Report - cash2gofinancial.com/wp-content/cgi/v4.zip

Report Overview

Submitted URL
cash2gofinancial.com/wp-content/cgi/v4.zip
IP
50.28.18.203
ASN
#32244 LIQUIDWEB
Submitted
2023-04-04 22:55:03
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
38

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-04-04T18:25:02Z	2.0 kB	151 kB	142.250.74.67
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-04-04T18:12:09Z	2.4 kB	6.2 kB	23.36.76.226
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-04-04T18:13:50Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-04-04T18:19:16Z	606 B	238 B	34.117.65.55
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-04-04T13:13:40Z	3.8 kB	61 kB	34.120.237.76
cdnjs.cloudflare.com	235	2015-04-17T22:46:33Z	2023-04-04T18:15:04Z	432 B	6.7 kB	104.17.24.14
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-04-04T18:12:04Z	2.7 kB	5.6 kB	142.250.74.131
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-04-04T22:35:31Z	731 B	5.0 kB	142.250.74.74
cash2gofinancial.com	unknown	2015-03-11T00:22:32Z	2023-03-20T11:45:16Z	844 B	2.0 kB	50.28.18.203
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-04-04T18:13:55Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-04-04T18:20:05Z	413 B	5.9 kB	34.160.144.191
www.cash2gofinancial.com	unknown	2019-08-05T19:42:08Z	2023-02-17T11:51:44Z	20 kB	1.2 MB	50.28.18.203

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-04-04	medium	cash2gofinancial.com/wp-content/cgi/v4.zip	Phishing
2023-04-04	medium	cash2gofinancial.com/wp-content/cgi/v4.zip	Phishing
2023-04-04	medium	www.cash2gofinancial.com/	Phishing
2023-04-04	medium	www.cash2gofinancial.com/wp-includes/js/thickbox/thickbox.css?ver=6.1.1	Phishing
2023-04-04	medium	www.cash2gofinancial.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1	Phishing
2023-04-04	medium	www.cash2gofinancial.com/wp-includes/css/classic-themes.min.css?ver=1	Phishing
2023-04-04	medium	www.cash2gofinancial.com/wp-includes/css/dashicons.min.css?ver=6.1.1	Phishing
2023-04-04	medium	www.cash2gofinancial.com/wp-content/plugins/wp-store-locator/css/styles.min.css?ver=2.2.236	Phishing
2023-04-04	medium	www.cash2gofinancial.com/wp-content/themes/theme19/style.css?ver=1.6	Phishing
2023-04-04	medium	www.cash2gofinancial.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-foundation.min.css?ver=2.7.3	Phishing
2023-04-04	medium	www.cash2gofinancial.com/wp-content/uploads/2022/06/Blank-1000-x-536.jpeg	Phishing
2023-04-04	medium	www.cash2gofinancial.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-reset.min.css?ver=2.7.3	Phishing
2023-04-04	medium	www.cash2gofinancial.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-orbital-theme.min.css?ver=2.7.3	Phishing
2023-04-04	medium	www.cash2gofinancial.com/wp-content/plugins/gravityforms/legacy/css/browsers.min.css?ver=2.7.3	Phishing
2023-04-04	medium	www.cash2gofinancial.com/wp-content/plugins/gravityforms/legacy/css/formsmain.min.css?ver=2.7.3	Phishing
2023-04-04	medium	www.cash2gofinancial.com/wp-content/plugins/gravityforms/legacy/css/formreset.min.css?ver=2.7.3	Phishing
2023-04-04	medium	www.cash2gofinancial.com/wp-content/uploads/2022/01/AdobeStock_215630575-scaled-e1672781991541.jpeg	Phishing
2023-04-04	medium	www.cash2gofinancial.com/wp-content/uploads/2022/06/Blank-604-x-6507.jpeg	Phishing
2023-04-04	medium	www.cash2gofinancial.com/wp-content/themes/theme19/print.css?ver=1.6	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	www.cash2gofinancial.com/	476 B	2023-03-07	2024-05-04
Pretty URL www.cash2gofinancial.com/ IP 50.28.18.203 ASN #32244 LIQUIDWEB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:50 Last Seen2024-05-04 14:55:52 Times Seen15754 Hash ce71388c2d441cfb9ef0985bc4e5bb71 1e74c490ed76f671eb45ab0b45c9c9f5b9b89f0f efb5a648656ae8f944fbf74e5644126464160ab50197a288c8b587e74edd575a Loading...

	www.cash2gofinancial.com/	318 B	2023-03-14	2023-04-05
Pretty URL www.cash2gofinancial.com/ IP 50.28.18.203 ASN #32244 LIQUIDWEB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 02:03:26 Last Seen2023-04-05 02:11:51 Times Seen2 Hash 43dcf9635891c470d32e2bcae60a3530 6c7d47ba97d3dec586cf66476aca0c26c5751815 83043aed95051e96771e862604081a411a6af9acd9cbfa620d944c3c6739f527 Loading...

	www.cash2gofinancial.com/	528 B	2023-04-05	2023-04-05
Pretty URL www.cash2gofinancial.com/ IP 50.28.18.203 ASN #32244 LIQUIDWEB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 02:11:51 Last Seen2023-04-05 02:11:51 Times Seen1 Hash 558714c7ae01e05b705d7e4cf9279f5d 8db3b083839c191b64e8100492cea54fff58b703 c48bd094407805a1519dde1c1dc90e2287f267f786b2a107b9e1ca1bbc82c6a5 Loading...

	www.cash2gofinancial.com/	396 B	2023-04-05	2023-04-05
Pretty URL www.cash2gofinancial.com/ IP 50.28.18.203 ASN #32244 LIQUIDWEB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 02:11:51 Last Seen2023-04-05 02:11:51 Times Seen1 Hash 5a84fae691e61eb68c9c27b86f2ade41 e7d55a5a0198d388eaa17ea3ed16f48db0476907 8194e1fec2087f8efc99bd73900d59760cfd356573dba1c021128a011276dc1f Loading...

	www.cash2gofinancial.com/	803 B	2023-03-14	2023-04-05
Pretty URL www.cash2gofinancial.com/ IP 50.28.18.203 ASN #32244 LIQUIDWEB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 02:03:26 Last Seen2023-04-05 02:11:51 Times Seen2 Hash fe381cee25f9a94315c443198865fab0 03acd67cf178042394ff0e73fd8e29ed5f4eb0db 81c03f902f3a5c96c595ab107bb6ad98e788c28d8b6cedf40dbcd984cc8ad4ec Loading...

	www.cash2gofinancial.com/	1.5 kB	2023-03-07	2024-05-04
Pretty URL www.cash2gofinancial.com/ IP 50.28.18.203 ASN #32244 LIQUIDWEB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:06 Last Seen2024-05-04 01:27:52 Times Seen2561 Hash 28c2e8b00e9ba445a16144cf6a980708 5c8a328bd99c4d19aefe33796c82ab13a8ffcb6d 70c9f8ec76a9f213ff034d0e1c0eeb0f3652c1c41504e0db2b6175a21c4ecdd7 Loading...

	www.cash2gofinancial.com/	9.9 kB	2023-03-26	2024-04-04
Pretty URL www.cash2gofinancial.com/ IP 50.28.18.203 ASN #32244 LIQUIDWEB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 00:06:42 Last Seen2024-04-04 17:05:00 Times Seen385 Hash 5b8deddd46bb1e719170ff49d1b59f26 e8e46b224504775b6e7af3ab566173eb17faccb3 9093d210d9b18372108d3d4d1ba1d7ce3668cb2c5e9d2adf89f10a0d9a740fd9 Loading...

	www.cash2gofinancial.com/	485 B	2023-03-14	2023-04-05
Pretty URL www.cash2gofinancial.com/ IP 50.28.18.203 ASN #32244 LIQUIDWEB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 02:03:26 Last Seen2023-04-05 02:11:51 Times Seen2 Hash 771b5001a5be65bb981402d2bb5d2d05 21dfaa7d1c4909a9a5a26492c5b23f8ef81038eb 761e69517d9ae5d2a040de7c076391c30def51a62093bc590e2ae1b71c72f4f2 Loading...

	www.cash2gofinancial.com/	1.7 kB	2023-04-05	2023-04-05
Pretty URL www.cash2gofinancial.com/ IP 50.28.18.203 ASN #32244 LIQUIDWEB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 02:11:51 Last Seen2023-04-05 02:11:51 Times Seen1 Hash 52e754d993498310ca7bec6debd2c812 cfc658430b4d3c5776d5cc87b11ba3e5a1eaf6a8 0c621f31ce1c73f136675d666487fc9b6ba638d8e4b69cf8aed0ccd47066bf48 Loading...

	www.cash2gofinancial.com/	231 B	2023-04-05	2023-04-05
Pretty URL www.cash2gofinancial.com/ IP 50.28.18.203 ASN #32244 LIQUIDWEB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 02:11:51 Last Seen2023-04-05 02:11:51 Times Seen1 Hash b55d37b0f2894646316bc8a04a33ffb4 e444f8c15037b9578df11974c0a624e97cc9b131 dc94bc9801b5b576544e165405306e439691f08de1aecd873d83b3c8cccaae96 Loading...

	www.cash2gofinancial.com/	5.0 kB	2023-03-14	2023-04-05
Pretty URL www.cash2gofinancial.com/ IP 50.28.18.203 ASN #32244 LIQUIDWEB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 02:03:26 Last Seen2023-04-05 02:11:51 Times Seen2 Hash 5bd7a4c245d8ef421c8a5d7780e9f40f 03a2885396d15e832d6fdff5ac58191868f09393 2553bcaf16447376cf3aa3999634e80082c0d6e64373d31c0bf89437bcd2d738 Loading...

HTTP Transactions (79)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a4074549843769a3da3f055bcb5a78ff
f99062d34cf71bda6a9c64061fb9e61008f94021
895e3801806f031611a25bec5652cc1a46dfa76ea6784f5064d859c1a5b9ddf7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "895E3801806F031611A25BEC5652CC1A46DFA76EA6784F5064D859C1A5B9DDF7"
Last-Modified: Tue, 04 Apr 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17828
Expires: Wed, 05 Apr 2023 03:51:56 GMT
Date: Tue, 04 Apr 2023 22:54:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e50dac5108a698d61ca49516033d1a20
53d243b89fc00deb9bfae07351bbe36ddb7c1df3
e9e0ad98c485b56fe65ea0a8bc4974fff3f804fcf2d8f6266ada9acd27c7b7cc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E9E0AD98C485B56FE65EA0A8BC4974FFF3F804FCF2D8F6266ADA9ACD27C7B7CC"
Last-Modified: Tue, 04 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12448
Expires: Wed, 05 Apr 2023 02:22:16 GMT
Date: Tue, 04 Apr 2023 22:54:48 GMT
Connection: keep-alive

cash2gofinancial.com/wp-content/cgi/v4.zip

50.28.18.203

301 Moved Permanently

258 B

URL HTTP/1.1
cash2gofinancial.com/wp-content/cgi/v4.zip
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
258 B (258 bytes)
Hash
2aaeee374acc52bc9079c4cd71c34796
bad962aabbe59958459d0b27a99af824ab82a863
b143caea044ab44a2f99749e6d0f76cebb056e5924be07b8f0dd5dc3b0406c46

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/cgi/v4.zip HTTP/1.1
Host: cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Tue, 04 Apr 2023 22:54:48 GMT
Server: Apache
Location: https://cash2gofinancial.com/wp-content/cgi/v4.zip
Cache-Control: max-age=0
Expires: Tue, 04 Apr 2023 22:54:48 GMT
Content-Length: 258
Keep-Alive: timeout=2, max=500
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
29fdbcd53b5646cfcdd46510063734c4
85e3ceda5ef130219f4fe8a31e52e2690c8f7d8e
24c27586332c016685e6231fec5836e921048d8aaefbcd4cd6f88969f9d91e18

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 04 Apr 2023 22:16:42 GMT
content-type: application/json
age: 2286
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
903ed2d58f1f33d069b70c4b53f1cb1f
0ef89cd6eb79a2ddd74434f9233cf486fffc1142
d8c984b50f04fcdb1ebc99d982502d85193302c85239ee7497666247edfc0061

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8C984B50F04FCDB1EBC99D982502D85193302C85239EE7497666247EDFC0061"
Last-Modified: Sun, 02 Apr 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21436
Expires: Wed, 05 Apr 2023 04:52:04 GMT
Date: Tue, 04 Apr 2023 22:54:48 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
95f61d351f5fc9533cc78e255ce9bc06
fba284117f347782ac23c51d141d7e3ec15a867e
7fcc5f9e52e389d8d7c6df7f1f2a1291ae0aaae8e554f3022239ab092b2ef3c3

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: hWCbFEBo+nsul1hvqJfUtukBQTQcdmH5h3NxpH56lX4IfT1TM1aB3M8yt+wyVhoivtJA4bzBAKo=
x-amz-request-id: 62S18JHYFPPG26HJ
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 04 Apr 2023 22:53:23 GMT
age: 85
last-modified: Fri, 31 Mar 2023 17:04:39 GMT
etag: "95f61d351f5fc9533cc78e255ce9bc06"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 04 Apr 2023 22:54:48 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
27326a64990c6f698a83600491674790
a6bdb4743ace6be80673f6899605bf9177a75b69
e4a8d3c3016130e47580098183bcea5ae369697b7907eafd65ac3450dc2eb265

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E4A8D3C3016130E47580098183BCEA5AE369697B7907EAFD65AC3450DC2EB265"
Last-Modified: Mon, 03 Apr 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5989
Expires: Wed, 05 Apr 2023 00:34:38 GMT
Date: Tue, 04 Apr 2023 22:54:49 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Backoff, Last-Modified, Alert, Content-Length, Pragma, Cache-Control, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 04 Apr 2023 22:14:45 GMT
age: 2404
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

push.services.mozilla.com/

34.117.65.55

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.117.65.55:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: v6noCPQiPierq6nxkiD8jA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ONmShIZq6GE9fdzxJlK7eO+vp2s=
Date: Tue, 04 Apr 2023 22:54:49 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cash2gofinancial.com/wp-content/cgi/v4.zip

50.28.18.203

301 Moved Permanently

0 B

URL HTTP/2
cash2gofinancial.com/wp-content/cgi/v4.zip
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/cgi/v4.zip HTTP/1.1
Host: cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 301 Moved Permanently
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
set-cookie: apbct_timestamp=1680648889; path=/; secure; HttpOnly; SameSite=Lax
apbct_site_landing_ts=1680648889; path=/; secure; HttpOnly; SameSite=Lax
apbct_page_hits=1; path=/; secure; HttpOnly; SameSite=Lax
apbct_cookies_test=%257B%2522cookies_names%2522%253A%255B%2522apbct_timestamp%2522%252C%2522apbct_site_landing_ts%2522%252C%2522apbct_page_hits%2522%255D%252C%2522check_value%2522%253A%2522ca5e58236e3ddc34f9cbc5e5cd7bd842%2522%257D; path=/; secure; HttpOnly; SameSite=Lax
apbct_urls=%7B%22cash2gofinancial.com%2Fwp-content%2Fcgi%2Fv4.zip%22%3A%5B1680648889%5D%7D; expires=Fri, 07-Apr-2023 22:54:49 GMT; Max-Age=259200; path=/; domain=www.cash2gofinancial.com; secure; HttpOnly; SameSite=Lax
apbct_site_referer=UNKNOWN; expires=Fri, 07-Apr-2023 22:54:49 GMT; Max-Age=259200; path=/; domain=www.cash2gofinancial.com; secure; HttpOnly; SameSite=Lax
ct_sfw_pass_key=2c0e404f94643917d9118149359ba7e10; expires=Thu, 04-May-2023 22:54:49 GMT; Max-Age=2592000; path=/; secure; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
location: https://www.cash2gofinancial.com
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 04 Apr 2023 22:54:49 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/

50.28.18.203

200 OK

26 kB

URL HTTP/2
www.cash2gofinancial.com/
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Non-ISO extended-ASCII text, with very long lines (10467), with CRLF, LF line terminators
Size
26 kB (26428 bytes)
Hash
db2e175e95089403cf83f0d39445cd2f
cd3824d801dd0a9911c94176828eea84b8efbd4a
b3cbfdb3e392690374d69df0b91aab2f2417d6e371127c1aa723b5baefd2c75f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding,User-Agent
last-modified: Tue, 04 Apr 2023 16:36:53 GMT
accept-ranges: bytes
content-length: 26428
cache-control: max-age=0
expires: Tue, 04 Apr 2023 22:54:50 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

104.17.24.14

200 OK

5.6 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (30837)
Size
5.6 kB (5631 bytes)
Hash
109d1ed85cd01f9cdab73a4cac5bf80d
d6c6498ad46de2d8e2008a8ff68e364ae7f16b32
8b3a74fe462f5b3c0635995fd721a60eb640e237680b0b532b96711f2823e8bc

HTTP Headers

GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 04 Apr 2023 22:54:50 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 3048568
expires: Sun, 24 Mar 2024 22:54:50 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=38GZZ9p9sehsjtYmALYmf8hXwJZsF0YuA%2Fqh51Bhu07QBD0pHBPvPiukjHGFXEnxwXiKu2u%2FyOXH7uPboLYM020%2B196N5rmeIc9TVrWz2jIj8onGJz5FGLetLCnCjNDiij%2BqLSxl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7b2d22aeeebf0b41-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-includes/js/thickbox/thickbox.css?ver=6.1.1

50.28.18.203

200 OK

939 B

URL HTTP/2
www.cash2gofinancial.com/wp-includes/js/thickbox/thickbox.css?ver=6.1.1
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
ASCII text
Size
939 B (939 bytes)
Hash
ba202c3af960a44cdd8ab5152650dca4
f1b0452b648dd92566947e572547be1fad735d69
b09840646b82209db604123f68711b1d0859c6cf7ec154594c5d7a25911fe658

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-includes/js/thickbox/thickbox.css?ver=6.1.1 HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Wed, 17 Aug 2022 07:34:57 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Wed, 03 Apr 2024 22:54:50 GMT
content-encoding: gzip
content-length: 939
content-type: text/css; charset=utf-8
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/plugins/cleantalk-spam-protect/css/cleantalk-public.min.css?ver=6.7

50.28.18.203

200 OK

548 B

URL HTTP/2
www.cash2gofinancial.com/wp-content/plugins/cleantalk-spam-protect/css/cleantalk-public.min.css?ver=6.7
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
ASCII text, with very long lines (1268), with no line terminators
Size
548 B (548 bytes)
Hash
eee97d3b975719eba52253a1a0cb70c0
e83442f555d64c283c021111d50652fe29443739
76277c9423c8ac0ab0da78610a32ed677234d59afefa8ee44f39cec757e0e941

HTTP Headers

GET /wp-content/plugins/cleantalk-spam-protect/css/cleantalk-public.min.css?ver=6.7 HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Thu, 30 Mar 2023 16:24:20 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Wed, 03 Apr 2024 22:54:50 GMT
content-encoding: gzip
content-length: 548
content-type: text/css; charset=utf-8
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1

50.28.18.203

200 OK

12 kB

URL HTTP/2
www.cash2gofinancial.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
ASCII text, with very long lines (47826)
Size
12 kB (12518 bytes)
Hash
8fa87dd23394a22621248ec378d2af59
9305bc637a89b1700d7f56a19a80bd32b0feb2f7
c162f7de24fa2d4e93e0da254ef287ff72f4a3e03f42443265097968351388dc

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Wed, 16 Nov 2022 00:11:58 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Wed, 03 Apr 2024 22:54:50 GMT
content-encoding: gzip
content-length: 12518
content-type: text/css; charset=utf-8
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/themes/theme19/css/owl.carousel.css

50.28.18.203

200 OK

1.4 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/themes/theme19/css/owl.carousel.css
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
ASCII text
Size
1.4 kB (1387 bytes)
Hash
c4f140e9c23c8fea3e35a73aaf166d20
da5e7d62ee8a1ca5b6f47d84d39a0336e6a9e72b
9df7553202b710155aeb66167d387ee65e8a96b7fe1323a73bcd89e2a733d040

HTTP Headers

GET /wp-content/themes/theme19/css/owl.carousel.css HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Fri, 20 Apr 2018 13:22:10 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Wed, 03 Apr 2024 22:54:50 GMT
content-encoding: gzip
content-length: 1387
content-type: text/css; charset=utf-8
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/themes/theme19/responsive.css

50.28.18.203

200 OK

7.7 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/themes/theme19/responsive.css
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
ASCII text
Size
7.7 kB (7706 bytes)
Hash
467624058de4f7101af11beff19b9581
d9732f4c9d418e3d6596b14a93a1f1605847288b
0eae069df88b8d7965a9a8ea2155b5f71be60c29a63aa716cb174fea73f305e8

HTTP Headers

GET /wp-content/themes/theme19/responsive.css HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Mon, 06 Mar 2023 07:12:09 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Wed, 03 Apr 2024 22:54:50 GMT
content-encoding: gzip
content-length: 7706
content-type: text/css; charset=utf-8
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-includes/css/classic-themes.min.css?ver=1

50.28.18.203

200 OK

189 B

URL HTTP/2
www.cash2gofinancial.com/wp-includes/css/classic-themes.min.css?ver=1
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
ASCII text
Size
189 B (189 bytes)
Hash
5a18e16eb01cbaa862eb32e6b77bedb2
3abf9b913cc9f558f02cba7c9b822f8d1812cb96
d2b5af913332941d5ae7786d1fa70e0d009315c4ede6ad5b80d0f663bb54521f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Mon, 07 Nov 2022 20:35:27 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Wed, 03 Apr 2024 22:54:50 GMT
content-encoding: gzip
content-length: 189
content-type: text/css; charset=utf-8
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-includes/css/dashicons.min.css?ver=6.1.1

50.28.18.203

200 OK

36 kB

URL HTTP/2
www.cash2gofinancial.com/wp-includes/css/dashicons.min.css?ver=6.1.1
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
ASCII text, with very long lines (58981)
Size
36 kB (35730 bytes)
Hash
00492d322e5572c7abc3e8701b6c52c1
0802ac2c8280ce7c98af881b1d49ec682acbf314
8bc01632cbc3ab834e04141d444ff82b05a4691444d70a9860477710e330b824

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-includes/css/dashicons.min.css?ver=6.1.1 HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Wed, 17 Aug 2022 07:14:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Wed, 03 Apr 2024 22:54:50 GMT
content-encoding: gzip
content-length: 35730
content-type: text/css; charset=utf-8
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/plugins/wp-store-locator/css/styles.min.css?ver=2.2.236

50.28.18.203

200 OK

3.4 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/plugins/wp-store-locator/css/styles.min.css?ver=2.2.236
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
ASCII text, with very long lines (14979), with no line terminators
Size
3.4 kB (3368 bytes)
Hash
6e976e38293c78f3fecbe2040d309762
772be42cb3f7a76c8fd3501ee447a5ceeed28a0d
5fffc887bffdbe8eba0c2aa723e85adabeb34207939ea8cc3722eb21d39bb795

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/wp-store-locator/css/styles.min.css?ver=2.2.236 HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Tue, 21 Feb 2023 17:35:41 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Wed, 03 Apr 2024 22:54:50 GMT
content-encoding: gzip
content-length: 3368
content-type: text/css; charset=utf-8
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/plugins/call-now-button/resources/style/modern.css?ver=1.3.9

50.28.18.203

200 OK

1.1 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/plugins/call-now-button/resources/style/modern.css?ver=1.3.9
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
ASCII text
Size
1.1 kB (1109 bytes)
Hash
755f697ddd308f2f8634766519c1f184
a16290c1a20fd723a2bc5c83e289b73ccb46fb66
6be2c577fd6bf63080c7e007f8c32cc7c2d61e1d9135774b0c3d6aad8b96d156

HTTP Headers

GET /wp-content/plugins/call-now-button/resources/style/modern.css?ver=1.3.9 HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Thu, 30 Mar 2023 16:24:26 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Wed, 03 Apr 2024 22:54:50 GMT
content-encoding: gzip
content-length: 1109
content-type: text/css; charset=utf-8
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/themes/theme19/style.css?ver=1.6

50.28.18.203

200 OK

16 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/themes/theme19/style.css?ver=1.6
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
ASCII text, with very long lines (397)
Size
16 kB (16271 bytes)
Hash
aa50cbac5bd89ad7105c90392ea740e9
c3f28f946c233985d54e5782f1ccbe982ec2be9b
bb0de6865b4d5813ba0be2a5756f13342b862c15ca2af1aed70da173edd46616

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/theme19/style.css?ver=1.6 HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Tue, 21 Mar 2023 13:05:55 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Wed, 03 Apr 2024 22:54:50 GMT
content-encoding: gzip
content-length: 16271
content-type: text/css; charset=utf-8
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/uploads/2022/01/client_logo7.jpg

50.28.18.203

200 OK

6.6 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/uploads/2022/01/client_logo7.jpg
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 297x155, components 3\012- data
Size
6.6 kB (6584 bytes)
Hash
559de87429f48ae816bd84de5f34c833
8677b44aeb15b23a1502f066dc522c20904f4675
f3901b38674b26b6d7038e371c4efd278f6f00018989849bc30e606ab8df0699

HTTP Headers

GET /wp-content/uploads/2022/01/client_logo7.jpg HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Tue, 18 Jan 2022 05:17:35 GMT
accept-ranges: bytes
content-length: 6584
cache-control: max-age=10368000, public
expires: Wed, 02 Aug 2023 22:54:50 GMT
content-type: image/jpeg
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-foundation.min.css?ver=2.7.3

50.28.18.203

200 OK

6.7 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-foundation.min.css?ver=2.7.3
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
ASCII text, with very long lines (45113), with no line terminators
Size
6.7 kB (6684 bytes)
Hash
64a06b37286be00e0f312a140bc973ae
8477ec4990a1ed86f31194aafd2d8dd04f802c4e
c29e89b65f0aca690e4b13751ef6401bef0c15896518a36367de581956b153fb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-foundation.min.css?ver=2.7.3 HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Thu, 16 Mar 2023 00:11:52 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Wed, 03 Apr 2024 22:54:50 GMT
content-encoding: gzip
content-length: 6684
content-type: text/css; charset=utf-8
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
869fe4a8dc549ffa1023d3adc184e4f2
37b95d88dd3f6f251bb651b130e09b202850033f
9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8397
Expires: Wed, 05 Apr 2023 01:14:48 GMT
Date: Tue, 04 Apr 2023 22:54:51 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
869fe4a8dc549ffa1023d3adc184e4f2
37b95d88dd3f6f251bb651b130e09b202850033f
9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8397
Expires: Wed, 05 Apr 2023 01:14:48 GMT
Date: Tue, 04 Apr 2023 22:54:51 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4741fb0e250c9bcfbf5ecf935786156a
b5ee9286de89da804036335ad071bcdf0bd69b6f
0273c45d6b16ec9f44aef454cfcc190ac3e953899347c346effb38e335806309

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 22:54:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
869fe4a8dc549ffa1023d3adc184e4f2
37b95d88dd3f6f251bb651b130e09b202850033f
9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8397
Expires: Wed, 05 Apr 2023 01:14:48 GMT
Date: Tue, 04 Apr 2023 22:54:51 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77527c77-7214-4edc-ac50-c610366aefd6.jpeg

34.120.237.76

200 OK

3.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77527c77-7214-4edc-ac50-c610366aefd6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.5 kB (3500 bytes)
Hash
0c14dd9bfa7f1f37c711973900dbb5af
c8dea8f9cafcf7d108c93156f40537e78f7da88f
b99050909eb528f9c22201ed2f0f185edbb1f0b1e16631ef21dca72433e1e05d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77527c77-7214-4edc-ac50-c610366aefd6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3500
x-amzn-requestid: 5626e00a-90a4-42c5-bcbd-1ec24decfa47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C3yqqG0_oAMFTcQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642c97dd-16eb602d2ac30b2521cc8165;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Tue, 04 Apr 2023 21:34:21 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: z3N_E-I5Av2Q7QhEUu5UNeFCxrzUIzu6eWwKQRu03HFutBSwr-xUYQ==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 a9e73292d0b92053c3e38dcec15fd0e2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 21:39:50 GMT
age: 4501
etag: "c8dea8f9cafcf7d108c93156f40537e78f7da88f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79da5da9-3d26-4695-ae7f-58d008a2530b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6606 bytes)
Hash
20ff30ea98e9f9086ee28d4ac369e938
40aee6f21d4958a8e36bb9e9359a1784bb4e059d
1fa8c56d96a34e8971f580a83ef30b460b622d43ed7486ccb2c317366cb2179c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79da5da9-3d26-4695-ae7f-58d008a2530b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6606
x-amzn-requestid: 2e52472d-4c31-46af-b2e7-4ffc169c2222
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C34yhEGhIAMF1sA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642ca1a9-4f0faa13315fe1e76cbb09a3;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Tue, 04 Apr 2023 22:16:09 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: -3eyeauXxMTnrWCD5BX_WX2pakIj6fexjGzeXiTotEkJi7tkQBFFjA==
via: 1.1 b6cdb2111444305bd4957a473b711ad6.cloudfront.net (CloudFront), 1.1 a9e73292d0b92053c3e38dcec15fd0e2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 22:49:16 GMT
age: 335
etag: "40aee6f21d4958a8e36bb9e9359a1784bb4e059d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82e6c3e6-7fa8-45ee-8b20-f057b4f9a87c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9371 bytes)
Hash
368daf089289cba50cd12298597e78a4
f84ad2d3eacfd5aeefd918838f69fcc962c63e51
7a1b8d38402e819ae571d358a7f9b8e430d02ec622cb0434eedb3788849ffb63

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82e6c3e6-7fa8-45ee-8b20-f057b4f9a87c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9371
x-amzn-requestid: a2353b11-26d6-4e26-bab1-79d407cbfa75
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C3yqqE4dIAMFfQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642c97dd-579eb6016ba594714b5f714f;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Tue, 04 Apr 2023 21:34:21 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: WlmZ-_zXC7lDktPKC9fMfiaIhMi9MFmhaKBMIVGjjGje0sD6ZT2sFw==
via: 1.1 626ad4a6bf529166d2aad94a2957694c.cloudfront.net (CloudFront), 1.1 28fdf6e146f70e7372911f118404fb20.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 21:40:40 GMT
age: 4451
etag: "f84ad2d3eacfd5aeefd918838f69fcc962c63e51"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd83b1ff-cffc-4bc4-bd3c-bc6bee996f8d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.2 kB (8166 bytes)
Hash
d37a005990b494f2fbb22b15e95355aa
6dd60d490f5ee8b5f9c8aaeeca5a7a9b7b6a3a4a
89fb008ff33bc826389dab4b4ae6e54f24800102e5ab4993d541ac1a9d2f91b8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd83b1ff-cffc-4bc4-bd3c-bc6bee996f8d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8166
x-amzn-requestid: c20672fe-1108-40c6-af1f-8c63f2524380
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cr60YHdWIAMFVSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6427d81b-7b7c250f5c9862e42bb65d0d;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Sat, 01 Apr 2023 07:07:07 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: EQ_IkbL70ACEqpp_sRChxfh_-LBixVnqDh0zLyhSXNXmf5WyMHYO7Q==
via: 1.1 185f4b03b711932fc7e735c08fdc5abe.cloudfront.net (CloudFront), 1.1 aabd01c4a20dae837d162bd972422efc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 15:04:20 GMT
age: 28231
etag: "6dd60d490f5ee8b5f9c8aaeeca5a7a9b7b6a3a4a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e436c7d-e108-4689-b94e-5ff6e0dfdf0a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9667 bytes)
Hash
dd12555800d3b88954dfea270dc2e42e
1ef8b33524eacd8ea134937f55b2b4c704215992
0da83c486b906ca380982c4006e5b6d9235863056fb43945d74b55453ba07e8b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e436c7d-e108-4689-b94e-5ff6e0dfdf0a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9667
x-amzn-requestid: 688e8919-43f5-461e-8fe2-c37f9d9d4771
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CoomuG7gIAMFWMA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642687c4-4f0b41fe5abeb8af44317551;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 07:12:04 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Eg7iFXrRmw7NlzCTZaSqetbmBptwCFtp7h2ZIWf_on4gPlXUQp_2fA==
via: 1.1 53ee82a7eb57de316cba44c26680b4a6.cloudfront.net (CloudFront), 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 18:34:53 GMT
age: 15598
etag: "1ef8b33524eacd8ea134937f55b2b4c704215992"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74ab7a15-f867-4797-989f-7adeb80e9c1e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5686 bytes)
Hash
9132183080e6510ff7309e59efa59e75
9ce62f7aee64552638ff948e89b2ddf4f20bdff7
b888ab47550e87b46ed8377a0a6e8679fda7b2751473827bcba328aa4ce207ab

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74ab7a15-f867-4797-989f-7adeb80e9c1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5686
x-amzn-requestid: 3900b1cb-78c9-43d6-9c98-6f00d8635e3b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CooSOHAaoAMF6RA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64268741-002861655352e48c6a833c80;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 07:09:53 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: XPqgiYowyfmy22TeKddE1Q7KybhFQNNaBi6XE7HRoCW9gWWIb-kVHA==
via: 1.1 50cc3f0b039433daebdf343a3f4489ae.cloudfront.net (CloudFront), 1.1 8cb7de37a1655236518810d0aabb8656.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 22:21:24 GMT
age: 2007
etag: "9ce62f7aee64552638ff948e89b2ddf4f20bdff7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4741fb0e250c9bcfbf5ecf935786156a
b5ee9286de89da804036335ad071bcdf0bd69b6f
0273c45d6b16ec9f44aef454cfcc190ac3e953899347c346effb38e335806309

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 22:54:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.cash2gofinancial.com/wp-content/uploads/2022/06/Blank-1000-x-536.jpeg

50.28.18.203

200 OK

178 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/uploads/2022/06/Blank-1000-x-536.jpeg
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=13, description=hispanic family with mother, father and son sitting in truck looking outside, manufacturer=SONY, model=ILCE-7M3, orientation=upper-left, xresolution=261, yresolution=269, resolutionunit=2, software=PicMonkey https://www.picmonkey.com, datetime=2019:03:03 03:07:40], progressive, precision 8, 1000x536, components 3\012- data
Size
178 kB (178531 bytes)
Hash
97f363d9adbcf98a274cb397326bad51
e53aac07cb5d40dba208c59e05bf820c947a5945
bb0e2dcd37349e0f4f6ab33f90ca9b65f1975e610828964e04b77b83ef29acf2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/uploads/2022/06/Blank-1000-x-536.jpeg HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Wed, 15 Jun 2022 17:20:12 GMT
accept-ranges: bytes
content-length: 178531
cache-control: max-age=10368000, public
expires: Wed, 02 Aug 2023 22:54:50 GMT
content-type: image/jpeg
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/uploads/2022/01/client_logo2.jpg

50.28.18.203

200 OK

5.9 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/uploads/2022/01/client_logo2.jpg
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 297x155, components 3\012- data
Size
5.9 kB (5885 bytes)
Hash
fe8819dbc5d084dbafad0c965716a5ec
686cf76f0695f3248a6cdb726a0edb08e087f4b6
f09c9cb5a04737260335fa2b26bd4da240c15b0f10dfb2772bc2281d8ca52e9a

HTTP Headers

GET /wp-content/uploads/2022/01/client_logo2.jpg HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Tue, 18 Jan 2022 05:17:16 GMT
accept-ranges: bytes
content-length: 5885
cache-control: max-age=10368000, public
expires: Wed, 02 Aug 2023 22:54:50 GMT
content-type: image/jpeg
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-reset.min.css?ver=2.7.3

50.28.18.203

200 OK

559 B

URL HTTP/2
www.cash2gofinancial.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-reset.min.css?ver=2.7.3
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
ASCII text, with very long lines (1502)
Size
559 B (559 bytes)
Hash
19a7c487dffdfc4ca7f39ad6c2d4bd08
0a93b4b516438485f8c1f9e2f390193808964e35
68ae4f8c030eb51a961752e06e1322f64e6b6f0b0c834537775754c58481baf1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-reset.min.css?ver=2.7.3 HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Thu, 16 Mar 2023 00:11:52 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Wed, 03 Apr 2024 22:54:50 GMT
content-encoding: gzip
content-length: 559
content-type: text/css; charset=utf-8
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/uploads/2022/01/client_logo3.jpg

50.28.18.203

200 OK

6.2 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/uploads/2022/01/client_logo3.jpg
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 297x155, components 3\012- data
Size
6.2 kB (6234 bytes)
Hash
34e40af458c229564b68f5fd9abefd57
ea4d1227a48656e40a44d8e855b62b4650e0c6b0
7fbbff12bcf457f16abaa7677481c4ae112091552e0e95d98e7e37f6922685c3

HTTP Headers

GET /wp-content/uploads/2022/01/client_logo3.jpg HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Tue, 18 Jan 2022 05:17:20 GMT
accept-ranges: bytes
content-length: 6234
cache-control: max-age=10368000, public
expires: Wed, 02 Aug 2023 22:54:50 GMT
content-type: image/jpeg
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/uploads/2022/01/ser_icon3.png

50.28.18.203

200 OK

2.4 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/uploads/2022/01/ser_icon3.png
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
PNG image data, 103 x 101, 8-bit/color RGBA, non-interlaced\012- data
Size
2.4 kB (2359 bytes)
Hash
5e16893c95477ca26e9d690d68ee1216
f445b618c39f983325d2ab56d8048be86676db1c
079b15ea2a9cb78837075893c464c733c83f76a6ca84daa5e0fba91a4d7afde8

HTTP Headers

GET /wp-content/uploads/2022/01/ser_icon3.png HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Mon, 17 Jan 2022 12:36:41 GMT
accept-ranges: bytes
content-length: 2359
cache-control: max-age=10368000, public
expires: Wed, 02 Aug 2023 22:54:50 GMT
content-type: image/png
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/uploads/2022/01/ser_icon1.png

50.28.18.203

200 OK

3.9 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/uploads/2022/01/ser_icon1.png
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
PNG image data, 101 x 101, 8-bit/color RGBA, non-interlaced\012- data
Size
3.9 kB (3901 bytes)
Hash
458e9c69ca0e4407d7b06a6a56345eca
e33360a8c71eb84789eb03465f77c63f7b0390f1
385ce9e47e3f2c8443721095ebc4a01c0ab8a91758f14806557b7fe0664aec68

HTTP Headers

GET /wp-content/uploads/2022/01/ser_icon1.png HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Mon, 17 Jan 2022 12:36:08 GMT
accept-ranges: bytes
content-length: 3901
cache-control: max-age=10368000, public
expires: Wed, 02 Aug 2023 22:54:50 GMT
content-type: image/png
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/uploads/2022/06/client_logo4.jpg

50.28.18.203

200 OK

8.6 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/uploads/2022/06/client_logo4.jpg
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 297x155, components 3\012- data
Size
8.6 kB (8643 bytes)
Hash
092826daf0d20ffb66a0cc8de82ac024
7e64d3ed3237411015c313e8f9f572dc67dda1a5
d5b5f89982a3907dcdbdc3de42bf663c0030b17511b884aead3b3c6558d68019

HTTP Headers

GET /wp-content/uploads/2022/06/client_logo4.jpg HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Wed, 15 Jun 2022 05:00:15 GMT
accept-ranges: bytes
content-length: 8643
cache-control: max-age=10368000, public
expires: Wed, 02 Aug 2023 22:54:50 GMT
content-type: image/jpeg
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/uploads/2022/05/ser_iconn2.png

50.28.18.203

200 OK

1.9 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/uploads/2022/05/ser_iconn2.png
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
PNG image data, 95 x 101, 8-bit/color RGBA, non-interlaced\012- data
Size
1.9 kB (1856 bytes)
Hash
027ca8b59e76515478f7e44af4b9517d
24f4654b05d7766a471fd5c810d1032f398f5ba9
9f8fbee97f62a945725593ac0ae627e8860233428d3f53a0b33accff8cf1fa63

HTTP Headers

GET /wp-content/uploads/2022/05/ser_iconn2.png HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Wed, 11 May 2022 07:48:17 GMT
accept-ranges: bytes
content-length: 1856
cache-control: max-age=10368000, public
expires: Wed, 02 Aug 2023 22:54:50 GMT
content-type: image/png
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-orbital-theme.min.css?ver=2.7.3

50.28.18.203

200 OK

0 B

URL HTTP/2
www.cash2gofinancial.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-orbital-theme.min.css?ver=2.7.3
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-orbital-theme.min.css?ver=2.7.3 HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Thu, 16 Mar 2023 00:11:52 GMT
accept-ranges: bytes
content-length: 0
cache-control: max-age=31536000, public
expires: Wed, 03 Apr 2024 22:54:50 GMT
content-type: text/css; charset=utf-8
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/plugins/gravityforms/legacy/css/browsers.min.css?ver=2.7.3

50.28.18.203

200 OK

1.2 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/plugins/gravityforms/legacy/css/browsers.min.css?ver=2.7.3
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
ASCII text, with very long lines (8213), with no line terminators
Size
1.2 kB (1171 bytes)
Hash
e8a2c6d759c5e6e749fbbb34d9eb54e6
0f0e36255a58029edda6c472d4c17d312d3040f5
7832041eca294c2b6d73a6390af39933d865a7b6093ed1900a9de30605ad8d55

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/gravityforms/legacy/css/browsers.min.css?ver=2.7.3 HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Thu, 16 Mar 2023 00:11:52 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Wed, 03 Apr 2024 22:54:50 GMT
content-encoding: gzip
content-length: 1171
content-type: text/css; charset=utf-8
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/plugins/gravityforms/legacy/css/formsmain.min.css?ver=2.7.3

50.28.18.203

200 OK

12 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/plugins/gravityforms/legacy/css/formsmain.min.css?ver=2.7.3
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
ASCII text, with very long lines (65536), with no line terminators
Size
12 kB (11533 bytes)
Hash
f33d4c5daf30eba0b10fd50e9e90c9fe
fdf7e64432f8714930b47cf245ef2a0568db6e26
5cb1c455971975e1858067e783349fd350e22654e2159cdc1e74a723f4322a6b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/gravityforms/legacy/css/formsmain.min.css?ver=2.7.3 HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Thu, 16 Mar 2023 00:11:52 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Wed, 03 Apr 2024 22:54:50 GMT
content-encoding: gzip
content-length: 11533
content-type: text/css; charset=utf-8
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/plugins/gravityforms/legacy/css/formreset.min.css?ver=2.7.3

50.28.18.203

200 OK

400 B

URL HTTP/2
www.cash2gofinancial.com/wp-content/plugins/gravityforms/legacy/css/formreset.min.css?ver=2.7.3
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
ASCII text, with very long lines (3860), with no line terminators
Size
400 B (400 bytes)
Hash
5afd8e35a9cd198fdf15600f9ecb3adc
4dc773bf113761d3ac0717ffe02726313431f46b
e950371baac0afb0dc18ee434c732d6d2a8e9caf1fedffaf802322ce7b01aecd

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/gravityforms/legacy/css/formreset.min.css?ver=2.7.3 HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Thu, 16 Mar 2023 00:11:52 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Wed, 03 Apr 2024 22:54:50 GMT
content-encoding: gzip
content-length: 400
content-type: text/css; charset=utf-8
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/plugins/gravityforms/legacy/css/readyclass.min.css?ver=2.7.3

50.28.18.203

200 OK

3.3 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/plugins/gravityforms/legacy/css/readyclass.min.css?ver=2.7.3
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
ASCII text, with very long lines (29294), with no line terminators
Size
3.3 kB (3276 bytes)
Hash
01efb707e3f25310d64cd75a63387fd6
69ca54884ef7eadab9d04925d17579ef11c4bacb
b83c9ccc3198b2c3ce10860b11a65d5fc36b89a57e3c04371244ac286a4a9f00

HTTP Headers

GET /wp-content/plugins/gravityforms/legacy/css/readyclass.min.css?ver=2.7.3 HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Thu, 16 Mar 2023 00:11:52 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Wed, 03 Apr 2024 22:54:50 GMT
content-encoding: gzip
content-length: 3276
content-type: text/css; charset=utf-8
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-framework.min.css?ver=2.7.3

50.28.18.203

200 OK

18 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-framework.min.css?ver=2.7.3
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
ASCII text, with very long lines (50037)
Size
18 kB (18226 bytes)
Hash
a0e41a30fe70956d133fc17a11133f6b
3b04abbd69cf5242c9912caf16d1cfa524dad4c5
6d13198f40b6e1f62e1d42c1522309143d52be35747091a769cabac69cf7dc7f

HTTP Headers

GET /wp-content/plugins/gravityforms/assets/css/dist/gravity-forms-theme-framework.min.css?ver=2.7.3 HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Thu, 16 Mar 2023 00:11:52 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Wed, 03 Apr 2024 22:54:50 GMT
content-encoding: gzip
content-length: 18226
content-type: text/css; charset=utf-8
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/uploads/2022/08/ftr-logo.png

50.28.18.203

200 OK

6.9 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/uploads/2022/08/ftr-logo.png
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
PNG image data, 300 x 93, 8-bit/color RGBA, non-interlaced\012- data
Size
6.9 kB (6942 bytes)
Hash
3acc5c998daa727c6587bfc3baac736e
4356f71d2ea3622fb246e553d64dfbf9d5cfbd7b
e36507d9c11447e084fb889efaf8619aa7564b21560f2d948581ba2c8a3502ac

HTTP Headers

GET /wp-content/uploads/2022/08/ftr-logo.png HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Mon, 22 Aug 2022 04:46:55 GMT
accept-ranges: bytes
content-length: 6942
cache-control: max-age=10368000, public
expires: Wed, 02 Aug 2023 22:54:50 GMT
content-type: image/png
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/uploads/2022/01/ser_icon4.png

50.28.18.203

200 OK

1.8 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/uploads/2022/01/ser_icon4.png
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
PNG image data, 87 x 100, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1800 bytes)
Hash
4c024133036e843b97d22f520ba24907
a98ae2b2f608fe46a8bf346dc1db46a565cf49fd
194d79711be4828005a371037323a23a9c4fb9471709f4b8f31704ec03192af3

HTTP Headers

GET /wp-content/uploads/2022/01/ser_icon4.png HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Mon, 17 Jan 2022 12:37:00 GMT
accept-ranges: bytes
content-length: 1800
cache-control: max-age=10368000, public
expires: Wed, 02 Aug 2023 22:54:50 GMT
content-type: image/png
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/uploads/2022/06/client_logo10.jpg

50.28.18.203

200 OK

10 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/uploads/2022/06/client_logo10.jpg
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 297x155, components 3\012- data
Size
10 kB (10101 bytes)
Hash
942cb3ad3ad927608d0ea6f4491b3b4a
5bcbcd475de491c82354fdec1b91e622e8bb515e
dfe29b0a7ccacd83552a1c390e199a42ebbdd5a7a4c4f0e7954340462e762556

HTTP Headers

GET /wp-content/uploads/2022/06/client_logo10.jpg HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Wed, 15 Jun 2022 05:00:21 GMT
accept-ranges: bytes
content-length: 10101
cache-control: max-age=10368000, public
expires: Wed, 02 Aug 2023 22:54:50 GMT
content-type: image/jpeg
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/uploads/2022/01/client_logo5.jpg

50.28.18.203

200 OK

5.7 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/uploads/2022/01/client_logo5.jpg
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 297x155, components 3\012- data
Size
5.7 kB (5730 bytes)
Hash
83513f038aebf4468a4c436d370d3b0d
ecd53f3fdcf5e6a6d70ce4b5b26fec6417046d0f
f3cc91d285b42b7331c3c16a6ec6013f7e4ffc72d8d7ef53edbed81231d8e06b

HTTP Headers

GET /wp-content/uploads/2022/01/client_logo5.jpg HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Tue, 18 Jan 2022 05:17:27 GMT
accept-ranges: bytes
content-length: 5730
cache-control: max-age=10368000, public
expires: Wed, 02 Aug 2023 22:54:50 GMT
content-type: image/jpeg
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/uploads/2022/01/client_logo8.jpg

50.28.18.203

200 OK

8.4 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/uploads/2022/01/client_logo8.jpg
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 297x155, components 3\012- data
Size
8.4 kB (8414 bytes)
Hash
8ec086076ede2d370f343e2f9c118cf3
8830fd434875711214767cff7e180c2b9f289072
5bb6cea06e820d466e14116eb0af1171efc0e581844f6bb43d6a9b7778c4224a

HTTP Headers

GET /wp-content/uploads/2022/01/client_logo8.jpg HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Tue, 18 Jan 2022 05:17:39 GMT
accept-ranges: bytes
content-length: 8414
cache-control: max-age=10368000, public
expires: Wed, 02 Aug 2023 22:54:50 GMT
content-type: image/jpeg
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/uploads/2022/01/client_logo6.jpg

50.28.18.203

200 OK

7.1 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/uploads/2022/01/client_logo6.jpg
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 297x155, components 3\012- data
Size
7.1 kB (7056 bytes)
Hash
fa2ddcd0418d19a7577fdfa40ad3e162
ad608bf31f94a034d1544b030116985f86ce8951
6573d2819627d9b8b32b1c89580f4c1e7570c544629a2b6f747da43bff5c12bd

HTTP Headers

GET /wp-content/uploads/2022/01/client_logo6.jpg HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Tue, 18 Jan 2022 05:17:31 GMT
accept-ranges: bytes
content-length: 7056
cache-control: max-age=10368000, public
expires: Wed, 02 Aug 2023 22:54:50 GMT
content-type: image/jpeg
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/uploads/2022/06/client_logo9.jpg

50.28.18.203

200 OK

8.7 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/uploads/2022/06/client_logo9.jpg
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 297x155, components 3\012- data
Size
8.7 kB (8702 bytes)
Hash
912363de64f923a7e9a81993aba487e0
2c740f5682363f637d007f05da8d5189f32562b6
5b941e759420e6cb6a721935e18a15f9d0002405436b46fb80a0a4b2724bd7d9

HTTP Headers

GET /wp-content/uploads/2022/06/client_logo9.jpg HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Wed, 15 Jun 2022 05:00:18 GMT
accept-ranges: bytes
content-length: 8702
cache-control: max-age=10368000, public
expires: Wed, 02 Aug 2023 22:54:50 GMT
content-type: image/jpeg
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/uploads/2022/08/Blank-297-x-155-1.png

50.28.18.203

200 OK

7.0 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/uploads/2022/08/Blank-297-x-155-1.png
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
PNG image data, 297 x 155, 8-bit/color RGBA, non-interlaced\012- data
Size
7.0 kB (7000 bytes)
Hash
1af3c27963368721c7ba178ffb6a76d8
8380bb8314a5e4a96e1a4d2a8383317bf866e25d
5fb89a28421566b3d5e0d5c4ce191c24bac4dba62b548dd5f7f6235bf754d2d2

HTTP Headers

GET /wp-content/uploads/2022/08/Blank-297-x-155-1.png HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Fri, 19 Aug 2022 16:06:14 GMT
accept-ranges: bytes
content-length: 7000
cache-control: max-age=10368000, public
expires: Wed, 02 Aug 2023 22:54:50 GMT
content-type: image/png
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/themes/theme19/images/logo.png

50.28.18.203

200 OK

37 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/themes/theme19/images/logo.png
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
PNG image data, 294 x 91, 8-bit/color RGBA, non-interlaced\012- data
Size
37 kB (36934 bytes)
Hash
395c0ef02bd75e7b8b526627c3055e36
7643c1157ad0efc8987ed7ec24e00897fa71ee80
3d51b1825804bd6461cfd144b55215a150df742a1dff1d8adca754ed7b8776d9

HTTP Headers

GET /wp-content/themes/theme19/images/logo.png HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Mon, 22 Aug 2022 04:45:48 GMT
accept-ranges: bytes
content-length: 36934
cache-control: max-age=10368000, public
expires: Wed, 02 Aug 2023 22:54:50 GMT
content-type: image/png
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/uploads/2022/01/AdobeStock_215630575-scaled-e1672781991541.jpeg

50.28.18.203

200 OK

99 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/uploads/2022/01/AdobeStock_215630575-scaled-e1672781991541.jpeg
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 1200x750, components 3\012- data
Size
99 kB (98819 bytes)
Hash
bd58faa6df7d853dbbe41c5e533d520a
7a2a674e30ce24373e6fd352c1c9846391b0e9ec
b1963bfef0a2c435b4475e06aaee59e9b3add2570d1b9d01d36fe3165f2da610

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/uploads/2022/01/AdobeStock_215630575-scaled-e1672781991541.jpeg HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Tue, 03 Jan 2023 21:39:51 GMT
accept-ranges: bytes
content-length: 98819
cache-control: max-age=10368000, public
expires: Wed, 02 Aug 2023 22:54:50 GMT
content-type: image/jpeg
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/uploads/2022/06/Blank-604-x-6507.jpeg

50.28.18.203

200 OK

189 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/uploads/2022/06/Blank-604-x-6507.jpeg
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=13, description=Happy Young Mixed Race Ethnic Family Walking In The Park., manufacturer=Canon, model=Canon EOS 5D Mark II, orientation=upper-left, xresolution=255, yresolution=263, resolutionunit=2, software=PicMonkey https://www.picmonkey.com, datetime=2011:11:19 11:45:50], progressive, precision 8, 604x650, components 3\012- data
Size
189 kB (188573 bytes)
Hash
fcb329c17bebb9a23eaa72f18efe9837
27c6e82a8bfc4295127021a345c8150799e8d141
49fb78064694c974abeac404ff6ad69d808afe261a9370af4b651056aed92b48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/uploads/2022/06/Blank-604-x-6507.jpeg HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Fri, 10 Jun 2022 17:41:36 GMT
accept-ranges: bytes
content-length: 188573
cache-control: max-age=10368000, public
expires: Wed, 02 Aug 2023 22:54:50 GMT
content-type: image/jpeg
date: Tue, 04 Apr 2023 22:54:50 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d9209152015bce63ee2d21cc0d966532
7fb6b50059f25e76e0acd9f8ced75095ba7474fe
e3d734e1657051dfd33351e97078cf4e5210332ac63e0b104ff73e913011f024

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 22:54:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d9209152015bce63ee2d21cc0d966532
7fb6b50059f25e76e0acd9f8ced75095ba7474fe
e3d734e1657051dfd33351e97078cf4e5210332ac63e0b104ff73e913011f024

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 22:54:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d9209152015bce63ee2d21cc0d966532
7fb6b50059f25e76e0acd9f8ced75095ba7474fe
e3d734e1657051dfd33351e97078cf4e5210332ac63e0b104ff73e913011f024

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 22:54:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d9209152015bce63ee2d21cc0d966532
7fb6b50059f25e76e0acd9f8ced75095ba7474fe
e3d734e1657051dfd33351e97078cf4e5210332ac63e0b104ff73e913011f024

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 22:54:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d9209152015bce63ee2d21cc0d966532
7fb6b50059f25e76e0acd9f8ced75095ba7474fe
e3d734e1657051dfd33351e97078cf4e5210332ac63e0b104ff73e913011f024

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 22:54:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/worksans/v18/QGYsz_wNahGAdqQ43Rh_fKDp.woff2

142.250.74.67

200 OK

48 kB

URL HTTP/2
fonts.gstatic.com/s/worksans/v18/QGYsz_wNahGAdqQ43Rh_fKDp.woff2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 47728, version 1.0\012- data
Size
48 kB (47728 bytes)
Hash
b1581ddd77372ceb06eb14adfd1bea07
1a3b0fc96fa73b808aa1f91f122a3c9bdcf93ee8
97e82d8eac8d106b28abf1b716982c40c06fffe49cc2f34cd1c299266745ef73

HTTP Headers

GET /s/worksans/v18/QGYsz_wNahGAdqQ43Rh_fKDp.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cash2gofinancial.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 47728
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 04 Apr 2023 10:37:02 GMT
expires: Wed, 03 Apr 2024 10:37:02 GMT
cache-control: public, max-age=31536000
age: 44269
last-modified: Tue, 23 Aug 2022 17:55:22 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/worksans/v18/QGYqz_wNahGAdqQ43Rh_eZDrv_0.woff2

142.250.74.67

200 OK

46 kB

URL HTTP/2
fonts.gstatic.com/s/worksans/v18/QGYqz_wNahGAdqQ43Rh_eZDrv_0.woff2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 45540, version 1.0\012- data
Size
46 kB (45540 bytes)
Hash
265a048e07b2c44b263558a34fb43ef0
da5d9a13e1d0e704edf24e435e608a7e67daca11
539d1318b0edaab4cfab043af9a46729116345b5b9b318a4c7cd25f5bc48e7e8

HTTP Headers

GET /s/worksans/v18/QGYqz_wNahGAdqQ43Rh_eZDrv_0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cash2gofinancial.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 45540
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 04 Apr 2023 10:38:34 GMT
expires: Wed, 03 Apr 2024 10:38:34 GMT
cache-control: public, max-age=31536000
age: 44177
last-modified: Tue, 23 Aug 2022 17:55:36 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/overpass/v12/qFdH35WCmI96Ajtm81GlU9s.woff2

142.250.74.67

200 OK

39 kB

URL HTTP/2
fonts.gstatic.com/s/overpass/v12/qFdH35WCmI96Ajtm81GlU9s.woff2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 38720, version 1.0\012- data
Size
39 kB (38720 bytes)
Hash
5342b2bb527c1805890cfe977169338a
cb0b7569ea75637b94cae5196682f70e83e84639
e505e654ef4708d9c3d0da4c03e57ae1df262e07377938d4f456a71918c8aa3d

HTTP Headers

GET /s/overpass/v12/qFdH35WCmI96Ajtm81GlU9s.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cash2gofinancial.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 38720
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 04 Apr 2023 09:29:11 GMT
expires: Wed, 03 Apr 2024 09:29:11 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 18 Jul 2022 18:41:11 GMT
content-type: font/woff2
age: 48340
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.67

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cash2gofinancial.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 04 Apr 2023 10:31:10 GMT
expires: Wed, 03 Apr 2024 10:31:10 GMT
cache-control: public, max-age=31536000
age: 44621
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d9209152015bce63ee2d21cc0d966532
7fb6b50059f25e76e0acd9f8ced75095ba7474fe
e3d734e1657051dfd33351e97078cf4e5210332ac63e0b104ff73e913011f024

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 22:54:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/css2?family=Overpass:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,300&family=Work+Sans:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

142.250.74.74

200 OK

4.3 kB

URL HTTP/2
fonts.googleapis.com/css2?family=Overpass:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,300&family=Work+Sans:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type
data
Size
4.3 kB (4320 bytes)
Hash
15cee8581df5e0640d8f1c8e062e02c1
92c982699ce428963c57222d7b364e1c97044b7e
7e6c844cd08a6a3d2bc3723aa0a37c2d88dd3b4ce3810e89635337530b3d54a5

HTTP Headers

GET /css2?family=Overpass:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,300&family=Work+Sans:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 04 Apr 2023 22:54:51 GMT
date: Tue, 04 Apr 2023 22:54:51 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/themes/theme19/print.css?ver=1.6

50.28.18.203

200 OK

1.2 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/themes/theme19/print.css?ver=1.6
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1216 bytes)
Hash
b8b819e4db22a714d1fd407fc2e45115
f29d5609a3577d1750f609aa8fffdd4b4307848d
2113e9125966e958106c22477dbcb10f288d2b4a7a1ca2af1984445741a3f0e1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/theme19/print.css?ver=1.6 HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Tue, 07 Jul 2020 06:29:17 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Wed, 03 Apr 2024 22:54:51 GMT
content-encoding: gzip
content-length: 1216
content-type: text/css; charset=utf-8
date: Tue, 04 Apr 2023 22:54:51 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/themes/theme19/images/location_bg.jpg

50.28.18.203

200 OK

14 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/themes/theme19/images/location_bg.jpg
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x447, components 3\012- data
Size
14 kB (14418 bytes)
Hash
360964980837ecf8e5e8c1cedacd6b59
91a04b603226d6284365e55f0abbacdccead78a4
c224f3f73376392179c31858abb090e062caf5b77d594d51348c1e0781fa35b8

HTTP Headers

GET /wp-content/themes/theme19/images/location_bg.jpg HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/wp-content/themes/theme19/style.css?ver=1.6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Mon, 17 Jan 2022 10:55:17 GMT
accept-ranges: bytes
content-length: 14418
cache-control: max-age=10368000, public
expires: Wed, 02 Aug 2023 22:54:51 GMT
content-type: image/jpeg
date: Tue, 04 Apr 2023 22:54:51 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/themes/theme19/images/footer_bg.jpg

50.28.18.203

200 OK

43 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/themes/theme19/images/footer_bg.jpg
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x997, components 3\012- data
Size
43 kB (42845 bytes)
Hash
0754af8a51fab487526997df18064324
b1f348139cb5d0f01b57ca2042dc6b42ba09b713
5b0a5223cfd1e6feae9cdc61efe06e84d7117c532c2b6118d8d98e19d06e990e

HTTP Headers

GET /wp-content/themes/theme19/images/footer_bg.jpg HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/wp-content/themes/theme19/style.css?ver=1.6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Tue, 18 Jan 2022 11:08:56 GMT
accept-ranges: bytes
content-length: 42845
cache-control: max-age=10368000, public
expires: Wed, 02 Aug 2023 22:54:51 GMT
content-type: image/jpeg
date: Tue, 04 Apr 2023 22:54:51 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/themes/theme19/images/banner.jpg

50.28.18.203

200 OK

280 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/themes/theme19/images/banner.jpg
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1030, components 3\012- data
Size
280 kB (279897 bytes)
Hash
f5a1e94599991f5c41596cadd44cd38f
86e931772c4dfffa0dc4177aeed69d2a60633a32
55c35b439abc6d1a8d50deb5488bbb084400886b73bcad169e4620db97172f96

HTTP Headers

GET /wp-content/themes/theme19/images/banner.jpg HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/wp-content/themes/theme19/style.css?ver=1.6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Fri, 17 Jun 2022 04:05:30 GMT
accept-ranges: bytes
content-length: 279897
cache-control: max-age=10368000, public
expires: Wed, 02 Aug 2023 22:54:51 GMT
content-type: image/jpeg
date: Tue, 04 Apr 2023 22:54:51 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/themes/theme19/images/form_bg.png

50.28.18.203

200 OK

123 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/themes/theme19/images/form_bg.png
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
PNG image data, 1400 x 680, 8-bit/color RGBA, non-interlaced\012- data
Size
123 kB (123129 bytes)
Hash
630157903297fe6d533e6b93aebf3244
891f148902134ff8e99d38d9d4bc2a822483ff76
674e0859583200fdd8b77de1c60982cfd56b549a9fa1c3174c00e07b80975be0

HTTP Headers

GET /wp-content/themes/theme19/images/form_bg.png HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/wp-content/themes/theme19/style.css?ver=1.6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Tue, 18 Jan 2022 11:03:35 GMT
accept-ranges: bytes
content-length: 123129
cache-control: max-age=10368000, public
expires: Wed, 02 Aug 2023 22:54:51 GMT
content-type: image/png
date: Tue, 04 Apr 2023 22:54:51 GMT
server: Apache
X-Firefox-Spdy: h2

www.cash2gofinancial.com/wp-content/uploads/2022/01/favicon.png

50.28.18.203

200 OK

5.9 kB

URL HTTP/2
www.cash2gofinancial.com/wp-content/uploads/2022/01/favicon.png
IP
50.28.18.203:0
ASN
#32244 LIQUIDWEB

File type
PNG image data, 85 x 49, 8-bit/color RGBA, non-interlaced\012- data
Size
5.9 kB (5896 bytes)
Hash
4be2540ca92d6e24ee1523e48c3a9dc5
b50332f04b0e97ba305fec838bbdeb9ff448993f
765921944dd248cd8dd3fbf124df93d185717d16b37c32ceafce0c08beaaa408

HTTP Headers

GET /wp-content/uploads/2022/01/favicon.png HTTP/1.1
Host: www.cash2gofinancial.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cash2gofinancial.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
last-modified: Tue, 18 Jan 2022 13:21:53 GMT
accept-ranges: bytes
content-length: 5896
cache-control: max-age=10368000, public
expires: Wed, 02 Aug 2023 22:54:51 GMT
content-type: image/png
date: Tue, 04 Apr 2023 22:54:51 GMT
server: Apache
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc08e2f50-81bf-47f3-af70-d62f9a3c22eb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10700 bytes)
Hash
c3df2de3e5fc1e00fca315dfbc5b3763
134499f7657b8eb4eeaf950d8c50750487249c5e
401482b54ed71ff0270ee1301164ec5e76346d012d43ecf81ad950c624cf68e4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc08e2f50-81bf-47f3-af70-d62f9a3c22eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 10700
x-amzn-requestid: 7b1e9e1e-8f59-4b1e-9f85-867160c62ebc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C3yqtG2hIAMFVQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642c97dd-43705d4a085611277fa11d4b;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Tue, 04 Apr 2023 21:34:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 0iAZwGJDRnH7k_gWr9sLdbtjRZXlsqs-Y51z38SW3CL2vmRSRSLfXQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 58b8655e3ea662bad02cac6b9d4c88ba.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 21:40:40 GMT
age: 4457
etag: "134499f7657b8eb4eeaf950d8c50750487249c5e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML