb0f8f2a657060c0624c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82a4ade3-0c43-4f21-9738-0bc1dbb9a6a6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8597
x-amzn-requestid: e7bf4ac9-d86d-4ee9-9e10-8a42e5dfe2c6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fcRaNEW4IAMFatA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d4c90d-7731312f630b00ba028836ca;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 07:04:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: z3ZJ7bq6LuJd-9I9D22VIs0avctNGVDKnYmt-fxevCheQibivmUomQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 07:53:10 GMT
age: 38564
etag: "eb27fae0bb17dbe0929a620002195233ef50c1d0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash d97ed0916d168d58352b521432ab7028
61b617b33e1a72cef8c8d39e73b3f9418882abd0
8cbb1c9c21a8c2bbbcaa84a79e86f9f8005e01909885a3fab8b00088a047edf6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 18:35:54 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 03:43:28 GMT
Expires: Wed, 08 Feb 2023 03:43:27 GMT
Etag: "61b617b33e1a72cef8c8d39e73b3f9418882abd0"
Cache-Control: max-age=550652,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792cca1e4f59b4f1-OSL
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb28b8703-d49a-4e2e-80e7-cf4d081d6dba.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb28b8703-d49a-4e2e-80e7-cf4d081d6dba.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2998f7f50ac0eec931c348e8a0fb0c60
f5e411cda74cb7fb4a662f4787e9543b9749c8b5
0c81413a819e379212bf757b1c9469415aec2ac8fdf47f94ff23c420a1da20e1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb28b8703-d49a-4e2e-80e7-cf4d081d6dba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5736
x-amzn-requestid: 895ee89b-8d2e-42f9-a392-466557f8a0d3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffEtEGk_oAMFYPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e7ed-026a1b0d79dc7eb572317bd2;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:28:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 64EbarGrn6AIpXOE8TIfiBeGFQinx-P9lUIvmiQ1ivZgFrxl7_W4EQ==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:57:42 GMT
age: 74292
etag: "f5e411cda74cb7fb4a662f4787e9543b9749c8b5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc960001-158a-4a74-b6ce-f28cd110ca9c.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc960001-158a-4a74-b6ce-f28cd110ca9c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 23db22ce2120fbb0ae6109e1a046062d
2068c8d9a5bc30a17be658e198e26c64a80703cf
f307ba6c4929d9f0c9354334b7baea878da379138489d9689bb777c4da308dab
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc960001-158a-4a74-b6ce-f28cd110ca9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8735
x-amzn-requestid: f466c962-7b12-4923-a4be-7ff9fce372a0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaWFP_IAMF9wA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-7a8c027d58f5b9132bb68a33;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hjIm9dNf6UE9rpIlKWeLwWuF7Pm6yJeAZgbwchvJcuDy-zkXEr502w==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:51:18 GMT
age: 74676
etag: "2068c8d9a5bc30a17be658e198e26c64a80703cf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4bb3a6fba496d54cdbbccaf2b9600386
8e30002699e9fbf2047f9ac11a36d2175fc9c591
927bf3a04b011b4e3bc8d8772a3d5813507f7f523312d43627767b64615562f3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15857
x-amzn-requestid: cfe36b9d-34f6-4f3f-896e-e70ec45c4a04
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJ2JGGWoAMFSLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bcf3-0dd68dd778b9aba268a129b0;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: pU_436f27nMZKPxZZWqZekERHFTvcG5NT5p_CYEXHRPtIWjDtSA-uA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 07:15:18 GMT
age: 40836
etag: "8e30002699e9fbf2047f9ac11a36d2175fc9c591"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30335cb7-009a-42f5-8186-d0c302adc827.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30335cb7-009a-42f5-8186-d0c302adc827.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ec7e808a5e82552c46c3417a5b32b836
f0a273292b47d7e2e33c9d77fd95abdcc9e31ddd
f16d982224dfeb0753eaf9d4eb87d80fd1111f682fd8fa36f3177aad5bf926a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30335cb7-009a-42f5-8186-d0c302adc827.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6819
x-amzn-requestid: a0368695-4182-40bd-9a28-c50ae783a7a5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaRHGnoAMF0Ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-624285eb16110b8c2360dec5;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4MpUHqMYJoNA7QuRuQwbJIodNkhizq6EL5SPbIoSKFQjtoAKQgLuEg==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:51:25 GMT
age: 74669
etag: "f0a273292b47d7e2e33c9d77fd95abdcc9e31ddd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
web.navyfederal.org/images/spacer.gif
104.110.18.91200 OK 43 B URL HTTP/2 web.navyfederal.org/images/spacer.gif
IP 104.110.18.91:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /images/spacer.gif HTTP/1.1
Host: web.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gww-word.com/
Connection: keep-alive
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=70~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=d0b023e2a7e1535675af934e3d2b3f01
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Sun, 02 Jun 2013 10:22:19 GMT
etag: "2b-4de29390cacc0"
accept-ranges: bytes
content-length: 43
cache-control: max-age=7776000
expires: Wed, 19 Oct 2022 10:22:27 GMT
content-type: image/gif
date: Wed, 01 Feb 2023 18:35:54 GMT
X-Firefox-Spdy: h2
my.navyfederal.org/NFOAA_Auth/resources/images/apple-touch-icon-72x72-precomposed-1d62888b4b662af9142e3c385f423f32.png
104.88.20.141404 Not Found 1.9 kB URL HTTP/1.1 my.navyfederal.org/NFOAA_Auth/resources/images/apple-touch-icon-72x72-precomposed-1d62888b4b662af9142e3c385f423f32.png
IP 104.88.20.141:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 726ecf2df6a19b5a3c655e4941eb5135
1fdf86a26d04338d4f5394cc852a5c8387d95048
d3ba0f9d4c73e11ca995ac01df41b72c0ba60290454319cac7232e90c535a98e
GET /NFOAA_Auth/resources/images/apple-touch-icon-72x72-precomposed-1d62888b4b662af9142e3c385f423f32.png HTTP/1.1
Host: my.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=70~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=d0b023e2a7e1535675af934e3d2b3f01
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
X-Powered-By: Servlet/3.0
X-Frame-Options: DENY
$WSEP:
Last-Modified: Wed, 07 Sep 2022 21:50:18 GMT
Content-Length: 1941
Content-Type: text/html
Content-Language: en-US
Date: Wed, 01 Feb 2023 18:35:54 GMT
Connection: keep-alive
Set-Cookie: navyfed-opentoken=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-extracted=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-deviceprint=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-useractive=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-pingolb=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
navyfed-obo=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
SMSESSION=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
acctsvcs_dc=; domain=.navyfederal.org; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT; secure
my_dc=w; path=/; domain=.navyfederal.org; secure
ak_bmsc=E8DBFCC7C15936487D484CECFB3DB0B0~000000000000000000000000000000~YAAQPDIQYJKiTsaFAQAA749DDhKkrcP0l/erzdJ01oqw9lfqoizCItwtXbXbPHRExMiVg7TbezW/PqvY5SHRA/GIsKWzJbrTTKQthI9TqQaIcjjRuLH4aHBPKTz7/pXEhkD0QqHN2mooT7Ub5mERdQcPZn/E836D/XE5rqzVFW5oTqiX4mud+ZOgNyrBZENLXZHDSYRPrI/If/2grmDtilffETTecmOceHQeeINk6yJg/BO6PiBKY/gySJkKgpm7k1t7G6aCpfFXPcKhD40ern1z4TFzsShi5CNrPPvkFhxE/KISr/rce/7HbiymWjJRXu/ypEn6YKmVfkeUmgHvdObbPqqOsPFeK04eTdgnsN885QW7w2/INrB2pLEXP96W40Imug==; Domain=.navyfederal.org; Path=/; Expires=Wed, 01 Feb 2023 20:35:53 GMT; Max-Age=7199; HttpOnly
Strict-Transport-Security: max-age=31536000
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash d97ed0916d168d58352b521432ab7028
61b617b33e1a72cef8c8d39e73b3f9418882abd0
8cbb1c9c21a8c2bbbcaa84a79e86f9f8005e01909885a3fab8b00088a047edf6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 18:35:54 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 03:43:28 GMT
Expires: Wed, 08 Feb 2023 03:43:27 GMT
Etag: "61b617b33e1a72cef8c8d39e73b3f9418882abd0"
Cache-Control: max-age=550652,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792cca1e4c86b523-OSL
lptag.liveperson.net/tag/tag.js?site=11478817
178.249.101.23200 OK 7.6 kB URL HTTP/2 lptag.liveperson.net/tag/tag.js?site=11478817
IP 178.249.101.23:0
File type ASCII text, with very long lines (21707), with no line terminators
Hash 73fffd7c64707f625983cd93bc412dca
f001f558aa7ae9281baa111933728d47185e00bd
520582f871580aa30933c2b10be35b68c2cd1f3631addb4d8dcae9bd8c51b3df
GET /tag/tag.js?site=11478817 HTTP/1.1
Host: lptag.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 18:35:54 GMT
content-type: application/javascript
content-length: 7588
last-modified: Wed, 07 Dec 2022 20:20:28 GMT
etag: "6390f58c-1da4"
content-encoding: gzip
server: ws
strict-transport-security: max-age=63072000; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
cache-control: public, max-age=630
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 81353767dd5ca7d4a52e8c553358f007
9a85056d5f47ef4757ecb2dae139ac058b147cb4
ba6dc780c83cc6bd42288ebdad8a8cf468d8f551680ab2441026ed9fb21c5d82
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3237
Cache-Control: max-age=140450
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 18:35:55 GMT
Etag: "63da2608-1d7"
Expires: Fri, 03 Feb 2023 09:36:45 GMT
Last-Modified: Wed, 01 Feb 2023 08:42:48 GMT
Server: ECS (amb/6B81)
X-Cache: HIT
Content-Length: 471
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 04baa2d73afb558b508f0533cf639e6b
28724e2db58f79c83817c3569a6c26ff04269708
68c423f13afe5792588d6638dbece45dbc5e793876e4527a95fad14aec79699f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 18:35:56 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 30 Jan 2023 23:37:43 GMT
Expires: Mon, 06 Feb 2023 23:37:42 GMT
Etag: "28724e2db58f79c83817c3569a6c26ff04269708"
Cache-Control: max-age=449505,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792cca2a99abb4f1-OSL
accdn.lpsnmedia.net/api/account/11478817/configuration/setting/accountproperties/?cb=lpCb54244x92828
178.249.101.99200 OK 0 B URL HTTP/2 accdn.lpsnmedia.net/api/account/11478817/configuration/setting/accountproperties/?cb=lpCb54244x92828
IP 178.249.101.99:0
GET /api/account/11478817/configuration/setting/accountproperties/?cb=lpCb54244x92828 HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 18:35:53 GMT
content-type: application/javascript
vary: Accept
expires: Wed, 01 Feb 2023 18:36:10 GMT
x-envoy-upstream-service-time: 1
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: HIT
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/sourcesanspro-semibold-webfont.woff2
216.172.184.77200 OK 0 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/sourcesanspro-semibold-webfont.woff2
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/sourcesanspro-semibold-webfont.woff2 HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css
Cookie: s_fid=3CE42FBF024911AE-3DD3D1E11AC8E7F1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Wed, 01 Feb 2023 18:40:53 GMT
vary: Accept-Encoding
x-endurance-cache-level: 2
content-type: text/html; charset=UTF-8
date: Wed, 01 Feb 2023 18:35:53 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/jquery-ec401aee041a200e3dd94ec7982f0f2f.js
216.172.184.77200 OK 0 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/jquery-ec401aee041a200e3dd94ec7982f0f2f.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/jquery-ec401aee041a200e3dd94ec7982f0f2f.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 00:35:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-type: application/javascript
date: Wed, 01 Feb 2023 18:35:52 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a.js
216.172.184.77200 OK 0 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/a.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 00:35:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-type: application/javascript
date: Wed, 01 Feb 2023 18:35:52 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/nfcu-icons.woff
216.172.184.77200 OK 0 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/nfcu-icons.woff
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/fonts/nfcu-icons.woff HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/responsivemain-599150400912c8247ee1872211972b2a.css
Cookie: s_fid=3CE42FBF024911AE-3DD3D1E11AC8E7F1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
cache-control: max-age=300
expires: Wed, 01 Feb 2023 18:40:53 GMT
vary: Accept-Encoding
x-endurance-cache-level: 2
content-type: text/html; charset=UTF-8
date: Wed, 01 Feb 2023 18:35:53 GMT
server: Apache
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/img-BecomeAMember-1d62888b4b662af9142e3c385f423f32.jpg
216.172.184.77200 OK 0 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/img-BecomeAMember-1d62888b4b662af9142e3c385f423f32.jpg
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/img-BecomeAMember-1d62888b4b662af9142e3c385f423f32.jpg HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
content-length: 185745
cache-control: max-age=31536000
expires: Thu, 01 Feb 2024 18:35:52 GMT
x-endurance-cache-level: 2
content-type: image/jpeg
date: Wed, 01 Feb 2023 18:35:52 GMT
server: Apache
X-Firefox-Spdy: h2
lptag.liveperson.net/lptag/api/account/11478817/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3
178.249.101.23200 OK 0 B URL HTTP/2 lptag.liveperson.net/lptag/api/account/11478817/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3
IP 178.249.101.23:0
GET /lptag/api/account/11478817/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3 HTTP/1.1
Host: lptag.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 18:35:54 GMT
content-type: application/x-javascript
set-cookie: ADRUM_BTa=R:21|g:fdc0bcbe-70b6-4065-a6f8-9068e5af08e9; Max-Age=30; Expires=Wed, 01-Feb-2023 18:36:24 GMT; Path=/
ADRUM_BTa=R:21|g:fdc0bcbe-70b6-4065-a6f8-9068e5af08e9|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Wed, 01-Feb-2023 18:36:24 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Wed, 01-Feb-2023 18:36:24 GMT; Path=/; Secure
ADRUM_BT1=R:21|i:1758155; Max-Age=30; Expires=Wed, 01-Feb-2023 18:36:24 GMT; Path=/
ADRUM_BT1=R:21|i:1758155|e:1; Max-Age=30; Expires=Wed, 01-Feb-2023 18:36:24 GMT; Path=/
ADRUM_BT1=R:21|i:1758155|e:1|d:1; Max-Age=30; Expires=Wed, 01-Feb-2023 18:36:24 GMT; Path=/
cache-control: public, max-age=630
server: ws
strict-transport-security: max-age=63072000; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: MISS
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
liveengage.navyfederal.org/le_secure_storage/3.11.0.2-release_5036/storage.secure.min.html?loc=https%3A%2F%2Fgww-word.com&site=11478817&env=prod
178.249.97.98200 OK 0 B URL HTTP/2 liveengage.navyfederal.org/le_secure_storage/3.11.0.2-release_5036/storage.secure.min.html?loc=https%3A%2F%2Fgww-word.com&site=11478817&env=prod
IP 178.249.97.98:0
GET /le_secure_storage/3.11.0.2-release_5036/storage.secure.min.html?loc=https%3A%2F%2Fgww-word.com&site=11478817&env=prod HTTP/1.1
Host: liveengage.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Cookie: akaalb_my_navyfederal_ALB=~op=my_100_wch:my_prdw|~rv=70~m=my_prdw:0|~os=ddcfe9c18a053d3068d757a21af73146~id=d0b023e2a7e1535675af934e3d2b3f01
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 18:35:55 GMT
content-type: text/html
last-modified: Tue, 29 Sep 2020 18:27:10 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Thu, 01 Feb 2024 18:35:55 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
va.v.liveperson.net/api/js/11478817?&cb=lpCb64648x57379&t=sp&ts=1675276578214&pid=9731351357&tid=3966618453&pt=Navy%20Federal%20Credit%20Union%20-%20Our%20Members%20are%20the%20Mission%EF%BF%BD&u=https%3A%2F%2Fgww-word.com%2Fwp-admin%2Fusr%2Fbbfcdb0c114ac68edb0d8796b68c9baf%2F%3Fentity%3D1994173&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%5D
208.89.12.87200 OK 0 B URL HTTP/2 va.v.liveperson.net/api/js/11478817?&cb=lpCb64648x57379&t=sp&ts=1675276578214&pid=9731351357&tid=3966618453&pt=Navy%20Federal%20Credit%20Union%20-%20Our%20Members%20are%20the%20Mission%EF%BF%BD&u=https%3A%2F%2Fgww-word.com%2Fwp-admin%2Fusr%2Fbbfcdb0c114ac68edb0d8796b68c9baf%2F%3Fentity%3D1994173&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%5D
IP 208.89.12.87:0
GET /api/js/11478817?&cb=lpCb64648x57379&t=sp&ts=1675276578214&pid=9731351357&tid=3966618453&pt=Navy%20Federal%20Credit%20Union%20-%20Our%20Members%20are%20the%20Mission%EF%BF%BD&u=https%3A%2F%2Fgww-word.com%2Fwp-admin%2Fusr%2Fbbfcdb0c114ac68edb0d8796b68c9baf%2F%3Fentity%3D1994173&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%5D HTTP/1.1
Host: va.v.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 18:35:56 GMT
content-type: application/javascript
set-cookie: LPVisitorID=hjYzM3MjQ4Yzk5Njg0YmM2; Expires=Thu, 01-Feb-2024 18:35:56 GMT; Path=/; HttpOnly
LPSessionID=dFm9KWI_Q3iWCy7aGf0qzQ; Path=/api/js/11478817; HttpOnly
cache-control: no-store
server: ws
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2
gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/recaptcha__en.js
216.172.184.77200 OK 0 B URL HTTP/2 gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/recaptcha__en.js
IP 216.172.184.77:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/index_files/recaptcha__en.js HTTP/1.1
Host: gww-word.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gww-word.com/wp-admin/usr/bbfcdb0c114ac68edb0d8796b68c9baf/?entity=1994173
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 23 Nov 2022 15:28:42 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Thu, 02 Feb 2023 00:35:52 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
content-type: application/javascript
date: Wed, 01 Feb 2023 18:35:52 GMT
server: Apache
X-Firefox-Spdy: h2