r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 150792cfc458af013998f4ef6bdf5f74
d5179b2dcb11d06f82606bf6eb6648319998d63e
72937c756d3feeae6d04a6f445398b0436bdf559f8c7437e3a3233263943900e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "72937C756D3FEEAE6D04A6F445398B0436BDF559F8C7437E3A3233263943900E"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5606
Expires: Mon, 28 Nov 2022 19:05:06 GMT
Date: Mon, 28 Nov 2022 17:31:40 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9408cc0694fcbea57966c3a3ba906092
fddcee1fdcf3209298e41a4b1b5560357fa165f0
6ef7120d9463f56e3ddfadd5766d02da8523f34061b13bdba54bf9ab72a1e979
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6004
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:40 GMT
Last-Modified: Mon, 28 Nov 2022 15:51:36 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 28 Nov 2022 17:17:48 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 832
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7737
Expires: Mon, 28 Nov 2022 19:40:37 GMT
Date: Mon, 28 Nov 2022 17:31:40 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: w+93YNLgddg1s/nzIXjr64d6jJQc95JgxOMzBfkYtp/R2VxGMWYzLHje9KSfbDv6MiWT3JqDzKU=
x-amz-request-id: HSAR3Y9KCYXK8G2Q
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 28 Nov 2022 16:42:08 GMT
age: 2972
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
festivevilla.com/Navy/card.php
210.16.102.57200 OK 79 kB URL HTTP/1.1 festivevilla.com/Navy/card.php
IP 210.16.102.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, Unicode text, UTF-8 text, with very long lines (559), with CRLF line terminators
Hash b97dab571d38693380508a0859df4a44
fedc09b69e93fe4b7dddd5dbc4f30a0f2bd98e0d
a5a5b05f3ffbfe39ef7323757de3c577c16c5dd7f2c73e6a0df611411b8d0e81
Analyzer Verdict Alert openphish Navy Federal Credit Union
fortinet Phishing
GET /Navy/card.php HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:40 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 17:31:40 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
142.250.74.106200 OK 31 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP 142.250.74.106:0
File type ASCII text, with very long lines (65451)
Hash 903bc7a7e510f87aa5d0201eb59a0832
ac9aa4dd94cde1bcba9037e94087138b127e41fc
41a7ac8150cc9f38421451d5143c1ffec7a1f1fafbf7a7fc0f51b98ad699cf8f
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://festivevilla.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 07:01:52 GMT
expires: Tue, 28 Nov 2023 07:01:52 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
age: 37788
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
festivevilla.com/Navy/assets/card_files/js_003
210.16.102.57200 OK 96 kB URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/js_003
IP 210.16.102.57:0
File type ASCII text, with very long lines (2791)
Hash 6b1cc3a0f7b1093b62ed6a41342c5f64
c13df958479e9e5852954c4ed586c80d6223e8f2
7406e1ce35e61bce409678bc7c324d89ffd626751df19adc6aa34b2a7a72ce07
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/js_003 HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:40 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 96189
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
festivevilla.com/Navy/assets/card_files/AppMeasurement_002.js
210.16.102.57200 OK 37 kB URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/AppMeasurement_002.js
IP 210.16.102.57:0
File type ASCII text, with very long lines (32129)
Hash 42fa244f36955eedb3cd8ade6f492bf6
3765da8aaa112c080b12fd48e2e787030723e249
adfcb165c69213b0aba3c64bc549f7ff156ec82110fb8ef144b1d16ebc13b04a
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/AppMeasurement_002.js HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:40 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 36565
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
festivevilla.com/Navy/assets/card_files/static_wdp_002.js
210.16.102.57200 OK 30 kB URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/static_wdp_002.js
IP 210.16.102.57:0
File type ASCII text, with very long lines (796), with CRLF line terminators
Hash 78548f9db05b9efa8a1e6c7d6a4824f5
76fa8bfd950c36e054008cd0410193b61292296d
8f9cbb80f369fa267fdc64b97a93acaca783bda683804c591f5215181f57e11e
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/static_wdp_002.js HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:40 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 29999
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
festivevilla.com/Navy/assets/card_files/dyn_wdp.js
210.16.102.57200 OK 2.1 kB URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/dyn_wdp.js
IP 210.16.102.57:0
File type ASCII text, with very long lines (597)
Hash 15bc05aa963a03071a4be678a20b2de0
967d92ba0d01a20faf81286d061d5abdd01dfa19
4006edde30f7b9fe37ae6d8dc5df0be840b80eec6387b03e1c680e4acb5a53a6
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/dyn_wdp.js HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:41 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 2052
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 28 Nov 2022 17:08:55 GMT
cache-control: public,max-age=3600
age: 1366
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
festivevilla.com/Navy/assets/card_files/logo_004.js
210.16.102.57200 OK 281 B URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/logo_004.js
IP 210.16.102.57:0
Hash 44b38adcd96ecab51a90645562ed085c
0996de060bf3908f2be2900e1385dedf3a6ddb9d
a96f214e74653dfa38cfc1f424b6278872e712d4a32accf9ce6ffeea47598a8e
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/logo_004.js HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:41 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 281
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
festivevilla.com/Navy/assets/card_files/snare.js
210.16.102.57200 OK 39 kB URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/snare.js
IP 210.16.102.57:0
File type ASCII text, with very long lines (38584), with no line terminators
Hash 91dc892672f81b9096b6066b03b5f8eb
bce5eefc73d3abdb164368b5e48585cdc89ba4d8
69ff279b828bb3062883a971181bca4bc39843714ac5f4ce5386debce58a1cb8
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/snare.js HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:41 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 38584
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7ab2ef968cb6a3078f4b9cb2dda813d4
e669116047ca058a2c1b2999ff0ea8682719162c
6ddecf0b21c44f3851da8efeb6ecdc6c8e9b83d7681153c31952b4ec8c23c940
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6144
Cache-Control: max-age=148658
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:41 GMT
Etag: "63847a2f-1d7"
Expires: Wed, 30 Nov 2022 10:49:19 GMT
Last-Modified: Mon, 28 Nov 2022 09:06:55 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
festivevilla.com/Navy/assets/card_files/launch-EN9003f540e66e4e1ab08743d206a869f4.js
210.16.102.57200 OK 330 kB URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/launch-EN9003f540e66e4e1ab08743d206a869f4.js
IP 210.16.102.57:0
File type ASCII text, with very long lines (32768)
Size 330 kB (329672 bytes)
Hash a75a3241ae25b37ddd77b68946a7b197
c5b8a103c9dcd4286f94177334135bb2430d203f
816dd125e21efd6b6c77ee291cd9dff3294c14b3f151823a7a9fe31172a0e0fc
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/launch-EN9003f540e66e4e1ab08743d206a869f4.js HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:40 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 329672
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
festivevilla.com/Navy/assets/card_files/logo.js
210.16.102.57200 OK 281 B URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/logo.js
IP 210.16.102.57:0
Hash d936764dca14442776667278920f8cd2
574be6da631d0ee1b14e97d26bb538454fc37dfe
b177978663e3980042dd1acf7ac4b89faa2fee8365e3980a1e9ac84f24726a83
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/logo.js HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:41 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 281
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
festivevilla.com/Navy/assets/card_files/recaptcha__en_002.js
210.16.102.57200 OK 349 kB URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/recaptcha__en_002.js
IP 210.16.102.57:0
File type ASCII text, with very long lines (554)
Size 349 kB (349263 bytes)
Hash ac784e81fcbbf10df2d3ee871855918d
9f3fc75c98f48a42bfd0a0f88fc87ea8b670be5b
54f3aa37078dcd01911c9da1a5fd753b5834dde5acfd90c5bd55243bba87cf6d
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/recaptcha__en_002.js HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:40 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 349263
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
festivevilla.com/Navy/assets/card_files/logo_003.js
210.16.102.57200 OK 96 B URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/logo_003.js
IP 210.16.102.57:0
File type ASCII text, with no line terminators
Hash 96b3fda3d1d40f5dc9affddde681da59
55780d64a22bdd2788f96c6a867f84e9e3b4bc2b
443c606b8833a1f9a0dec16937658d295e0916e2d5843f9512d1659dba024970
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/logo_003.js HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:41 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 96
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
assets.adobedtm.com/extensions/EP308220a2a4c4403f97fc1960100db40f/AppMeasurement.min.js
23.38.200.237200 OK 13 kB URL HTTP/2 assets.adobedtm.com/extensions/EP308220a2a4c4403f97fc1960100db40f/AppMeasurement.min.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (32129)
Hash 2fc8049cc90a6556bcec23706b95f358
1782de0b2ee1776bfcb026e404e5b8ca13291d4a
b759e45eb230cd778563b0af46a4b26fba4df77e50fdc2808f825e852cba0021
GET /extensions/EP308220a2a4c4403f97fc1960100db40f/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://festivevilla.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "42fa244f36955eedb3cd8ade6f492bf6:1583879362.816163"
last-modified: Tue, 10 Mar 2020 22:29:22 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 13342
expires: Mon, 28 Nov 2022 18:31:41 GMT
date: Mon, 28 Nov 2022 17:31:41 GMT
cache-control: no-cache
access-control-allow-origin: http://festivevilla.com
timing-allow-origin: *
X-Firefox-Spdy: h2
festivevilla.com/Navy/assets/card_files/AppMeasurement.js
210.16.102.57200 OK 37 kB URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/AppMeasurement.js
IP 210.16.102.57:0
File type ASCII text, with very long lines (32129)
Hash 42fa244f36955eedb3cd8ade6f492bf6
3765da8aaa112c080b12fd48e2e787030723e249
adfcb165c69213b0aba3c64bc549f7ff156ec82110fb8ef144b1d16ebc13b04a
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/AppMeasurement.js HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:41 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 36565
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
festivevilla.com/Navy/assets/card_files/logo_002.js
210.16.102.57200 OK 96 B URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/logo_002.js
IP 210.16.102.57:0
File type ASCII text, with no line terminators
Hash 9cd706ab481b79e962a2267163fb98d3
f4c80a54b998fe6667373ae0ed072010aacd3a8b
eb425a580550e353b0683b760f184a29fac5645383665f7f41a2eb34a0e5142a
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/logo_002.js HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:41 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 96
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
festivevilla.com/Navy/assets/card_files/RC7929137f6b6041d3ac77021e6a43dee3-source.js
210.16.102.57200 OK 825 B URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/RC7929137f6b6041d3ac77021e6a43dee3-source.js
IP 210.16.102.57:0
File type ASCII text, with very long lines (678)
Hash 36bce7f67ba482b4db4dcc27dcedfbe9
ff5b6e94200b98e227a7d2cfa2f673a07b7a12fd
985eba2a6003bea5a60728e349b808f56fa76d3103b221141499ee8937b8844d
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/RC7929137f6b6041d3ac77021e6a43dee3-source.js HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:41 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 825
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
festivevilla.com/Navy/assets/card_files/static_wdp.js
210.16.102.57200 OK 30 kB URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/static_wdp.js
IP 210.16.102.57:0
File type ASCII text, with very long lines (796), with CRLF line terminators
Hash 78548f9db05b9efa8a1e6c7d6a4824f5
76fa8bfd950c36e054008cd0410193b61292296d
8f9cbb80f369fa267fdc64b97a93acaca783bda683804c591f5215181f57e11e
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/static_wdp.js HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:41 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 29999
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
festivevilla.com/Navy/assets/card_files/RCa7abbf617c704185bdaf0ce350f214af-source.js
210.16.102.57200 OK 805 B URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/RCa7abbf617c704185bdaf0ce350f214af-source.js
IP 210.16.102.57:0
File type ASCII text, with very long lines (658)
Hash 9581260c8a1499dbb1d99eada144fe7b
a2fa661ef443b40dd2b9cd04f97eedaecc5f1304
2f8d135b923263f3d01124f4bfe71dd6008f36a691649edef2bb8568ab13b4a6
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/RCa7abbf617c704185bdaf0ce350f214af-source.js HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:41 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 805
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 17c9251f8ba70b81b8125fe62663bb02
a74b718f0b771124a67176bb1e555ad6bcc058b6
d75593736a6343634236915b30de716349ab0bda14c8a6102e3b3fb06233f0bb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6577
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:41 GMT
Last-Modified: Mon, 28 Nov 2022 15:42:05 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
festivevilla.com/iojs/latest/dyn_wdp.js
210.16.102.57404 Not Found 315 B URL HTTP/1.1 festivevilla.com/iojs/latest/dyn_wdp.js
IP 210.16.102.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /iojs/latest/dyn_wdp.js HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 404 Not Found
Date: Mon, 28 Nov 2022 17:31:41 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 04a1e174fccea9e65be21b0c9746de94
a62527b64c568170053ef10f12f479c61848a6a8
b14de7ab62003f342cb84b98caa3bd291bf24d9cefdad1571edfd94aa0a483da
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5129
Cache-Control: max-age=136847
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:41 GMT
Etag: "63845003-1d7"
Expires: Wed, 30 Nov 2022 07:32:28 GMT
Last-Modified: Mon, 28 Nov 2022 06:06:59 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.89.20.60101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.20.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: JnPYQQSCrSe6YyIpywjpNg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 4HPiCHFCynLa9Kesz6Obq2PIVz0=
festivevilla.com/Navy/assets/card_files/snare_002.js
210.16.102.57200 OK 39 kB URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/snare_002.js
IP 210.16.102.57:0
File type ASCII text, with very long lines (38680), with no line terminators
Hash 712abd328d0cb5b6329619614bd60cad
cf69b1f7e098d8f968ffa80198835641fe834226
6c4d79f3eb96bea180e22d19cd1368c0330f8ec7070116310c5a1d34301afee5
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/snare_002.js HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:41 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 38680
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
festivevilla.com/Navy/assets/card_files/main-3854dce7049a84d55d5e.css
210.16.102.57200 OK 0 B URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/main-3854dce7049a84d55d5e.css
IP 210.16.102.57:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Navy/assets/card_files/main-3854dce7049a84d55d5e.css HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:40 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 159412
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
festivevilla.com/Navy/assets/card_files/RC018a32a34b504b4faadab4dd73311f33-source.js
210.16.102.57200 OK 438 B URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/RC018a32a34b504b4faadab4dd73311f33-source.js
IP 210.16.102.57:0
Hash b7d534a14d3708bd10f3e8b25b7edc05
1cf6702738b73d05fe21ad1b1ebd2fbed4c79796
deb24c44316c934e071480b8da31a9960ddca2f29c0269d2d38e875135a970b3
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/RC018a32a34b504b4faadab4dd73311f33-source.js HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:41 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 438
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
festivevilla.com/Navy/assets/card_files/a
210.16.102.57200 OK 31 B URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/a
IP 210.16.102.57:0
File type ASCII text, with no line terminators
Hash ceee406bac60ed57a0d2927a180006af
57e9b3aad807567dd70e02293e6b6fae590f8981
1cdb497b2bc18749396e3981c5b9e613c0aa5cc04ec9491bcd9c02e34cb44193
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/a HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:41 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 31
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
festivevilla.com/Navy/assets/card_files/a.txt
210.16.102.57200 OK 31 B URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/a.txt
IP 210.16.102.57:0
File type ASCII text, with no line terminators
Hash 639ec51806804c66647fb9bfafefc2fa
6137c0142ed1896327279080c4f6cb8bdaba61ab
2283d95a9ed2b85158a5a0ab158c92bbb43cd78ea4c3aa9f7691f42c3350e88f
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/a.txt HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:41 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 31
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/plain
dpm.demdex.net/id/rd?d_visid_ver=4.6.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9BD537045330573C0A490D44%40AdobeOrg&d_nsid=0&ts=1669656700953
52.30.42.211200 OK 124 B URL HTTP/1.1 dpm.demdex.net/id/rd?d_visid_ver=4.6.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9BD537045330573C0A490D44%40AdobeOrg&d_nsid=0&ts=1669656700953
IP 52.30.42.211:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 1f6783349ac4177ec3b3845fd520dca6
d84e7a43a8c8ff6f1a568ad6cb4162767f5b32b7
64bc30aa6a9d9e5396bb67c6af32c31f5ca6610641f0bdea10d759281df6adca
GET /id/rd?d_visid_ver=4.6.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9BD537045330573C0A490D44%40AdobeOrg&d_nsid=0&ts=1669656700953 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://festivevilla.com
Content-Type: application/x-www-form-urlencoded
Referer: http://festivevilla.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://festivevilla.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-05ee5fd88.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-Error: 172
X-TID: 2EMdChDTS44=
Content-Length: 124
Connection: keep-alive
festivevilla.com/Navy/assets/card_files/846112901no178e0bd7344fd8913ea6
210.16.102.57404 Not Found 315 B URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/846112901no178e0bd7344fd8913ea6
IP 210.16.102.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/846112901no178e0bd7344fd8913ea6 HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 404 Not Found
Date: Mon, 28 Nov 2022 17:31:41 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=DC-9749892&l=dataLayer&cx=c
142.250.74.168302 Found 276 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=DC-9749892&l=dataLayer&cx=c
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 864d71a358187873641a12ebcf71365a
db639c288eec08869306171e62d2c20b65917efb
19f907278b7424be61698429878207b88cb510ea3c86b9e78cd1237b6a7deb40
GET /gtag/js?id=DC-9749892&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=DC-9749892&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 28 Nov 2022 17:31:41 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 276
X-XSS-Protection: 0
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
festivevilla.com/Navy/assets/card_files/js.txt
210.16.102.57200 OK 96 kB URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/js.txt
IP 210.16.102.57:0
File type ASCII text, with very long lines (2791)
Hash e16a043a3936cf508bdf12e3ef9e4bf7
45bd127d3b820cb8bfaa9c7293987b5b01deae53
772485938ce21727b55d5bf3d556531fe8ba68aa88c530183127acd507648d7b
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/js.txt HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:41 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 96167
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/plain
fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
216.58.207.195200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 13052, version 1.0\012- data
Hash 7cf79fbd1df848510d7352274efc2401
5540b5a26cc7dfe25294c4eabe011e2c6cd60143
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://festivevilla.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13052
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:26:57 GMT
expires: Thu, 23 Nov 2023 19:26:57 GMT
cache-control: public, max-age=31536000
age: 425084
last-modified: Wed, 27 Apr 2022 16:09:03 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
216.58.207.195200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 12924, version 1.0\012- data
Hash 4610010f425c140b99c88b6819ce1c02
a7e839aa0452ceeb6228de7c15062fe82cc6d1c3
7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4
GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://festivevilla.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12924
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:26:57 GMT
expires: Thu, 23 Nov 2023 19:26:57 GMT
cache-control: public, max-age=31536000
age: 425084
last-modified: Wed, 27 Apr 2022 16:02:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
216.58.207.195200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 13036, version 1.0\012- data
Hash 0ad032b3d07aaf33b160ac4799dda40f
06b931e0d0bf37f5037d9e66d6feedfddd21c0ba
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
GET /s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://festivevilla.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13036
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:26:57 GMT
expires: Thu, 23 Nov 2023 19:26:57 GMT
cache-control: public, max-age=31536000
age: 425084
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
festivevilla.com/Navy/assets/card_files/js_002
210.16.102.57200 OK 96 kB URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/js_002
IP 210.16.102.57:0
File type ASCII text, with very long lines (2791)
Hash 6c9935ff3acce2c29b83d91682bd3a17
ff8bddeaef164c307ad684d63efdfaa0cce116e7
0869fe5cc1f097d1941859058871dfd40fb1099c855d3662520c2463fb620066
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/js_002 HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:41 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 96167
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
festivevilla.com/Navy/assets/card_files/js
210.16.102.57200 OK 96 kB URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/js
IP 210.16.102.57:0
File type ASCII text, with very long lines (2791)
Hash e16a043a3936cf508bdf12e3ef9e4bf7
45bd127d3b820cb8bfaa9c7293987b5b01deae53
772485938ce21727b55d5bf3d556531fe8ba68aa88c530183127acd507648d7b
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/js HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:41 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 96167
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
festivevilla.com/Navy/assets/card_files/checkmark.svg
210.16.102.57200 OK 288 B URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/checkmark.svg
IP 210.16.102.57:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with no line terminators
Hash 16dac74ab971c2acbe6c9f22635acb31
7d0946752e3e6b40f480a5b44af4c392a038715c
51a528c1775dd41070e1e551dc9166d635c033d7c7043477a709a68b3494836a
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/checkmark.svg HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:41 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 288
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/svg+xml
festivevilla.com/Navy/assets/card_files/js_002.txt
210.16.102.57200 OK 96 kB URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/js_002.txt
IP 210.16.102.57:0
File type ASCII text, with very long lines (2791)
Hash 6c9935ff3acce2c29b83d91682bd3a17
ff8bddeaef164c307ad684d63efdfaa0cce116e7
0869fe5cc1f097d1941859058871dfd40fb1099c855d3662520c2463fb620066
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/js_002.txt HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:41 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 96167
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/plain
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c81653e99cfdfb43236c8d50248b2e51
a33bc0cb7d3bb714b7ef23b059bb304cf23d464f
e75fa0ce568755990d6949ef93e3e5c29213a5a11887f697af901f41b14e0274
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
festivevilla.com/assets/img/nfculogo.png
210.16.102.57404 Not Found 315 B URL HTTP/1.1 festivevilla.com/assets/img/nfculogo.png
IP 210.16.102.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
GET /assets/img/nfculogo.png HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/assets/card_files/main-3854dce7049a84d55d5e.css
Cookie: AMCV_9BD537045330573C0A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C19325%7CvVersion%7C4.6.0
HTTP/1.1 404 Not Found
Date: Mon, 28 Nov 2022 17:31:41 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c81653e99cfdfb43236c8d50248b2e51
a33bc0cb7d3bb714b7ef23b059bb304cf23d464f
e75fa0ce568755990d6949ef93e3e5c29213a5a11887f697af901f41b14e0274
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=DC-9749892
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=DC-9749892
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 473db6ad6487c8b072a3b4397c313a4d
5c01a4bf6330b140cf404d383eeea15eef743c54
d7db01014f4cac758f039db847c4e40720f5b36a1946bb214dc1666347ad191c
GET /gtag/js?id=DC-9749892 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://festivevilla.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 28 Nov 2022 17:31:42 GMT
expires: Mon, 28 Nov 2022 17:31:42 GMT
cache-control: private, max-age=900
last-modified: Mon, 28 Nov 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44226
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=DC-9749892&l=dataLayer&cx=c
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=DC-9749892&l=dataLayer&cx=c
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 93f17175ecce1fbcd9a61b426ce00f74
ea56ebe3055c1de70dedbd37306ff4d6bc97d5d0
a6d6a412284c4c54e4f411a732aece8227c94aaa77d579537508954d6183deef
GET /gtag/js?id=DC-9749892&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://festivevilla.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 28 Nov 2022 17:31:42 GMT
expires: Mon, 28 Nov 2022 17:31:42 GMT
cache-control: private, max-age=900
last-modified: Mon, 28 Nov 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44240
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
festivevilla.com/assets/img/radio_checked.svg
210.16.102.57404 Not Found 315 B URL HTTP/1.1 festivevilla.com/assets/img/radio_checked.svg
IP 210.16.102.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /assets/img/radio_checked.svg HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
Cookie: AMCV_9BD537045330573C0A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C19325%7CvVersion%7C4.6.0
HTTP/1.1 404 Not Found
Date: Mon, 28 Nov 2022 17:31:41 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c81653e99cfdfb43236c8d50248b2e51
a33bc0cb7d3bb714b7ef23b059bb304cf23d464f
e75fa0ce568755990d6949ef93e3e5c29213a5a11887f697af901f41b14e0274
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
festivevilla.com/assets/img/NCUA_Logo.svg
210.16.102.57404 Not Found 315 B URL HTTP/1.1 festivevilla.com/assets/img/NCUA_Logo.svg
IP 210.16.102.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /assets/img/NCUA_Logo.svg HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/assets/card_files/main-3854dce7049a84d55d5e.css
Cookie: AMCV_9BD537045330573C0A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C19325%7CvVersion%7C4.6.0
HTTP/1.1 404 Not Found
Date: Mon, 28 Nov 2022 17:31:42 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
festivevilla.com/Navy/assets/card_files/activityi.html
210.16.102.57200 OK 534 B URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/activityi.html
IP 210.16.102.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (416), with CRLF line terminators
Hash d49544d74712dbbab5f65b0daedeff97
ecb76ec7e9869f0887220554307f6d10a6a9b171
43370ac86c961c8fb5512920048b19883ac575019e40162c8b319136f1b60dd8
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/activityi.html HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
Cookie: AMCV_9BD537045330573C0A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C19325%7CvVersion%7C4.6.0
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:42 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 534
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html
festivevilla.com/Navy/assets/card_files/bframe.html
210.16.102.57200 OK 12 kB URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/bframe.html
IP 210.16.102.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2909), with CRLF line terminators
Hash b3b5cd3f75bc2fffd7c2383170d8d848
2a6ec28dd45d94373fe677c34de91bf8ac43b873
e95aa29a711746ec851a8973e5c35cb2a848f33efefc0b6fae12d77b237bbcef
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/bframe.html HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
Cookie: AMCV_9BD537045330573C0A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C19325%7CvVersion%7C4.6.0
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:42 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 12356
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html
festivevilla.com/Navy/assets/card_files/bframe_002.html
210.16.102.57200 OK 12 kB URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/bframe_002.html
IP 210.16.102.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3058), with CRLF line terminators
Hash 25ff5c0e4e9b6cb9612d987398cd1861
d9cefffc3e5c557ba120257e384a73f2ec7764b9
94393cb361b56653f58665f201e75543fd371511d92d13365c65a4a40f928aeb
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/bframe_002.html HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
Cookie: AMCV_9BD537045330573C0A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C19325%7CvVersion%7C4.6.0
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:42 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 12505
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html
festivevilla.com/Navy/assets/card_files/bframe_003.html
210.16.102.57200 OK 20 kB URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/bframe_003.html
IP 210.16.102.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (9019), with CRLF line terminators
Hash dd3ac816db9d109dd1a67d1507bea211
0106b135b8db0c0a07558b8dd4be045f9350e18f
abd3beb1b7ea5e2dd21167e47f44c4c2b987e62675f1946a2d01b8c355f20ac7
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/bframe_003.html HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
Cookie: AMCV_9BD537045330573C0A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C19325%7CvVersion%7C4.6.0
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:42 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 20381
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html
festivevilla.com/Navy/assets/card_files/bframe_004.html
210.16.102.57200 OK 13 kB URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/bframe_004.html
IP 210.16.102.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3250), with CRLF line terminators
Hash b09a8266fcfd3bc91fc2686c338ae8da
c0a4b0d57a1fdbc81c5a83e6750337a06ec237b8
0eae91df6f07e3bd8d48e278422d57adc1faa163ffb52587adba803c00fa312e
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/bframe_004.html HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
Cookie: AMCV_9BD537045330573C0A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C19325%7CvVersion%7C4.6.0
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:42 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 12697
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7207a5076b63fb5f39b9436ced9fb18f
cdd84ecfe85882601e81f11783d9f63b30084de3
6d4543402df8135d5860ecd47dd52d96d66d2e1ac6feec11accb5f43f2da7d0d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/ddm/fls/i/src=9749892;type=membersh;cat=nfcu_00;ord=7399475611173;gtm=2od9u1;auiddc=1792166555.1603296658;~oref=https%3A%2F%2Fmembership.navyfederal.org%2F%3F
142.250.74.2200 OK 259 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=9749892;type=membersh;cat=nfcu_00;ord=7399475611173;gtm=2od9u1;auiddc=1792166555.1603296658;~oref=https%3A%2F%2Fmembership.navyfederal.org%2F%3F
IP 142.250.74.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (462), with no line terminators
Hash 30ea153b6f2ec500bfbc44a0e9cc7941
d197d30db5a8fd2afabf89afc45a0a2f0fb646f8
bcd82f4826f525bfbda1c6f54aecaf50406a65c801adc0072ff4592f8b427638
GET /ddm/fls/i/src=9749892;type=membersh;cat=nfcu_00;ord=7399475611173;gtm=2od9u1;auiddc=1792166555.1603296658;~oref=https%3A%2F%2Fmembership.navyfederal.org%2F%3F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://festivevilla.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 28 Nov 2022 17:31:42 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 259
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
festivevilla.com/Navy/assets/card_files/bframe_005.html
210.16.102.57200 OK 13 kB URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/bframe_005.html
IP 210.16.102.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3271), with CRLF line terminators
Hash 61b10213c5e9b512fd227df8b1b45c6d
e05bee36db5f20b6c9a0f8f7cccdbe04c29f6791
bc80683cb3dc5300996bdf1db608cdd2582927d99c98f6239e455d6c88e5194b
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/bframe_005.html HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
Cookie: AMCV_9BD537045330573C0A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C19325%7CvVersion%7C4.6.0
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:42 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 12721
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html
festivevilla.com/Navy/assets/card_files/bframe_006.html
210.16.102.57200 OK 13 kB URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/bframe_006.html
IP 210.16.102.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3378), with CRLF line terminators
Hash f96868d5a11c59c584cab0e7128b925f
40d6825c9f26466a8ef676a82bf16dde1cf6ff9c
f44ca1b10f77d6ae4c8ec8fd68caf63023933f694e8fcd37a5909fcb40b3ef87
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/bframe_006.html HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
Cookie: AMCV_9BD537045330573C0A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C19325%7CvVersion%7C4.6.0
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:42 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 12825
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html
festivevilla.com/Navy/assets/card_files/bframe_007.html
210.16.102.57200 OK 13 kB URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/bframe_007.html
IP 210.16.102.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3485), with CRLF line terminators
Hash a06b6358150ac5c5b3f4188d4ac0fe95
172bc07f2c7723990e20568e9f5df969750fc870
f0a473bdc10b5bdfad8b43926e908be9eece849ab9c58ba6d4edefce96db9459
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/bframe_007.html HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
Cookie: AMCV_9BD537045330573C0A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C19325%7CvVersion%7C4.6.0
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:42 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 12932
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7207a5076b63fb5f39b9436ced9fb18f
cdd84ecfe85882601e81f11783d9f63b30084de3
6d4543402df8135d5860ecd47dd52d96d66d2e1ac6feec11accb5f43f2da7d0d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
festivevilla.com/Navy/assets/card_files/bframe_008_data/styles__ltr.css
210.16.102.57200 OK 51 kB URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/bframe_008_data/styles__ltr.css
IP 210.16.102.57:0
File type ASCII text, with very long lines (50709), with no line terminators
Hash 522be28b657b18e82c80bc257b73edf0
9abeea835fedf298d12307a268a4ae068a933fbe
9f7c3261df3df9aae8b6c8e4433a7ba73cedd3a1c17880764b6728a0f52980c5
GET /Navy/assets/card_files/bframe_008_data/styles__ltr.css HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/assets/card_files/bframe.html
Cookie: AMCV_9BD537045330573C0A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C19325%7CvVersion%7C4.6.0; _gcl_au=1.1.607298598.1669656701
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:42 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 50709
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/css
festivevilla.com/Navy/assets/card_files/bframe_008_data/x4dl7Lk5ENOB7Pbvmb3t7sJ-hPoGBwvfellrHtOoe40.js
210.16.102.57200 OK 14 kB URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/bframe_008_data/x4dl7Lk5ENOB7Pbvmb3t7sJ-hPoGBwvfellrHtOoe40.js
IP 210.16.102.57:0
File type ASCII text, with very long lines (13848), with no line terminators
Hash f7588989066dd142507bba13d25a409f
99ec14ff0dd9278834d292045550c3ea247274c2
c78765ecb93910d381ecf6ef99bdedeec27e84fa06070bdf7a596b1ed3a87b8d
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/bframe_008_data/x4dl7Lk5ENOB7Pbvmb3t7sJ-hPoGBwvfellrHtOoe40.js HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/assets/card_files/bframe.html
Cookie: AMCV_9BD537045330573C0A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C19325%7CvVersion%7C4.6.0; _gcl_au=1.1.607298598.1669656701
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:42 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 13848
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
festivevilla.com/Navy/assets/card_files/bframe_008.html
210.16.102.57200 OK 10 kB URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/bframe_008.html
IP 210.16.102.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1622), with CRLF line terminators
Hash 96ee5cef2d204e082dfe4598d60719ae
8422c6a4c774d3285a72ae81a23139bca74e0dca
a0925c7b935c4466722056b69035108100d6dbd09c3e0c70810dce5a22c102ff
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/bframe_008.html HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
Cookie: AMCV_9BD537045330573C0A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C19325%7CvVersion%7C4.6.0
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:42 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 10126
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html
adservice.google.no/ddm/fls/i/src=9749892;type=membersh;cat=nfcu_00;ord=7399475611173;gtm=2od9u1;auiddc=1792166555.1603296658;~oref=https%3A%2F%2Fmembership.navyfederal.org%2F%3F
142.250.74.66302 Found 0 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=9749892;type=membersh;cat=nfcu_00;ord=7399475611173;gtm=2od9u1;auiddc=1792166555.1603296658;~oref=https%3A%2F%2Fmembership.navyfederal.org%2F%3F
IP 142.250.74.66:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ddm/fls/i/src=9749892;type=membersh;cat=nfcu_00;ord=7399475611173;gtm=2od9u1;auiddc=1792166555.1603296658;~oref=https%3A%2F%2Fmembership.navyfederal.org%2F%3F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 28 Nov 2022 17:31:42 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://9749892.fls.doubleclick.net/ddm/fls/r/src=9749892;type=membersh;cat=nfcu_00;ord=7399475611173;gtm=2od9u1;auiddc=1792166555.1603296658;~oref=https%3A%2F%2Fmembership.navyfederal.org%2F%3F
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 879cba431d8b6f2717a750acd5ca7156
1d4eb23583d48dd6801a104aa20046b34acd0efe
31223aada310e8d8e3fa41e22ee23019a07b362b3b062ccdc10600c22071bd78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
festivevilla.com/Navy/assets/card_files/activityi_002.html
210.16.102.57200 OK 557 B URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/activityi_002.html
IP 210.16.102.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (439), with CRLF line terminators
Hash 1801c0f081cd87effc47be209039c404
114cd9d431b7cee657020315eee6adb30625646d
70c43c1f0e027588574f482835cbb7bdba9a02b3ba1923319a6bb269b091b124
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/activityi_002.html HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
Cookie: AMCV_9BD537045330573C0A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C19325%7CvVersion%7C4.6.0
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:42 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 557
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/html
festivevilla.com/Navy/assets/card_files/activity_pixel.gif
210.16.102.57200 OK 43 B URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/activity_pixel.gif
IP 210.16.102.57:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /Navy/assets/card_files/activity_pixel.gif HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:42 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 43
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/gif
festivevilla.com/Navy/assets/card_files/activity_pixel_002.gif
210.16.102.57200 OK 43 B URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/activity_pixel_002.gif
IP 210.16.102.57:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /Navy/assets/card_files/activity_pixel_002.gif HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:42 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 43
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/gif
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b3b2c7f77d21f4f3c942fb3357e9fa83
d82fbb7c5ecaed601c4c6c927150531d6bb4e793
4a9731627b28cc01d199f0362ad58487eb7391f26d348c0454ec96f32004f78e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
membership.navyfederal.org/iojs/4.1.6/logo.js
104.88.20.141200 OK 255 B URL HTTP/1.1 membership.navyfederal.org/iojs/4.1.6/logo.js
IP 104.88.20.141:0
Hash 2d9f4dcba55a311bc6790cb203117665
1df7bd5d3bafcb0c0d073aabaa957524d8ecb3ea
6ea500392033355ef1e0ea8747ad112f331ba6474193c73adb098e4aa895b91e
GET /iojs/4.1.6/logo.js HTTP/1.1
Host: membership.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://festivevilla.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
X-Backside-Transport: OK OK
Last-Modified: Tue, 06 May 2014 00:01:40 GMT
Content-Type: text/javascript
Expires: Tue, 28 Nov 2023 17:31:42 GMT
Cache-Control: private
p3p: CP="NON DSP COR CURa"
Accept-CH: ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Vary: Accept-Encoding, User-Agent
X-Global-Transaction-ID: 439604066384f07e285f1451
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
Content-Length: 255
Date: Mon, 28 Nov 2022 17:31:42 GMT
Connection: keep-alive
Set-Cookie: membershipdc=d; path=/; domain=navyfederal.org; secure
9749892.fls.doubleclick.net/ddm/fls/r/src=9749892;type=membersh;cat=nfcu_00;ord=7399475611173;gtm=2od9u1;auiddc=1792166555.1603296658;~oref=https%3A%2F%2Fmembership.navyfederal.org%2F%3F
142.250.74.70200 OK 677 B URL HTTP/2 9749892.fls.doubleclick.net/ddm/fls/r/src=9749892;type=membersh;cat=nfcu_00;ord=7399475611173;gtm=2od9u1;auiddc=1792166555.1603296658;~oref=https%3A%2F%2Fmembership.navyfederal.org%2F%3F
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (942)
Hash d31d8611644ae19fdceae49d179c6626
d83b45dfe50ff164e0fda76bc4a47becd3481360
ff15449f20571ea0ba6c9b236167061745f691cf4596003b14ddecf13a0e7ce9
GET /ddm/fls/r/src=9749892;type=membersh;cat=nfcu_00;ord=7399475611173;gtm=2od9u1;auiddc=1792166555.1603296658;~oref=https%3A%2F%2Fmembership.navyfederal.org%2F%3F HTTP/1.1
Host: 9749892.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://adservice.google.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 28 Nov 2022 17:31:42 GMT
expires: Mon, 28 Nov 2022 17:31:42 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 677
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 28-Nov-2022 17:46:42 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
festivevilla.com/Navy/assets/card_files/bframe_003_data/payload.jpg
210.16.102.57200 OK 26 kB URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/bframe_003_data/payload.jpg
IP 210.16.102.57:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x450, components 3\012- data
Hash 7a0994dfd3a20691374179fcb927bb65
014471dd5318dab3036cfa31b5947e81a43c89d6
620b337d8bd65aafb94b322a785eecff237cd18d6e6b84551d1c68df8b38409a
GET /Navy/assets/card_files/bframe_003_data/payload.jpg HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/assets/card_files/bframe_003.html
Cookie: AMCV_9BD537045330573C0A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C19325%7CvVersion%7C4.6.0; _gcl_au=1.1.607298598.1669656701
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:42 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 26121
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/jpeg
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b3b2c7f77d21f4f3c942fb3357e9fa83
d82fbb7c5ecaed601c4c6c927150531d6bb4e793
4a9731627b28cc01d199f0362ad58487eb7391f26d348c0454ec96f32004f78e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 15 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://festivevilla.com
Connection: keep-alive
Referer: http://festivevilla.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15344
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 21 Nov 2022 20:09:43 GMT
Expires: Tue, 21 Nov 2023 20:09:43 GMT
Cache-Control: public, max-age=31536000
Age: 595319
Last-Modified: Mon, 16 Oct 2017 17:32:55 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
216.58.207.195200 OK 15 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15340, version 1.0\012- data
Hash 19b7a0adfdd4f808b53af7e2ce2ad4e5
81d5d4c7b5035ad10cce63cf7100295e0c51fdda
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
GET /s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://festivevilla.com
Connection: keep-alive
Referer: http://festivevilla.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15340
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 23 Nov 2022 09:52:45 GMT
Expires: Thu, 23 Nov 2023 09:52:45 GMT
Cache-Control: public, max-age=31536000
Age: 459537
Last-Modified: Mon, 16 Oct 2017 17:33:16 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://festivevilla.com
Connection: keep-alive
Referer: http://festivevilla.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15552
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 22 Nov 2022 15:26:25 GMT
Expires: Wed, 22 Nov 2023 15:26:25 GMT
Cache-Control: public, max-age=31536000
Age: 525917
Last-Modified: Mon, 16 Oct 2017 17:33:02 GMT
Content-Type: font/woff2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 791ab46e2b2cec47a20ff12aa939a665
fbc6b5bbcc614656bfac791db481bf5dbde4d9b0
45496b3ac7a3589c3c1f5bb59e0eed45e1e60eacd38a436c26c9ac41a1031d2a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=124172
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:42 GMT
Etag: "6384328a-1d7"
Expires: Wed, 30 Nov 2022 04:01:14 GMT
Last-Modified: Mon, 28 Nov 2022 04:01:14 GMT
Server: nginx
Content-Length: 471
www.gstatic.com/recaptcha/api2/refresh_2x.png
142.250.74.163200 OK 600 B URL HTTP/2 www.gstatic.com/recaptcha/api2/refresh_2x.png
IP 142.250.74.163:0
File type PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Hash 0f2a4639b8a4cb30c76e8333c00d30a6
57e273a270bb864970d747c74b3f0a7c8e515b13
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
GET /recaptcha/api2/refresh_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://festivevilla.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 00:51:22 GMT
expires: Tue, 29 Nov 2022 00:51:22 GMT
cache-control: public, max-age=604800
age: 578420
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/api2/info_2x.png
142.250.74.163200 OK 665 B URL HTTP/2 www.gstatic.com/recaptcha/api2/info_2x.png
IP 142.250.74.163:0
File type PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Hash 07bf314aab04047b9e9a959ee6f63da3
17bef6602672e2fd9956381e01356245144003e5
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
GET /recaptcha/api2/info_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://festivevilla.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 665
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 25 Nov 2022 00:18:14 GMT
expires: Fri, 02 Dec 2022 00:18:14 GMT
cache-control: public, max-age=604800
age: 321208
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/api2/audio_2x.png
142.250.74.163200 OK 530 B URL HTTP/2 www.gstatic.com/recaptcha/api2/audio_2x.png
IP 142.250.74.163:0
File type PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Hash 88e0f42c9fa4f94aa8bcd54d1685c180
5ad9d47a49b82718baa3be88550a0b3350270c42
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
GET /recaptcha/api2/audio_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://festivevilla.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 530
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 25 Nov 2022 12:20:26 GMT
expires: Fri, 02 Dec 2022 12:20:26 GMT
cache-control: public, max-age=604800
age: 277876
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash dd2d8de64395a94dfc6fcb76a5a0bbd6
623bac05203953329f97dc6a526ac4dd062cf7b7
6d05ebb9e8fe6fa6696d72557cda5beddcbb0820b62c31d4d46166e656495c68
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 511
Cache-Control: max-age=160283
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:42 GMT
Etag: "6384bd9a-1d7"
Expires: Wed, 30 Nov 2022 14:03:05 GMT
Last-Modified: Mon, 28 Nov 2022 13:54:34 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash dd2d8de64395a94dfc6fcb76a5a0bbd6
623bac05203953329f97dc6a526ac4dd062cf7b7
6d05ebb9e8fe6fa6696d72557cda5beddcbb0820b62c31d4d46166e656495c68
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6509
Cache-Control: max-age=166281
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:42 GMT
Etag: "6384bd9a-1d7"
Expires: Wed, 30 Nov 2022 15:43:03 GMT
Last-Modified: Mon, 28 Nov 2022 13:54:34 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
festivevilla.com/favicon.ico
210.16.102.57404 Not Found 315 B URL HTTP/1.1 festivevilla.com/favicon.ico
IP 210.16.102.57:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
GET /favicon.ico HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
Cookie: AMCV_9BD537045330573C0A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C19325%7CvVersion%7C4.6.0; _gcl_au=1.1.607298598.1669656701
HTTP/1.1 404 Not Found
Date: Mon, 28 Nov 2022 17:31:42 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
mpsnare.iesnare.com/script/logo.js
54.228.71.178200 OK 108 B URL HTTP/1.1 mpsnare.iesnare.com/script/logo.js
IP 54.228.71.178:0
File type ASCII text, with no line terminators
Hash ca7e2659d37aa2eb1cea05ff81484ccd
cecf016129c51811a531b4a323cc6840f93d4539
1e83292de6448f5701a16677ca9f877582d47256cafcf2cfd2cfdccf8a3fb3b8
GET /script/logo.js HTTP/1.1
Host: mpsnare.iesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://festivevilla.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 17:31:42 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 06 May 2014 00:01:40 GMT
Expires: Tue, 28 Nov 2023 17:31:42 GMT
Cache-Control: private
p3p: CP="NON DSP COR CURa"
Accept-CH: ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Encoding: gzip
analytics.navyfederal.org/id?d_visid_ver=4.6.0&d_fieldgroup=MC&mcorgid=9BD537045330573C0A490D44%40AdobeOrg&ts=1669656701480
63.140.38.120200 OK 89 B URL HTTP/2 analytics.navyfederal.org/id?d_visid_ver=4.6.0&d_fieldgroup=MC&mcorgid=9BD537045330573C0A490D44%40AdobeOrg&ts=1669656701480
IP 63.140.38.120:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 77235a35e09d8ddee2594fc769050977
26491b6ffa4fe9f8a970c90682117334f8e5c28b
6006c990bb52a0d99b68bc5a8b160401a13fda249741769eda151067b2ed035d
GET /id?d_visid_ver=4.6.0&d_fieldgroup=MC&mcorgid=9BD537045330573C0A490D44%40AdobeOrg&ts=1669656701480 HTTP/1.1
Host: analytics.navyfederal.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://festivevilla.com
Connection: keep-alive
Referer: http://festivevilla.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://festivevilla.com
access-control-allow-credentials: true
date: Mon, 28 Nov 2022 17:31:42 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|31C2783F30509129-40000700880391E9[CE]; Path=/; Domain=navyfederal.org; Max-Age=63072000; Expires=Wed, 27 Nov 2024 17:31:31 GMT;
AMCV_9BD537045330573C0A490D44%40AdobeOrg=0%7CMCMID%7C18473355064041343530558846346825336477; Path=/; Domain=navyfederal.org; Max-Age=63072000; Expires=Wed, 27 Nov 2024 17:31:31 GMT;
s_ecid=MCMID%7C18473355064041343530558846346825336477; Path=/; Domain=navyfederal.org; Max-Age=63072000; Expires=Wed, 27 Nov 2024 17:31:31 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 89
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0377e26b5f2fbd3ce629b251ef24e619
c7231f6c070102057d95b07ac5fcb9d4e096bc57
b455391467a08d5bd48c811c31a33595f52d40326370cc7f5ff82e27bdb17dd6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googleadservices.com/pagead/conversion.js
142.250.74.98200 OK 17 kB URL HTTP/2 www.googleadservices.com/pagead/conversion.js
IP 142.250.74.98:0
File type ASCII text, with very long lines (2772)
Hash ac7574cbc5b2e85b7ddfa76b8657e59d
2bbeec5531576d6352b1c2b74e0e05c1ea10251d
bdf1e52afba9d671ea698707f97e8609de6360c502dc7b6eed2f40f979e08387
GET /pagead/conversion.js HTTP/1.1
Host: www.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://9749892.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 28 Nov 2022 17:31:42 GMT
expires: Mon, 28 Nov 2022 17:31:42 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 16359567893097152046
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 16827
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a857eec26a095f97806facc4251f4048
21bcf238687fd5f4fbefaf9704786f7c498f305e
b44b50b7e234fd05080699152a9bc0055a703a93ec2642ecb6b1f717effe7933
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dpm.demdex.net/id?d_visid_ver=4.6.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=9BD537045330573C0A490D44%40AdobeOrg&d_nsid=0&d_mid=18473355064041343530558846346825336477&d_cid_ic=AVID%0131C2783F30509129-40000700880391E9&ts=1669656702108
52.30.42.211200 OK 300 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=4.6.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=9BD537045330573C0A490D44%40AdobeOrg&d_nsid=0&d_mid=18473355064041343530558846346825336477&d_cid_ic=AVID%0131C2783F30509129-40000700880391E9&ts=1669656702108
IP 52.30.42.211:0
File type JSON data\012- , ASCII text, with very long lines (358), with no line terminators
Hash 1fc688f1ac5664548c777639ebe076b4
94e8032653ee872994f0791948e8d46fc1328f3e
37728c06458b04a0e9c1d2a5b5ef4f08e058e36f2b4fbaf51f000b0dbd55147d
GET /id?d_visid_ver=4.6.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=9BD537045330573C0A490D44%40AdobeOrg&d_nsid=0&d_mid=18473355064041343530558846346825336477&d_cid_ic=AVID%0131C2783F30509129-40000700880391E9&ts=1669656702108 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://festivevilla.com
Connection: keep-alive
Referer: http://festivevilla.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://festivevilla.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-0ced04f65.edge-irl1.demdex.com 1 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=16207155507905582230585351564327217475; Max-Age=15552000; Expires=Sat, 27 May 2023 17:31:42 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: Ae6F9G4oTBY=
Content-Length: 300
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3746
Expires: Mon, 28 Nov 2022 18:34:08 GMT
Date: Mon, 28 Nov 2022 17:31:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3746
Expires: Mon, 28 Nov 2022 18:34:08 GMT
Date: Mon, 28 Nov 2022 17:31:42 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa57bc6cf-beaa-443b-9756-cf26e4fe3767.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa57bc6cf-beaa-443b-9756-cf26e4fe3767.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2212cf75f99dc67fd45db47f7101d754
4b4a8c8e8aeccfff25d2748720dcef8fed287126
7b2d2e302faba8f273b51031fa48b444cb7839733b90e8c9d077ca63637320d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa57bc6cf-beaa-443b-9756-cf26e4fe3767.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6954
x-amzn-requestid: 94a02687-72f2-4796-a7ea-d3f28b412566
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1jHpGBVIAMFsSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63787efd-22666b18283ae59b1348bf47;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 07:00:13 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: feZayJeKq9jWHQ-rjutNr6buIjLVeIdY0A_ZeGo6NKgoQ6BBT3XQaw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 0906d4887f6625f4a4467d8d4fd268d2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 08:55:37 GMT
age: 30965
etag: "4b4a8c8e8aeccfff25d2748720dcef8fed287126"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2cd887044e91d7ed0f1a8d7119ff7dd0
ae8aa4ce6ddaccba771fe65446926b60fc5628da
bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10199
x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iF1VIAMF09g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CXOqm7bjsSV0aJBTkTI7LsMovjgPeISPt3sZotEc7CjZnUL_y4_OoQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:51:43 GMT
age: 70799
etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 78b1389f425425d0450c94d900404dc4
53b12a8702f7c5b7cc697e2a24da824d9434be65
0c1659ab3afc6e45f9e3acb12f8865bb99e4668f7df4501b1cc740e53f5b62ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6376
x-amzn-requestid: 25b82353-9c15-44c0-ada5-55f4697de935
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_KGeaoAMFb_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d860-71711cca7c063030292c5e47;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: odmAWkNyUMevvXStu7zRJyckokhyBjUwu7-JSvj8by-JWJ9eAm9P5Q==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:26 GMT
age: 70216
etag: "53b12a8702f7c5b7cc697e2a24da824d9434be65"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 6d1e826f02e6ab0992b58952ffe901a1
96a86bc07dba41fcf5b7fdcebe6df105d57a1160
c38d21bbf77b41309935f674d2f0c1e48f827c7692be34a5fe468ba0cb548787
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=154914
Date: Mon, 28 Nov 2022 17:31:42 GMT
Etag: "63849221-1d7"
Expires: Wed, 30 Nov 2022 12:33:36 GMT
Last-Modified: Mon, 28 Nov 2022 10:49:05 GMT
Server: ECS (nyb/1D12)
X-Cache: Miss from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: AdBsr7jLM6ySUTYBB3OWcUB67Jpna2hga9t1oAiEzB4x_B2OHy5jxw==
Age: 6272
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3a1a4e00f1f15827cf651f373863c379
70c2a238f06ca7e56ef80c83738e081bf0de3330
3d936e1f0c96297f121faece12d6f8173e12eed5087165cd4eefc0fab368419f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8885
x-amzn-requestid: 71b8367f-f79f-42a7-bcb8-c441a154babf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cGDTEFSeIAMF3rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637f18e0-631b775d3430a8c30c3b4420;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 07:10:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jsmd6yxjJxLMEgv1jDa87iEoZXL2OuALsmUZ9Nxx1rUN-xOTdtN1-A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 08:11:39 GMT
age: 33603
etag: "70c2a238f06ca7e56ef80c83738e081bf0de3330"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1f434933b5bd6377d299ada22d1ae7ef
075531f525e625b117b2497f31139c9824d0e9c5
b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ibLuLI6j9EWh0dgk51O7kiPBRyURZ0UdNtlgbBD-SXnDg_GT_tJm8Q==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:16 GMT
age: 70226
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
nfcu.demdex.net/dest5.html?d_nsid=0
52.31.218.182200 OK 2.8 kB URL HTTP/1.1 nfcu.demdex.net/dest5.html?d_nsid=0
IP 52.31.218.182:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: nfcu.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://festivevilla.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Mon, 28 Nov 2022 17:31:42 GMT
DCS: dcs-prod-irl1-1-v045-0ff225fd5.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:02:57 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: Oz3j8ltjREI=
Content-Length: 2791
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a11c6ec-01ab-453a-a13d-c7804535dc69.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a11c6ec-01ab-453a-a13d-c7804535dc69.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b0bd385532089b45a14e461abbecc1af
3da359b1ba09138a425094715b9f3a2f8d0257fe
803001528f2aefc1ea90e585d48de435975862861a1cbe8d898e5cd7ebd297dd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a11c6ec-01ab-453a-a13d-c7804535dc69.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8771
x-amzn-requestid: 995d3904-9be1-4b40-9813-ff47e60639ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_MEAPoAMF0xw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d861-3fdb7958064e0c4b1aed2136;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vrBB4JkuL3nbZnDWitQ4dvTruO9M6hSt8mw9NuJliCmcNOw8xvfWhw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:20:34 GMT
age: 69068
etag: "3da359b1ba09138a425094715b9f3a2f8d0257fe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 3abfda95da9161a7940e489ba957e237
ddedb2266b851ea1e32ea00962e126b99d7709e4
7bddacb5331afb1e017c6a1e3cfaec6812354693597686f07328c2186200a538
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=165638
Date: Mon, 28 Nov 2022 17:31:42 GMT
Etag: "6384bf1f-1d7"
Expires: Wed, 30 Nov 2022 15:32:20 GMT
Last-Modified: Mon, 28 Nov 2022 14:01:03 GMT
Server: ECS (bsa/EB24)
X-Cache: Miss from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: weXPffD162l8HqmY18WLZ1UQVJkaAhFf5Xw4V-owPH9uz9tpmmKziQ==
Age: 5477
b.videoamp.com/d2/66bf5dc2-726a-11ec-a92f-0bd8fa9d96c6/2929/impression?dnt=false&vpxid=2929&bwb=35&us_privacy={{US_PRIVACY_STRING}}
3.216.171.33200 OK 42 B URL HTTP/2 b.videoamp.com/d2/66bf5dc2-726a-11ec-a92f-0bd8fa9d96c6/2929/impression?dnt=false&vpxid=2929&bwb=35&us_privacy={{US_PRIVACY_STRING}}
IP 3.216.171.33:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /d2/66bf5dc2-726a-11ec-a92f-0bd8fa9d96c6/2929/impression?dnt=false&vpxid=2929&bwb=35&us_privacy={{US_PRIVACY_STRING}} HTTP/1.1
Host: b.videoamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://9749892.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 17:31:43 GMT
content-type: image/gif
content-length: 42
server: Beacon Server
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
set-cookie: vampid=4fdfabdb-a0e2-4e2d-9fe7-d95179f306be; expires=Tue, 28 Nov 2023 17:31:43 GMT; domain=.videoamp.com; path=/; SameSite=None
X-Firefox-Spdy: h2
cm.everesttech.net/cm/dd?d_uuid=16207155507905582230585351564327217475
54.77.60.152302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=16207155507905582230585351564327217475
IP 54.77.60.152:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=16207155507905582230585351564327217475 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://festivevilla.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Mon, 28 Nov 2022 17:31:43 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y4TwfwAAAGyfwgNx; Domain=.everesttech.net; Expires=Tue, 28-Nov-2023 17:31:43 GMT; Path=/
everest_session_v2=Y4TwfwAAAGyfwwNx; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y4TwfwAAAGyfwgNx
Server: AMO-cookiemap/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Y4TwfwAAAGyfwgNx
52.30.42.211302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y4TwfwAAAGyfwgNx
IP 52.30.42.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y4TwfwAAAGyfwgNx HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://festivevilla.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v045-0327f6936.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4TwfwAAAGyfwgNx
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=73933975048047995231506790071872536078; Max-Age=15552000; Expires=Sat, 27 May 2023 17:31:43 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: ZEquGHu9SH4=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4TwfwAAAGyfwgNx
52.30.42.211200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4TwfwAAAGyfwgNx
IP 52.30.42.211:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4TwfwAAAGyfwgNx HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://festivevilla.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-2-v045-03da2f349.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: sKIu+QFdR0c=
Content-Length: 59
Connection: keep-alive
ct.pinterest.com/v3/?event=ViewCategory&tid=2617254381486&noscript=1
23.38.200.197200 OK 35 B URL HTTP/2 ct.pinterest.com/v3/?event=ViewCategory&tid=2617254381486&noscript=1
IP 23.38.200.197:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 9b8d19f4310c758344e40bf17fbc7e85
2290ef058812d5f5e398736e2316cba8cf8093cf
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
GET /v3/?event=ViewCategory&tid=2617254381486&noscript=1 HTTP/1.1
Host: ct.pinterest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://9749892.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache,no-store,must-revalidate,max-age=0
pragma: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-type: image/gif
content-length: 35
access-control-allow-origin: *
x-envoy-upstream-service-time: 2
referrer-policy: origin
x-pinterest-rid: 3294743186989213
date: Mon, 28 Nov 2022 17:31:43 GMT
set-cookie: _pinterest_ct_ua="TWc9PSZOZThpc2tUQm5zemtGaVViZTB5eUJvUFdIVTBSaElzYytXaDVlbGdGYnE1eWwwandUWmVUOVYvL21MbUloalh0UGJlWEg1c1VjKzBWTHZaNXZkL29acWpwZHRBK3ZraU1VcHYyU1BDd0szST0mK3pYWEZkUEJoOU1sM2JuY0FXY3pVc0s4MDhVPQ=="; Expires=Tue, 28 Nov 2023 17:31:43 GMT; Path=/; Domain=ct.pinterest.com; Secure; SameSite=None
akamai-grn: 0.274f2417.1669656703.50912e78
x-cdn: akamai
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
X-Firefox-Spdy: h2
action.media6degrees.com/orbserv/nsjs?adv=cl1027128&ns=2142&nc=NFCU_Membership&ncv=21&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount]
104.18.22.234200 OK 66 B URL HTTP/2 action.media6degrees.com/orbserv/nsjs?adv=cl1027128&ns=2142&nc=NFCU_Membership&ncv=21&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount]
IP 104.18.22.234:0
Hash 62cf4faca5e1d0d1782efe407b82a7bc
18e8cdcfd7a2fad02bd99351977f26cb3f81c966
0ceee345015c1e2dd3de05c039045176f1d3662aa73bf307e2d02228ca45398c
GET /orbserv/nsjs?adv=cl1027128&ns=2142&nc=NFCU_Membership&ncv=21&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount] HTTP/1.1
Host: action.media6degrees.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://9749892.fls.doubleclick.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 17:31:43 GMT
content-type: text/html;charset=ISO-8859-1
p3p: CP="COM NAV INT STA NID OUR IND NOI"
pragma: no-cache
cache-control: no-cache
content-language: en-US
set-cookie: JSESSIONID=62A1BECE29AA1507530A32BE8416D9AC; Path=/orbserv/; HttpOnly
access-control-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7714d6ba7ddbb518-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
ct.pinterest.com/v3/?event=PageView&tid=2617254381486&noscript=1
23.38.200.197200 OK 35 B URL HTTP/2 ct.pinterest.com/v3/?event=PageView&tid=2617254381486&noscript=1
IP 23.38.200.197:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 9b8d19f4310c758344e40bf17fbc7e85
2290ef058812d5f5e398736e2316cba8cf8093cf
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
GET /v3/?event=PageView&tid=2617254381486&noscript=1 HTTP/1.1
Host: ct.pinterest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://9749892.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache,no-store,must-revalidate,max-age=0
pragma: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-type: image/gif
content-length: 35
access-control-allow-origin: *
x-envoy-upstream-service-time: 3
referrer-policy: origin
x-pinterest-rid: 7449133675482566
date: Mon, 28 Nov 2022 17:31:43 GMT
set-cookie: _pinterest_ct_ua="TWc9PSZMb2QzUCs5eEdFOEJVSGlTTEgrY0V0NDlrb1dMcDVkR1gzWjBkNm4xTC9BMzc3WnVaR0VzVm1Sbzk5aTB5RGFjMG5XWjBabVp6TWt2QU1TaTg5TjIxVjg3SGdURUVwU0Z5VHV3TXE0NDlZND0mNk1pN0twcVc2QnpiNEZHWWJTZmdhV0x4MmxvPQ=="; Expires=Tue, 28 Nov 2023 17:31:43 GMT; Path=/; Domain=ct.pinterest.com; Secure; SameSite=None
akamai-grn: 0.274f2417.1669656703.50912e72
x-cdn: akamai
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fb9963af5b3c525d68d5c87f0da8025b
c8d1f50313dddb0cea04745d762dac01718a026f
231ef2bc126d4f0cf0910147608f65ec32ee15f3cfdb6981f5fae66f33cfc519
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/683427688/?random=216546017&cv=9&fst=1669656702624&num=1&npa=1&label=ZF0BCPDe2LkBEOiO8cUC&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9749892.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D9749892%3Btype%3Dmembersh%3Bcat%3Dnfcu_00%3Bord%3D7399475611173%3Bgtm%3D2od9u1%3Bauiddc%3D1792166555.1603296658%3B~oref%3Dhttps%253A%252F%252Fmembership.navyfederal.org%252F%253F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=f_CEY8D1EN6QygXGx63QCQ&sscte=1&crd=
142.250.74.162302 Found 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/683427688/?random=216546017&cv=9&fst=1669656702624&num=1&npa=1&label=ZF0BCPDe2LkBEOiO8cUC&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9749892.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D9749892%3Btype%3Dmembersh%3Bcat%3Dnfcu_00%3Bord%3D7399475611173%3Bgtm%3D2od9u1%3Bauiddc%3D1792166555.1603296658%3B~oref%3Dhttps%253A%252F%252Fmembership.navyfederal.org%252F%253F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=f_CEY8D1EN6QygXGx63QCQ&sscte=1&crd=
IP 142.250.74.162:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/683427688/?random=216546017&cv=9&fst=1669656702624&num=1&npa=1&label=ZF0BCPDe2LkBEOiO8cUC&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9749892.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D9749892%3Btype%3Dmembersh%3Bcat%3Dnfcu_00%3Bord%3D7399475611173%3Bgtm%3D2od9u1%3Bauiddc%3D1792166555.1603296658%3B~oref%3Dhttps%253A%252F%252Fmembership.navyfederal.org%252F%253F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=f_CEY8D1EN6QygXGx63QCQ&sscte=1&crd= HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://9749892.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 28 Nov 2022 17:31:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-conversion/683427688/?random=216546017&cv=9&fst=1669656702624&num=1&npa=1&label=ZF0BCPDe2LkBEOiO8cUC&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9749892.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D9749892%3Btype%3Dmembersh%3Bcat%3Dnfcu_00%3Bord%3D7399475611173%3Bgtm%3D2od9u1%3Bauiddc%3D1792166555.1603296658%3B~oref%3Dhttps%253A%252F%252Fmembership.navyfederal.org%252F%253F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=f_CEY8D1EN6QygXGx63QCQ&random=1873616732&resp=GooglemKTybQhCsO
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 28-Nov-2022 17:46:43 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.21.226:0
Hash 5770a7a372d5fd2baba5ba99c8fdd4be
63fd6e1182ea898f9808d0b66f7586923a76cf79
5db40f0ecb44016e61ccdfe5671355e0e9545a5d53a188840156886225157573
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:43 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Fri, 02 Dec 2022 15:14:32 GMT
ETag: "63fd6e1182ea898f9808d0b66f7586923a76cf79"
Last-Modified: Mon, 28 Nov 2022 15:14:33 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1377
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7714d6bbfacdb511-OSL
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fb9963af5b3c525d68d5c87f0da8025b
c8d1f50313dddb0cea04745d762dac01718a026f
231ef2bc126d4f0cf0910147608f65ec32ee15f3cfdb6981f5fae66f33cfc519
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 03ad9fc0b00b5df3165dc2fb1e3b0a3e
f8243335a8bc24d989bddd346048a055e1d0bdeb
366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 17:31:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-conversion/683427688/?random=216546017&cv=9&fst=1669656702624&num=1&npa=1&label=ZF0BCPDe2LkBEOiO8cUC&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9749892.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D9749892%3Btype%3Dmembersh%3Bcat%3Dnfcu_00%3Bord%3D7399475611173%3Bgtm%3D2od9u1%3Bauiddc%3D1792166555.1603296658%3B~oref%3Dhttps%253A%252F%252Fmembership.navyfederal.org%252F%253F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=f_CEY8D1EN6QygXGx63QCQ&random=1873616732&resp=GooglemKTybQhCsO
142.250.74.164302 Found 42 B URL HTTP/2 www.google.com/pagead/1p-conversion/683427688/?random=216546017&cv=9&fst=1669656702624&num=1&npa=1&label=ZF0BCPDe2LkBEOiO8cUC&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9749892.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D9749892%3Btype%3Dmembersh%3Bcat%3Dnfcu_00%3Bord%3D7399475611173%3Bgtm%3D2od9u1%3Bauiddc%3D1792166555.1603296658%3B~oref%3Dhttps%253A%252F%252Fmembership.navyfederal.org%252F%253F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=f_CEY8D1EN6QygXGx63QCQ&random=1873616732&resp=GooglemKTybQhCsO
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-conversion/683427688/?random=216546017&cv=9&fst=1669656702624&num=1&npa=1&label=ZF0BCPDe2LkBEOiO8cUC&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9749892.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D9749892%3Btype%3Dmembersh%3Bcat%3Dnfcu_00%3Bord%3D7399475611173%3Bgtm%3D2od9u1%3Bauiddc%3D1792166555.1603296658%3B~oref%3Dhttps%253A%252F%252Fmembership.navyfederal.org%252F%253F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=f_CEY8D1EN6QygXGx63QCQ&random=1873616732&resp=GooglemKTybQhCsO HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://9749892.fls.doubleclick.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 28 Nov 2022 17:31:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-conversion/683427688/?random=216546017&cv=9&fst=1669656702624&num=1&npa=1&label=ZF0BCPDe2LkBEOiO8cUC&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9749892.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D9749892%3Btype%3Dmembersh%3Bcat%3Dnfcu_00%3Bord%3D7399475611173%3Bgtm%3D2od9u1%3Bauiddc%3D1792166555.1603296658%3B~oref%3Dhttps%253A%252F%252Fmembership.navyfederal.org%252F%253F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=f_CEY8D1EN6QygXGx63QCQ&random=1873616732&resp=GooglemKTybQhCsO&ipr=y&prhg=0
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-conversion/683427688/?random=216546017&cv=9&fst=1669656702624&num=1&npa=1&label=ZF0BCPDe2LkBEOiO8cUC&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9749892.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D9749892%3Btype%3Dmembersh%3Bcat%3Dnfcu_00%3Bord%3D7399475611173%3Bgtm%3D2od9u1%3Bauiddc%3D1792166555.1603296658%3B~oref%3Dhttps%253A%252F%252Fmembership.navyfederal.org%252F%253F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=f_CEY8D1EN6QygXGx63QCQ&random=1873616732&resp=GooglemKTybQhCsO&ipr=y&prhg=0
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-conversion/683427688/?random=216546017&cv=9&fst=1669656702624&num=1&npa=1&label=ZF0BCPDe2LkBEOiO8cUC&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9749892.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D9749892%3Btype%3Dmembersh%3Bcat%3Dnfcu_00%3Bord%3D7399475611173%3Bgtm%3D2od9u1%3Bauiddc%3D1792166555.1603296658%3B~oref%3Dhttps%253A%252F%252Fmembership.navyfederal.org%252F%253F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=f_CEY8D1EN6QygXGx63QCQ&random=1873616732&resp=GooglemKTybQhCsO&ipr=y&prhg=0
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-conversion/683427688/?random=216546017&cv=9&fst=1669656702624&num=1&npa=1&label=ZF0BCPDe2LkBEOiO8cUC&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9749892.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D9749892%3Btype%3Dmembersh%3Bcat%3Dnfcu_00%3Bord%3D7399475611173%3Bgtm%3D2od9u1%3Bauiddc%3D1792166555.1603296658%3B~oref%3Dhttps%253A%252F%252Fmembership.navyfederal.org%252F%253F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=f_CEY8D1EN6QygXGx63QCQ&random=1873616732&resp=GooglemKTybQhCsO&ipr=y&prhg=0 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://9749892.fls.doubleclick.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 28 Nov 2022 17:31:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ct.pinterest.com/v3/?event=ViewCategory&tid=2617254381486&noscript=1
23.38.200.197200 OK 35 B URL HTTP/2 ct.pinterest.com/v3/?event=ViewCategory&tid=2617254381486&noscript=1
IP 23.38.200.197:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 9b8d19f4310c758344e40bf17fbc7e85
2290ef058812d5f5e398736e2316cba8cf8093cf
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
GET /v3/?event=ViewCategory&tid=2617254381486&noscript=1 HTTP/1.1
Host: ct.pinterest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://9749892.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: no-cache,no-store,must-revalidate,max-age=0
pragma: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-type: image/gif
content-length: 35
access-control-allow-origin: *
x-envoy-upstream-service-time: 2
referrer-policy: origin
x-pinterest-rid: 6367887745094350
date: Mon, 28 Nov 2022 17:31:43 GMT
set-cookie: _pinterest_ct_ua="TWc9PSZ1K2JzVUx5TE9NTnhBTGwvZWlYMGo5cEtuVnB5OHpHQjFVTGlUSkFtVDVtV0lwV0lZdnR1N1JXbGM5SlU2ZG5KaGxlaStTRWRndzJSM1lnWlEyd2phdGtyRStjRk9UM3hSclowV1VQaThzWT0mL2pPWWk4YURvclVjdlN3bWxyVEp6SUp1aFlVPQ=="; Expires=Tue, 28 Nov 2023 17:31:43 GMT; Path=/; Domain=ct.pinterest.com; Secure; SameSite=None
akamai-grn: 0.274f2417.1669656703.509138d4
x-cdn: akamai
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
X-Firefox-Spdy: h2
ct.pinterest.com/v3/?event=PageView&tid=2617254381486&noscript=1
23.38.200.197200 OK 35 B URL HTTP/2 ct.pinterest.com/v3/?event=PageView&tid=2617254381486&noscript=1
IP 23.38.200.197:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 9b8d19f4310c758344e40bf17fbc7e85
2290ef058812d5f5e398736e2316cba8cf8093cf
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
GET /v3/?event=PageView&tid=2617254381486&noscript=1 HTTP/1.1
Host: ct.pinterest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://9749892.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: no-cache,no-store,must-revalidate,max-age=0
pragma: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-type: image/gif
content-length: 35
access-control-allow-origin: *
x-envoy-upstream-service-time: 2
referrer-policy: origin
x-pinterest-rid: 6201945804850312
date: Mon, 28 Nov 2022 17:31:43 GMT
set-cookie: _pinterest_ct_ua="TWc9PSYzU0RLcTJzZGhwVWRzbUs1S09VcHdSR01MU0xOVkduV3ZIdXpRazEwcmFKVXUyZ3YzQnF3Q00yZ1BRTkpOdVFIemtIRUR4d0M5WVhIeXExdk93bjEvQlZPSkhESUl1ZDF6T0toWThrRlRDZz0mWnNNWW9aaHpSVW43eENNNHhoY1MyZEwrcERJPQ=="; Expires=Tue, 28 Nov 2023 17:31:43 GMT; Path=/; Domain=ct.pinterest.com; Secure; SameSite=None
akamai-grn: 0.274f2417.1669656703.509138db
x-cdn: akamai
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
X-Firefox-Spdy: h2
ct.pinterest.com/v3/?tid=2617254381486&noscript=1
23.38.200.197200 OK 35 B URL HTTP/2 ct.pinterest.com/v3/?tid=2617254381486&noscript=1
IP 23.38.200.197:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 9b8d19f4310c758344e40bf17fbc7e85
2290ef058812d5f5e398736e2316cba8cf8093cf
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
GET /v3/?tid=2617254381486&noscript=1 HTTP/1.1
Host: ct.pinterest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://9749892.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: no-cache,no-store,must-revalidate,max-age=0
pragma: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-type: image/gif
content-length: 35
access-control-allow-origin: *
x-envoy-upstream-service-time: 3
referrer-policy: origin
x-pinterest-rid: 7810617908864161
date: Mon, 28 Nov 2022 17:31:43 GMT
set-cookie: _pinterest_ct_ua="TWc9PSZuK2dxdHpzQ01zVi9vNjdHQTJuREpQVXB4K3FzL05ka1prVll3b2oyWVhCZ2s0cDBYT241eW16UXNNSjN0VnJNWlhJaklIYmdLTGQrWittVUMyWVFrblc0K2Q2di9QZTFvUjBKM0xPZ2Vtdz0mU2J1Y0JDMFZiSGlvY25KRjh5NEJPejdTUU1rPQ=="; Expires=Tue, 28 Nov 2023 17:31:43 GMT; Path=/; Domain=ct.pinterest.com; Secure; SameSite=None
akamai-grn: 0.274f2417.1669656703.509138d9
x-cdn: akamai
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
X-Firefox-Spdy: h2
action.dstillery.com/orbserv/nsjs?adv=cl1027128&ns=2142&nc=NFCU_Membership&ncv=21&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount]
104.18.22.234302 Found 0 B URL HTTP/2 action.dstillery.com/orbserv/nsjs?adv=cl1027128&ns=2142&nc=NFCU_Membership&ncv=21&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount]
IP 104.18.22.234:0
GET /orbserv/nsjs?adv=cl1027128&ns=2142&nc=NFCU_Membership&ncv=21&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount] HTTP/1.1
Host: action.dstillery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://9749892.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 28 Nov 2022 17:31:43 GMT
content-type: text/html; charset=iso-8859-1
location: https://action.media6degrees.com/orbserv/nsjs?adv=cl1027128&ns=2142&nc=NFCU_Membership&ncv=21&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount]
access-control-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7714d6b7a827b518-OSL
X-Firefox-Spdy: h2
insight.adsrvr.org/track/pxl/?adv=pcl8biy&ct=0:1psqepk&fmt=3
52.223.40.198200 OK 0 B URL HTTP/2 insight.adsrvr.org/track/pxl/?adv=pcl8biy&ct=0:1psqepk&fmt=3
IP 52.223.40.198:0
GET /track/pxl/?adv=pcl8biy&ct=0:1psqepk&fmt=3 HTTP/1.1
Host: insight.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://9749892.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 17:31:43 GMT
content-type: image/gif
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
action.dstillery.com/orbserv/nsjs?adv=cl1027128&ns=2142&nc=NFCU_Membership&ncv=21&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount]
104.18.22.234302 Found 0 B URL HTTP/2 action.dstillery.com/orbserv/nsjs?adv=cl1027128&ns=2142&nc=NFCU_Membership&ncv=21&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount]
IP 104.18.22.234:0
GET /orbserv/nsjs?adv=cl1027128&ns=2142&nc=NFCU_Membership&ncv=21&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount] HTTP/1.1
Host: action.dstillery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://9749892.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Mon, 28 Nov 2022 17:31:43 GMT
content-type: text/html; charset=iso-8859-1
location: https://action.media6degrees.com/orbserv/nsjs?adv=cl1027128&ns=2142&nc=NFCU_Membership&ncv=21&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount]
access-control-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7714d6ba7dd2b518-OSL
X-Firefox-Spdy: h2
action.media6degrees.com/orbserv/nsjs?adv=cl1027128&ns=2142&nc=NFCU_Membership&ncv=21&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount]
104.18.22.234200 OK 0 B URL HTTP/2 action.media6degrees.com/orbserv/nsjs?adv=cl1027128&ns=2142&nc=NFCU_Membership&ncv=21&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount]
IP 104.18.22.234:0
GET /orbserv/nsjs?adv=cl1027128&ns=2142&nc=NFCU_Membership&ncv=21&dstOrderId=[OrderId]&dstOrderAmount=[OrderAmount] HTTP/1.1
Host: action.media6degrees.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://9749892.fls.doubleclick.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 17:31:43 GMT
content-type: text/html;charset=ISO-8859-1
p3p: CP="COM NAV INT STA NID OUR IND NOI"
pragma: no-cache
cache-control: no-cache
content-language: en-US
set-cookie: JSESSIONID=F23A71DB3D47FCBD7C96B2E388D62C14; Path=/orbserv/; HttpOnly
access-control-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7714d6bd3c4fb518-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Source+Sans+Pro:100,200,300,400,500,600,700,800,900
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Source+Sans+Pro:100,200,300,400,500,600,700,800,900
IP 142.250.74.10:0
GET /css?family=Source+Sans+Pro:100,200,300,400,500,600,700,800,900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://festivevilla.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 28 Nov 2022 17:31:41 GMT
date: Mon, 28 Nov 2022 17:31:41 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
festivevilla.com/Navy/assets/card_files/recaptcha__en.js
210.16.102.57200 OK 0 B URL HTTP/1.1 festivevilla.com/Navy/assets/card_files/recaptcha__en.js
IP 210.16.102.57:0
Analyzer Verdict Alert fortinet Phishing
GET /Navy/assets/card_files/recaptcha__en.js HTTP/1.1
Host: festivevilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://festivevilla.com/Navy/card.php
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 17:31:40 GMT
Server: Apache
Last-Modified: Fri, 18 Nov 2022 20:18:02 GMT
Accept-Ranges: bytes
Content-Length: 349263
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript