r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bea3185dd820a31c1981317f37c3456d
1a548a5d27270fc11df9011837a7149571cedd78
469b97bf9f57401b3c9571039483589f2815f4794212b75c7c85cfefe0ae71e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9"
Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6696
Expires: Sat, 25 Mar 2023 03:11:26 GMT
Date: Sat, 25 Mar 2023 01:19:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 13f90146df1d559743af6df15c29b77b
6dd24f60629c39f857e3c996084f4d515cf3f8d0
ea5975be17b9cd29c8770939eb5d63ce43c1c44ce9a3a4d04e1e79cd69b30d1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EA5975BE17B9CD29C8770939EB5D63CE43C1C44CE9A3A4D04E1E79CD69B30D1C"
Last-Modified: Fri, 24 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8617
Expires: Sat, 25 Mar 2023 03:43:27 GMT
Date: Sat, 25 Mar 2023 01:19:50 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Alert, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 25 Mar 2023 01:15:18 GMT
content-type: application/json
age: 272
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dc2752d83fbed82852248898a132467a
b27a6b4af2e07663a58cafb641513f7224c7a7c3
ea7838393d83805a7b8a2b01bd09e4423617c4da285b983a11e9ba36266810d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EA7838393D83805A7B8A2B01BD09E4423617C4DA285B983A11E9BA36266810D5"
Last-Modified: Wed, 22 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2955
Expires: Sat, 25 Mar 2023 02:09:05 GMT
Date: Sat, 25 Mar 2023 01:19:50 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: bB8mG5EmGn+2MXbNB60dDFDBtGzMzOT5jKHrcnBJeE5z3r+ri3LxGVFUYPO+HSEElV/VyHBbV2c=
x-amz-request-id: DKFH2BT31164PPZZ
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 25 Mar 2023 00:54:43 GMT
age: 1507
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 01:19:50 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Content-Type, Cache-Control, Pragma, Alert, Last-Modified, Retry-After, Backoff, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 25 Mar 2023 01:14:33 GMT
age: 318
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 70300b32357c46f3448d567189b64cb3
6ba66a5cf63cdbfeaec59b936151cc812bac56df
5a2b4f9fc5ebaa8062058bf68eae75fc28e06c6ef6a0e79c3c761c1d92f81cb9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5A2B4F9FC5EBAA8062058BF68EAE75FC28E06C6EF6A0E79C3C761C1D92F81CB9"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6777
Expires: Sat, 25 Mar 2023 03:12:48 GMT
Date: Sat, 25 Mar 2023 01:19:51 GMT
Connection: keep-alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
74.124.217.28200 OK 139 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2504)
Size 139 kB (138769 bytes)
Hash 8436bdd7ed9af3b527fb086ebb2c2a70
16e957b214db61f5de232b0a1faae7a14db48cc8
d494d8a0b806dbb4751a0dd397e684d9f0280e49da81bf1208e92d40d9fd450f
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/ HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:50 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 138769
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ec.js.download
74.124.217.28200 OK 2.8 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ec.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (2771)
Hash 0ae62a83927125e9b9dfa97f89af9d3f
efb68f49f2b9b6b5567bf26a17015ede289e429d
618688d9849fef712931832c71e01be145d1791d6da917a702ab86a74ce66089
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ec.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:51 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 2797
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ga_conversion_async.js.download
74.124.217.28200 OK 36 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ga_conversion_async.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (35846)
Hash 0a40602db7616a31c9da4548ee920190
878e01cb0c90cb247aabc137327655a6fcffcbd5
6c771bd1c269646a76015f2f6410a40c031e5adea88f665bfe9ae15a972ab6ab
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ga_conversion_async.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:51 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 35889
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
push.services.mozilla.com/
34.218.147.141101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.218.147.141:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: VsI24QnZMszO72KmP3vhUg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FLwS/dQHd0VUwbpeIxaCQ7vzoYQ=
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(1).download
74.124.217.28200 OK 117 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(1).download
IP 74.124.217.28:0
File type ASCII text, with very long lines (65507), with CRLF line terminators
Size 117 kB (117306 bytes)
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(1).download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:51 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 117306
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ga.js.download
74.124.217.28200 OK 49 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ga.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (49163)
Hash 8402e9ebdf9290c018b0617018227681
2d840fcd6c3008d9aca747ba0ce056b496db8e1b
0b2af045acafbdf14516bf55f310568036ace959946d16edb1acebcd58029d22
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ga.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:51 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 49189
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/nd
74.124.217.28200 OK 55 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/nd
IP 74.124.217.28:0
File type ASCII text, with very long lines (2293)
Hash 9dbb04566ec754133d5311a6e26f284f
f0423c0cb1db1b547680472e5dd34fb8da7823bf
cc12563d68e186b0aa054336798db0b82e04ecdc8e1688625f477fd57e177678
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/nd HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:51 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 54581
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(3).download
74.124.217.28200 OK 117 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(3).download
IP 74.124.217.28:0
File type ASCII text, with very long lines (65507), with CRLF line terminators
Size 117 kB (117306 bytes)
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(3).download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:51 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 117306
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/adrum-ext.b4436be974de477658d4a93afb752165.js.download
74.124.217.28200 OK 48 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/adrum-ext.b4436be974de477658d4a93afb752165.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (599)
Hash aeccb854b0a76aa9f478e466c8011b29
625d31cbeb8978cf2419f58d14bba92a42dbb45c
7f0d10bc282c3d7b0eb4d7527303490f8d3b86a1c65e293c2d9f0793006441e6
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/adrum-ext.b4436be974de477658d4a93afb752165.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:51 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 48109
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js.download
74.124.217.28200 OK 117 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (65507), with CRLF line terminators
Size 117 kB (117306 bytes)
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:51 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 117306
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(2).download
74.124.217.28200 OK 117 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(2).download
IP 74.124.217.28:0
File type ASCII text, with very long lines (65507), with CRLF line terminators
Size 117 kB (117306 bytes)
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(2).download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:51 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 117306
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/appdEUMConfig.js.download
74.124.217.28200 OK 2.0 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/appdEUMConfig.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (1952), with no line terminators
Hash e7cf4c458b327ab7ed31e0936ccd404f
970bf05073f91ad6b8f21521f7c9886f71f2af1d
52b687a685d2239142be0db5335c5710951ba8c2b39a44431a40f156b4d9312d
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/appdEUMConfig.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 1952
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/homepage_iaoffer.js.download
74.124.217.28200 OK 59 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/homepage_iaoffer.js.download
IP 74.124.217.28:0
File type Unicode text, UTF-8 text, with very long lines (33131), with NEL line terminators
Hash 33ec52ff2ee8f8c67af046401cd73e22
f45728e593cde772d9b4c894ddaefb373c847b8b
983ee094a3e2d2587fa6367e8ffb02acdf53ca5d935e70090a91622365d97a83
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/homepage_iaoffer.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 59165
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/general_alt.js(1).download
74.124.217.28200 OK 266 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/general_alt.js(1).download
IP 74.124.217.28:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 266 kB (266092 bytes)
Hash 836c4fcbb760fe1b0bd5675c777e1bed
0435190d7d75c1023ec2ae31cdfd2579b91ff636
c4b2906db153e138d16deb90857402a37fb2727495d4f138c9ff867e7e17ea5e
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/general_alt.js(1).download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:51 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 266092
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/detector-dom.min.js.download
74.124.217.28200 OK 440 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/detector-dom.min.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (65434)
Size 440 kB (440531 bytes)
Hash d980391562cb88335867228eb62355e0
ee7af0c08ee43ff66f6bba09c08852f7b3859a42
313c07f6e4facc5730db27563c4aeaad1a86126333d448e47c7b29adb1f806fd
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/detector-dom.min.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:51 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 440531
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/glu.js.download
74.124.217.28200 OK 70 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/glu.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash c062b053133a0a3c664a7060ccf0bea3
b31c16628cd43859099b6b68f27917f14539bea1
d7b62768ab921d7145c2cc2d9c7f02051b8fd8e57267887406ecd01a7f9290a3
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/glu.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 69864
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/pic.js.download
74.124.217.28200 OK 90 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/pic.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 4062abb3bfdbb31b4b1895997874f219
2b02354af47c67f7bfdf84a5b4082cbc76cb3324
e09fd8d46b92df6e1b402b0b229af65ff7db0ce6234c5eda354a2986542995fb
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/pic.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 89980
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb
74.124.217.28200 OK 131 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb
IP 74.124.217.28:0
File type ASCII text, with no line terminators
Hash abf8096f6003159b63cf71b5429f90ca
fb5ea6ba375ff149caa78dc1267af83ded68d3db
30f0e4411f2d7e707c05bbb0ca31dcdc2f8a2cc927eefa4bde7a914b4145aa0b
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 131
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/general_alt.js.download
74.124.217.28200 OK 543 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/general_alt.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (65357)
Size 543 kB (543121 bytes)
Hash 2ebe1f343eef1598263831c72bee5d92
3a9a8ba970e54572bfbb11d12039a52157557e39
e2afa6367d38dde83b3c734b10a6235bf0124d908663db531efbcecaab12e61d
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/general_alt.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:51 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 543121
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/mint.js.download
74.124.217.28200 OK 260 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/mint.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 260 kB (260264 bytes)
Hash 2b532ca3d4b9df2ecf67638936014059
25dd1d6a49ac0d72962a5bbd4902abda405a5e48
9dda4d6c5dc931d504ff91d5df0be668ba3154ed1514ecacc2dcc13155444f62
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/mint.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 260264
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(1)
74.124.217.28200 OK 130 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(1)
IP 74.124.217.28:0
File type ASCII text, with no line terminators
Hash 3fecc01579fe22519493132cefca2c9b
529f82b6faa7fbad76af83c019a1e4bb77c1a08d
ca3dade1270fd45c0ff5b4b97e77158383c67e3839690486df9d0de49475c807
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(1) HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 130
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ay6u
74.124.217.28200 OK 131 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ay6u
IP 74.124.217.28:0
File type ASCII text, with no line terminators
Hash 55c1846dc179144e0a1d6975a2abbe53
d84d956b638321093cfad366439967c39114bf3a
ea11b3203493c08740444421015761fcab21c4bdc1a0f2705383c606b90c0e9d
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ay6u HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 131
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(2)
74.124.217.28200 OK 121 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(2)
IP 74.124.217.28:0
File type ASCII text, with no line terminators
Hash 98eb97f81982128b173db5baff4dd1fc
12d60092ea61efba2f5000b439275a6392fd2d3e
a027f6b72e494bf913595f0ca8e54072779ed333dcbe80267683aa1c05578147
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(2) HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 121
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(3)
74.124.217.28200 OK 120 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(3)
IP 74.124.217.28:0
File type ASCII text, with no line terminators
Hash 90979f5917d1b3c9ff5a96d82183d13d
ed8df6786f485b73b02913347b4af8e685420aba
3a80faeb61ad99e2c936d64daede2902d846b35465885ec4eed22b00668e6847
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(3) HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 120
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(4)
74.124.217.28200 OK 120 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(4)
IP 74.124.217.28:0
File type ASCII text, with no line terminators
Hash 02b7139b6db6ce2d12568e0d38f7c5af
24cdff0854111a321969e11ca97a3afca43d7b1b
16db041a747da62afcfb57354c0a1b6e13b6b946aaf8e09ea23abed13e62c855
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(4) HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 120
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfui-container-bottom.js.download
74.124.217.28200 OK 45 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfui-container-bottom.js.download
IP 74.124.217.28:0
File type Unicode text, UTF-8 text, with very long lines (45298)
Hash 308e427d5e59a148900bf524ecd5829a
73baa209d84f2d15c88606b28280d2121efd878c
c15cbdeb4d6f20c36afa165203fc74d9ee00c6d77954971b0e1ba2e5ec222b07
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfui-container-bottom.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 45349
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ps-homepage.js.download
74.124.217.28200 OK 182 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ps-homepage.js.download
IP 74.124.217.28:0
File type Unicode text, UTF-8 text, with very long lines (65500), with no line terminators
Size 182 kB (182242 bytes)
Hash 490c7f900c0cb2ac4c2ec112dd40d1fe
6edf6cc5b25e9ba3216f4eed51b5dd2633256fd5
3284462b6d51ca036f6eb7aba842486c4d25ec204c62621f274e5119f95a5264
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ps-homepage.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 182242
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/utag.js.download
74.124.217.28200 OK 206 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/utag.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (14989)
Size 206 kB (205701 bytes)
Hash 03ad4c4b549ca0f83ee52e8080977ee1
21dd07ccde97b15149b4c1c0132bf6f281c14501
a7dc85dfc2eb3597f713bae049f38092df3509b0dec67a1d264a2d1ece782868
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/utag.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 205701
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
104.110.27.78200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP 104.110.27.78:0
File type Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Hash f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704
GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=5837327
expires: Wed, 31 May 2023 14:48:39 GMT
date: Sat, 25 Mar 2023 01:19:52 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
104.110.27.78200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP 104.110.27.78:0
File type Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Hash 0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=5994150
expires: Fri, 02 Jun 2023 10:22:22 GMT
date: Sat, 25 Mar 2023 01:19:52 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
104.110.27.78200 OK 23 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP 104.110.27.78:0
File type Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Hash 83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=5994154
expires: Fri, 02 Jun 2023 10:22:26 GMT
date: Sat, 25 Mar 2023 01:19:52 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
104.110.27.78200 OK 49 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP 104.110.27.78:0
File type PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Hash 4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39
GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:05:23 GMT
etag: "62d9b183-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=12453481
expires: Wed, 16 Aug 2023 04:37:53 GMT
date: Sat, 25 Mar 2023 01:19:52 GMT
X-Firefox-Spdy: h2
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gTAX0OcTI
74.124.217.28200 OK 189 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gTAX0OcTI
IP 74.124.217.28:0
Size 189 kB (189086 bytes)
Hash 6fc31419caed24a8f72b99ed2c9457a8
0bd02dc5a12fe97a41a5bd040ee33995d8e1e088
f48b4a7088d3d7c820aed240ca677012df229b53c8070d91cf16f93aca936d3b
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gTAX0OcTI HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 189086
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6845
Expires: Sat, 25 Mar 2023 03:13:57 GMT
Date: Sat, 25 Mar 2023 01:19:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6845
Expires: Sat, 25 Mar 2023 03:13:57 GMT
Date: Sat, 25 Mar 2023 01:19:52 GMT
Connection: keep-alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/login-userprefs.min.js.download
74.124.217.28200 OK 5.8 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/login-userprefs.min.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (559)
Hash ee4b346d4f675591688c3f63986e2bf5
659e67d4670028a98f4a99f8a4f7a061c9f36806
ee5f267a50e556878a0645c16ba63e883706aad9f721a0eca27391ace9268be9
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/login-userprefs.min.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 5774
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.download
74.124.217.28200 OK 1.2 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.download
IP 74.124.217.28:0
Hash 7730890fa6357da237002ed4052a7484
445b584507b5af28a765a89674ca0d4dcd13045f
6bba5cfedba0df5d88b9ce92ff8d023991cf1bff57ade36468f8f5e9ff15214f
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 1175
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6845
Expires: Sat, 25 Mar 2023 03:13:57 GMT
Date: Sat, 25 Mar 2023 01:19:52 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bda2583-e595-45ff-852f-d4b6bd713109.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bda2583-e595-45ff-852f-d4b6bd713109.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 73f9697594d173d623b331b5c35eab8d
6323f751f6b7517f062a0442480f672086ea02a1
116cb71658b31e87f19c390b242c684f6505cc8edf90b7fc934ac726fc7ddd18
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bda2583-e595-45ff-852f-d4b6bd713109.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8635
x-amzn-requestid: fc715b03-f48f-4300-b752-ab157a684f08
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTihcETyIAMFhYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e17a2-68f685ec0f50dae026ea3f64;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:35:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: ogff88YPb_ia9BPyBI0afIy9cWym7eDnXHKykpTS3NVG4EY_SUENDA==
via: 1.1 ba490acb2ea716cd57876286ed686786.cloudfront.net (CloudFront), 1.1 aa623e134417515bd2496cb01d5e5626.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:40:28 GMT
etag: "6323f751f6b7517f062a0442480f672086ea02a1"
content-type: image/jpeg
age: 13164
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85351059b67b0a42eda7e69a31b3b4b4
b798268806dc2f79f033e5872676019faf0e0cc1
86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4000
x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraEqyoAMFgNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Ncagzm12kJaHQtYhhjUUhcfXVfbwMdonoNYqpK-QXEmLfyyENgFnFA==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 42ef990e439ae115ff739f04e3945234.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 06:10:34 GMT
age: 68958
etag: "b798268806dc2f79f033e5872676019faf0e0cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98ae84b9-2e9d-44e4-abe3-82b566299062.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98ae84b9-2e9d-44e4-abe3-82b566299062.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b0718f4a5b3b3a5a5b1b523a4b634163
9b5941bbfc5bdf9a541303247d4885bb4e142fe8
ec6fb85b68089d4b38d8dbf769fa5eaf12bce29463e76028d140a611e9b8fef4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98ae84b9-2e9d-44e4-abe3-82b566299062.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7384
x-amzn-requestid: 230584cf-44e6-4e53-ab88-27005fc130c9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTixJHnCIAMF1kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e1807-1709645f7941345117017427;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:37:11 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 0KF-Fu5mQCRuxtBrOErQg_a_zrY1SDPL3te-6WOZs8-tJwwq-6kAqw==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 2e20768704c71ff3ce2e677251d27f3c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:40:28 GMT
age: 13164
etag: "9b5941bbfc5bdf9a541303247d4885bb4e142fe8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F530f5cd8-6254-4d95-b9d7-0a4408541d09.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F530f5cd8-6254-4d95-b9d7-0a4408541d09.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2cb19158aa416c7419bfc2eaa422a2b4
9c8c2be020b5d408ff7963b0528f0221a9f96df9
c709a57a40ee64368bc0f7967e49eda8677e67ab194aacd22224107167f14635
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F530f5cd8-6254-4d95-b9d7-0a4408541d09.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10682
x-amzn-requestid: 6a2b88c9-1d41-4ee1-9b15-1518b340b548
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CNtJtGhSIAMF1ZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641bc23d-0648c11518f78f423bd03ab9;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 03:06:37 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 7eUMsnhkiOK0J5i1LxDg0Akz5pZzpYiACAkopd_gLHMWHwC7Y1AqGQ==
via: 1.1 f3802d173009698413044360f84de06c.cloudfront.net (CloudFront), 1.1 4c48e9fb20d53d40e9fe273dbdae1098.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 05:09:22 GMT
age: 72630
etag: "9c8c2be020b5d408ff7963b0528f0221a9f96df9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ps-homepage.css
74.124.217.28200 OK 5.3 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ps-homepage.css
IP 74.124.217.28:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aecd210f66f83c73c3450d047ae7448a
d68861e96e12e8a3f293dbae8b687f05b6e15afb
22b69c41c56e5538d91f824d5dc2e63ab5563f99ae8e429c9166f4b397cacd0e
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ps-homepage.css HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 172639
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcbf42d9-9670-45f8-b425-a162a5e30b3f.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcbf42d9-9670-45f8-b425-a162a5e30b3f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2af85a45729fe89653835173ffb1822c
00d118bd4343e36e69217d8c1baeecea253e7b48
45df61a4c5a5a555a09881035ccd36b950af783505cc14e4a28446f05c34348b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcbf42d9-9670-45f8-b425-a162a5e30b3f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8876
x-amzn-requestid: 4a8c3364-d9e9-49ff-afa0-1f49a90f9f6a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM-xpFZIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b780a-205addd335ac20c16c5a1a58;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:50:02 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: j5wNyBJQU_dvub550k1vWq6darXoOv-oJ5brvPh44JdSWFsbUviJKw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 b48dedcc55e63f14261aa92cf2d61522.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 18:13:33 GMT
age: 25579
etag: "00d118bd4343e36e69217d8c1baeecea253e7b48"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/atadun.js.download
74.124.217.28200 OK 1.2 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/atadun.js.download
IP 74.124.217.28:0
File type ASCII text, with CRLF line terminators
Hash 566dda94252f1860a7a28665c715b530
6aa0455dc8ea41441b1f3a733985758dc40af736
43dd833f33570535401d009e6b6f9cde54bdac4e210fc6c89cfdcfcbaa9fc903
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/atadun.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 1184
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/adrum-ext.js.download
74.124.217.28200 OK 45 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/adrum-ext.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (32088), with CRLF line terminators
Hash 5f310e2e2a558d76b916e137aee73462
c7ff0190c9c2c414321211f3863e9e27f32b713e
385196f0fce7cea80c2c99d971780ecb73df9dea6e5b2d95d19df3aa849c7b1f
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/adrum-ext.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 45340
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
104.110.27.78200 OK 2.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash cd43a2d200f1b8eec84495408eb299f0
2eb173b0af9b49b634e0645a96931f5fdf6e3ab3
659ec8c02bafa9c286c39731fb1d2d382a7a8dd2ee8cc4132146558dbe27b6a8
GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-9f2c"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 858
x-check-cacheable: YES
content-length: 2330
content-type: image/webp
cache-control: private, no-transform, max-age=1490453
expires: Tue, 11 Apr 2023 07:20:45 GMT
date: Sat, 25 Mar 2023 01:19:52 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
104.110.27.78200 OK 2.1 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash bf02d082705f06162b2e73f68602e79e
219dbb45081fa5d8663bad2f96e9066e7f17aa6e
10c22e3b130204065c1a61e7995a9defe21f0408801e8b442035a03f8d16ad64
GET /assets/images/homepage/position-3-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-7b35"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
x-serial: 416
x-check-cacheable: YES
content-length: 2092
content-type: image/webp
cache-control: private, no-transform, max-age=1491039
expires: Tue, 11 Apr 2023 07:30:31 GMT
date: Sat, 25 Mar 2023 01:19:52 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
104.110.27.78200 OK 2.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2f9e97870725142046712437d067b97f
bf8db685193835edea05ac95e5671b24e0f49467
50ce7b0d954443e5fd62e3cd003bc7124bda0b30dd58d6a66485c72be96959c0
GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-cf3e"
last-modified: Thu, 14 Jul 2022 02:02:39 GMT
server: Akamai Image Manager
content-length: 2340
content-type: image/webp
cache-control: private, no-transform, max-age=1407466
expires: Mon, 10 Apr 2023 08:17:38 GMT
date: Sat, 25 Mar 2023 01:19:52 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
104.110.27.78200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP 104.110.27.78:0
File type Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Hash 1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc
GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=5994139
expires: Fri, 02 Jun 2023 10:22:11 GMT
date: Sat, 25 Mar 2023 01:19:52 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wf_logo_220x23.png
74.124.217.28200 OK 2.5 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wf_logo_220x23.png
IP 74.124.217.28:0
File type PNG image data, 220 x 23, 8-bit gray+alpha, non-interlaced\012- data
Hash dc1968433c75a52613cce778e0dae0da
af08ab767909b9c9462d821e6384e2b1f1698e72
10c1acb80b088029eab596925f58565e025206d10ef1edded0bf055dac884bbf
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wf_logo_220x23.png HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 2503
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wf_autograph_card_79x50.jpg
74.124.217.28200 OK 1.2 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wf_autograph_card_79x50.jpg
IP 74.124.217.28:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 79x50, components 3\012- data
Hash 25e24347fda1a96d98a2f6bda9911747
ba4cbe1dc2710398d4bb3ab2f10fe5ed6f320220
797e2e1262decaaeaf403ce2d1d4634dccdbb7d130d7c0c1115c1d1c4187ba39
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wf_autograph_card_79x50.jpg HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 1249
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/jpeg
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Active-Cash-Card-79x50.png
74.124.217.28200 OK 6.4 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Active-Cash-Card-79x50.png
IP 74.124.217.28:0
File type PNG image data, 79 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash ee610744aee59ec31b71e19e1ad6eaa7
448bc52e590983865deb19284b11137143776313
71ce94686e21c4bf0a70ea0ebdd3619425b12ca9f35d6fd2f7b1bfe0fc1f152c
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Active-Cash-Card-79x50.png HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 6434
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Reflect-Card-79x50.png
74.124.217.28200 OK 6.1 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Reflect-Card-79x50.png
IP 74.124.217.28:0
File type PNG image data, 79 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash 591b12f4d2c494c14a9b5c6b7b1ea2ae
da8e94c246fec3159f25e51723d7c90ed7aae79c
ad74103e9fe7dd74e0e0413c0ee84ef2b8b2eb995585973499a7ec5cad2dc524
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Reflect-Card-79x50.png HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 6084
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/bilt_card_79x50.png
74.124.217.28200 OK 5.3 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/bilt_card_79x50.png
IP 74.124.217.28:0
File type PNG image data, 79 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash 6662319a905c635dcfcc415d246df0d5
a81d2f2299be68717ec84ade918d4f80b0e0a008
9d8b2fd8606a20cd2e27d0641847f5fe10adcba3eba209a73f53e5d2111bda04
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/bilt_card_79x50.png HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 5296
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/png
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 9659cae81d193ae22211beedfd4f8d5a
7cf76f23cbc6b9bccc8623834bdc150e18c67bbb
6e74e7101f830de3cc4951f21e6d2356a10952892695a719d827d9718f495e7c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5331
Cache-Control: max-age=110787
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 01:19:53 GMT
Etag: "641d4529-1d7"
Expires: Sun, 26 Mar 2023 08:06:20 GMT
Last-Modified: Fri, 24 Mar 2023 06:37:29 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 471
c1.wfinterface.com/tracking/hp/utag.js
95.101.10.106200 OK 55 kB URL HTTP/1.1 c1.wfinterface.com/tracking/hp/utag.js
IP 95.101.10.106:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (14989)
Hash 325fd5c1e9f3b04b500aa0a5214d9219
8adc6878a065c03ca375c03e509b1124e2d737db
a55e9e2d4fd5dbf0eb3a9437ce9fc2bcdd94e12693be87fcc0546aff39c4be98
GET /tracking/hp/utag.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Mon, 13 Feb 2023 21:04:14 GMT
Vary: Accept-Encoding
ETag: W/"63eaa5ce-32385"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 54869
Date: Sat, 25 Mar 2023 01:19:53 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=%2fkviAjSVMvcRQKN2%2fz01kw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi_ph_active-cash-card_1700x700.jpg
74.124.217.28200 OK 12 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi_ph_active-cash-card_1700x700.jpg
IP 74.124.217.28:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x423, components 3\012- data
Hash f4c1f0d1e32dea5834616dc9bf364db0
423727930c2e618746c02434d200c06d84b8ea2d
da7f561e57ebdb7cdea377180e6ba8d6186e7df83b3f4caeb10814d25d3498c3
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi_ph_active-cash-card_1700x700.jpg HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 11695
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/jpeg
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_900217040_616x353.jpg
74.124.217.28200 OK 54 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_900217040_616x353.jpg
IP 74.124.217.28:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 616x353, components 3\012- data
Hash 6d5ec1b65b44ea65384de2fe5bfe025d
5222ed5b82c15fba9d23f9cd3c27928ea69c60e1
7039ff515b881f9ab331dcbc26420d112730e05b8da6e73a0261f4d8de2cbe23
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_900217040_616x353.jpg HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 54091
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/jpeg
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_bc_7207608_collegesponsorship_bball_1600x700.jpg
74.124.217.28200 OK 133 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_bc_7207608_collegesponsorship_bball_1600x700.jpg
IP 74.124.217.28:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x502, components 3\012- data
Size 133 kB (132626 bytes)
Hash fd590ed393d8c2b12418ab2d348c01e3
83b7941d360c84063c075b503d079b79b46ef1fe
8d9e9914bddfb437538d710ce9c4e01ce0bc8ed7bcb951f23cfac146c8f579da
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_bc_7207608_collegesponsorship_bball_1600x700.jpg HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 132626
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/jpeg
gmdva.org/target/offers/conversations
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/target/offers/conversations
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 9a647fe416f8655add4883de1b4960f4
9138821c3fa507509b41112c06864e766918c1ec
5a8a738bcef30aa6f7fc04c1081a4664e2592b7f7a583e9205d38c219c47063a
Analyzer Verdict Alert fortinet Phishing
POST /target/offers/conversations HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 105
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 01:19:52 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: PHPSESSID=a5ddaef70cee64d3f2b2b20acdee0718; path=/
wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_1200094303_616x353.jpg
74.124.217.28200 OK 46 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_1200094303_616x353.jpg
IP 74.124.217.28:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 616x353, components 3\012- data
Hash dcf7437b7a206b67e8a55258ceea28ae
88e53c53f0878df1b91a66feaaa14fd8fae4af48
360a07438b52ee265a76b81e252fa33b85d462168d6998b6e35df8df2899e9d3
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_1200094303_616x353.jpg HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 46359
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/jpeg
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfui-container-bottom.js.download/assets/js/wfui/ndep/websdk/nuance-websdk-loader.js
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfui-container-bottom.js.download/assets/js/wfui/ndep/websdk/nuance-websdk-loader.js
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 530453b6ada6674a961d763b1172f604
8cbbae01e433c38a71b147f6a5eefadbe30da82f
1d5572341eb4dbe2ffcb43fafa0c5cf88f357e9e0c588569ca4635421a88f777
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfui-container-bottom.js.download/assets/js/wfui/ndep/websdk/nuance-websdk-loader.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 01:19:53 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: PHPSESSID=f8bb8c0285b93772408aa5bb231bbef2; path=/
wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/runtime.bd6612f680d429d52883.js
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/runtime.bd6612f680d429d52883.js
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash ba13749169c7b53702a51a78d21794a8
20affe8ec58e7c29c5c8181636309562ecdc5790
581bcf4244ef2ede5698690f5db68a6b6c02af82c5c970ad19bdfabc33ccae9e
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/runtime.bd6612f680d429d52883.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 01:19:53 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: PHPSESSID=07d0e614236c50ecd82e7cdea1819ebf; path=/
wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/vendor.bce22143e85144f6d513.chunk.js
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/vendor.bce22143e85144f6d513.chunk.js
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 110200856ed355dcd1b202bbe4931ed0
6aad8d9ddd92c1b093475d7c71636a010a1bc57d
5cf20bcebba43ac8904fa3e5cd0de08f57722d3c960e86a6c9deb04f55629e63
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/vendor.bce22143e85144f6d513.chunk.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 01:19:53 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: PHPSESSID=bb74b3d83037b9809e5ce13da8253463; path=/
wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/wfui.9bb8714839d00df85c4c.chunk.js
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/wfui.9bb8714839d00df85c4c.chunk.js
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 302b48365cf2239ad7cb5b98d657581a
e065144bb5e23c27b8d6623a53a802b75ae43786
7befc7126588455246dbb76194e7812ba142e9430364945d4470b87f14878688
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/wfui.9bb8714839d00df85c4c.chunk.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 01:19:53 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: PHPSESSID=c8761a50a3bf6f175af97090224c8626; path=/
wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/main.ecf62c3a02822a5d5939.chunk.js
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/main.ecf62c3a02822a5d5939.chunk.js
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 2ff4ad73a53e7f160c07d89cae2185c2
ca529898d0c5978799e787b9fefd902e6015ac3c
0c59f83c5ca822711e92ca0106ffe43f091a89dbf43360b7cfbba06c7cbe54c0
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/main.ecf62c3a02822a5d5939.chunk.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 01:19:53 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: PHPSESSID=4e95e16b6c6f7d6b221d961bd6f6e6e9; path=/
wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/main.ebdd373bd9a28ceb3854.chunk.css
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/main.ebdd373bd9a28ceb3854.chunk.css
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash b3641709f2aec06ba02cf7e674d29630
d27b0f1198d9ea35cf2ec4f978b91a13875bbead
51668f8918e0fc61dcc62ea98cb08315d6744f7562c89d81bda33b203ab0d343
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/main.ebdd373bd9a28ceb3854.chunk.css HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 01:19:53 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: PHPSESSID=a89790498814855bcb6ac32c8a026e62; path=/
wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_482407060_616x353.jpg
74.124.217.28200 OK 51 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_482407060_616x353.jpg
IP 74.124.217.28:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 616x353, components 3\012- data
Hash 5d32e05b0a91f8297175a874253142e0
f9f58624dc5ddf5f9f1bb0bd4d9d818ffd8e4dd4
b30be25d8117203acbc8cdc89a1e09e933cdf301490df1c891277b3d536ec902
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_482407060_616x353.jpg HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 51143
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/jpeg
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Native_App_Phone_Personal_v8.png
74.124.217.28200 OK 39 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Native_App_Phone_Personal_v8.png
IP 74.124.217.28:0
File type PNG image data, 319 x 635, 8-bit/color RGBA, non-interlaced\012- data
Hash e6122beaf9ffcf6becada3bb5ded2dd3
1174ae5f3f04d5de450604f80b5133dfd2262bde
60673c8ca8bb7ceffcfb9148e5d5ceaa0ff23d6a18610fb4c910674f02450ed7
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Native_App_Phone_Personal_v8.png HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 38953
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/png
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ic_b_cash-stack_color-gradient_64x64.png
74.124.217.28200 OK 2.1 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ic_b_cash-stack_color-gradient_64x64.png
IP 74.124.217.28:0
File type PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Hash b4f7871f036398988efb0a550cb67d27
d39cf385293d268c6d83e446398004dd7ade3d34
4ef26e2996754aa57a19bb8ba0f2bc8cb1875979e78ebf59254f52ad095260c6
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ic_b_cash-stack_color-gradient_64x64.png HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 2088
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/png
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
74.124.217.28200 OK 2.4 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
IP 74.124.217.28:0
File type PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Hash 108adcb1bb504da50a6303a9c06125c7
2237780057264fc5857b025761a647056eb8fc94
4048603185d494ac282f68ff94b0e3cc89a85a074bd2f4e0209c3a059a409430
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ic_b_graduation-hat_color-gradient_64x64.png HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 2372
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/png
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/first_time_experience-account_summary.png
74.124.217.28200 OK 4.7 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/first_time_experience-account_summary.png
IP 74.124.217.28:0
File type PNG image data, 148 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 4d6e0a7c2af1820aac3c2a9b4e194cf1
47f2af01b5befb347c468fe69af363eb8ee6338c
d92f4c64ac8ad6de5cdb01e0a3c9e6267d2b88b93b6509eb1cd7084ba2382548
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/first_time_experience-account_summary.png HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 4705
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: image/png
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/activityi.html
74.124.217.28200 OK 699 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/activityi.html
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (314)
Hash 7b162de68b7b5ec462901018f6e4fb81
037603c296a2f37e31152206ff10b83869277171
023c9ed6a6ca98a7270dbec9d7e16fb05e68d55083273accdb727905da329979
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/activityi.html HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 699
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/saved_resource.html
74.124.217.28200 OK 71 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/saved_resource.html
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (65017)
Hash ae4bcb97fea82ca505435163d9892c6e
04eb6f5515f19b040f4dcf046ec89279507ab3fc
cf287b2299a173aac359d135420df4f61508db3a3e4ccad5e91293b6abc1c02e
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/saved_resource.html HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 71128
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/saved_resource(1).html
74.124.217.28200 OK 728 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/saved_resource(1).html
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (613)
Hash 2d25e1330fef653d1e712d87232dda57
073d496b33393d7096209628d8506e6995e71e8a
7178f45ed9dcc83e6eccf699bd0d58b4918bc7065ecb46da8a2d858a19517cae
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/saved_resource(1).html HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 728
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/volunteers_cars_616x353.jpg
74.124.217.28200 OK 39 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/volunteers_cars_616x353.jpg
IP 74.124.217.28:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 616x353, components 3\012- data
Hash 4e64bce05e75ee62d111a1443979413f
631a78f1492b81b7e6cf339eb10ad6a939295813
4a5b98e86bc37f6a038ad8ce761e17cefe3d7dce918e3d987088fbbc57746b99
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/volunteers_cars_616x353.jpg HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 38692
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/jpeg
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/woman_in_office_616x353.jpg
74.124.217.28200 OK 39 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/woman_in_office_616x353.jpg
IP 74.124.217.28:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 616x353, components 3\012- data
Hash 8c9a4edfc392dfb0f49e6b4f2eb3d6f4
faec222495c4ef7faaf050030ab7901df8273267
5236e41ab67d061a56d0eede8177a04d0c84143d9ffa5496e67ba43d3932699e
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/woman_in_office_616x353.jpg HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 39087
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: image/jpeg
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/wfui.5ca2a1f03b3b260c7b2a.chunk.css
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/wfui.5ca2a1f03b3b260c7b2a.chunk.css
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 6ed801b6b8637cb576e09aa14c9ee74e
df5be3c7ee5d35dd1fa62176cca8680a9b4d924c
f8e6d15d3bed46e951d21d5eed7840f128955185c2150436b729139106c78fcb
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/wfui.5ca2a1f03b3b260c7b2a.chunk.css HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 01:19:53 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: PHPSESSID=7dc0ae91b8789025fc1db1debbf9589e; path=/
wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
104.110.27.78200 OK 9.2 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
IP 104.110.27.78:0
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash cd112f1acb59ef6e59e09c0effd8ce2a
bc104cd92adc32a8f695300d2b0cc69c2776f6af
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c
GET /assets/images/icons/ico/favicon.ico HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon
content-length: 9198
last-modified: Fri, 17 Dec 2021 21:10:38 GMT
etag: "61bcfcce-23ee"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=24905
expires: Sat, 25 Mar 2023 08:14:59 GMT
date: Sat, 25 Mar 2023 01:19:54 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
104.110.27.78200 OK 1.0 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
IP 104.110.27.78:0
File type ISO Media, AVIF Image\012- data
Hash 4febe8c61db195a61e1bf6366a2dba1e
6b66fc1349bd2d08b0d9046a2f0c33d1b2925534
964596930b998b90463258b346ce36d991a0f28e7054770a1decfff35a9cda0c
GET /assets/images/icons/icon-hires_192x192.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6116f9a6-dcf"
last-modified: Tue, 17 Jan 2023 06:26:40 GMT
server: Akamai Image Manager
content-length: 1012
content-type: image/avif
cache-control: private, no-transform, max-age=1490430
expires: Tue, 11 Apr 2023 07:20:24 GMT
date: Sat, 25 Mar 2023 01:19:54 GMT
X-Firefox-Spdy: h2
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/dc_pre=CKz1uZHw5_0CFcPUcwEdikELHw.html
74.124.217.28200 OK 694 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/dc_pre=CKz1uZHw5_0CFcPUcwEdikELHw.html
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (306)
Hash 335e80c32ebe22decce415ec00332910
f69d62a2f129baa1bf2bd61d58d102fa25986a57
200d7943bfe36e073f6226e3092150fe71bc1e1c39b5f9b85b164e5bff8934a0
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/dc_pre=CKz1uZHw5_0CFcPUcwEdikELHw.html HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Cookie: _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 694
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ay6u(1)
74.124.217.28200 OK 120 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ay6u(1)
IP 74.124.217.28:0
File type ASCII text, with no line terminators
Hash ddc2a6334c4a739543e4ff59e468dd60
f23c3183bd728510be4c983242c19724cc6320af
973d4f770014280b8f7860542563afa477f89b8990b2e9261122255892f3ae7d
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ay6u(1) HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/saved_resource.html
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0; utag_main=v_id:01871659ed8400178867f50132c100050003b00900918$_sn:1$_se:1$_ss:1$_st:1679709004997$ses_id:1679707204997%3Bexp-session$_pn:1%3Bexp-session; PHPSESSID=a89790498814855bcb6ac32c8a026e62
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 120
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/dc_pre=CKz1uZHw5_0CFcPUcwEdikELHw(1).html
74.124.217.28200 OK 572 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/dc_pre=CKz1uZHw5_0CFcPUcwEdikELHw(1).html
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (309)
Hash d2048011403a2e92d200ebb584aaaf6a
d4acd7d948715b9c88007436d7f07e5602fe11b6
7e5fb8a7df4b90bb3312a60777abd009dfd37416496de07de332fc8a29b1c5db
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/dc_pre=CKz1uZHw5_0CFcPUcwEdikELHw(1).html HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Cookie: _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 572
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/4DFM
74.124.217.28200 OK 189 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/4DFM
IP 74.124.217.28:0
Size 189 kB (189086 bytes)
Hash 6fc31419caed24a8f72b99ed2c9457a8
0bd02dc5a12fe97a41a5bd040ee33995d8e1e088
f48b4a7088d3d7c820aed240ca677012df229b53c8070d91cf16f93aca936d3b
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/4DFM HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/saved_resource.html
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0; utag_main=v_id:01871659ed8400178867f50132c100050003b00900918$_sn:1$_se:1$_ss:1$_st:1679709004997$ses_id:1679707204997%3Bexp-session$_pn:1%3Bexp-session; PHPSESSID=a89790498814855bcb6ac32c8a026e62
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 189086
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
23.36.79.26200 OK 16 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
IP 23.36.79.26:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (599)
Hash 18a9dcc7cee831010cf1647c8e39088a
731f39c30835414c6e165dd4687bf4071fe0eb10
1dc439a17ef08f995584c4869ccc397120b2502b57ba40240887df28e347be9b
GET /assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 Mar 2021 23:46:24 GMT
Vary: Accept-Encoding
ETag: W/"60401fd0-bbed"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15970
Date: Sat, 25 Mar 2023 01:19:54 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=awGV97DA+P5G84yGYACa1A%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
95.101.10.106200 OK 45 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
IP 95.101.10.106:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sat, 25 Mar 2023 01:19:54 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=q+mevlr5x3MLx7ZSoboK5A%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
23.36.79.26200 OK 14 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP 23.36.79.26:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (32088), with CRLF line terminators
Hash 3aebe41731e9656c48b87e8e8b2d1177
43369d1732f4ad8a5e7a1e9a3e133d96945afe02
6cf0cd136cefa8b4cce2da6ead22c33b83af4af3e87d7e4e9589b60f6ce4e395
GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Sat, 25 Mar 2023 01:19:54 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=PmSF7GFkOdLK6lhZvbESMQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
23.36.79.34200 OK 570 B URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
IP 23.36.79.34:0
ASN #20940 Akamai International B.V.
Hash 7af42886cbcf150f5f025fe73d898a46
9c1750811a061fb0b294bf2161fba564b3c536c7
1e06e8784cc014d631eb50c253ec3c6d7c1bdba9db7b91eb58cd693f4df65591
GET /accounts/static/7M/accounts/short/accounts-cache.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Fri, 17 Feb 2023 18:07:52 GMT
Vary: Accept-Encoding
ETag: W/"63efc278-497"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 570
Date: Sat, 25 Mar 2023 01:19:54 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=Aa2%2fLgpDHOsUsWZPnEyEP0Rzdl+51fEMFEZQmAYNQBTQKt25Xqd3f3wF9g%2fzB1mY; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 25 Mar 2023 01:34:54 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb?d=ZW5jZEBSZEoxaE1ZZWxBaDFDK28ySVkrQWxTWE9LUWpyb0RiektnOXVITkljSDA1QVFoREgyZDFHcVVhN1B2OWpsUklqblZubmxHaVcxY2dtSmJXWEgyempEMmRDa1V6ZVUvbHZIM2VSdnlTV2VVRUF2MlU0K1gvNUJPY0tlSi85VjhIdThXM0ZjNzNYbHZZSnVYTzlNL0loQVZmL1JJcUovVVRpbmhYdWFZZ1Fjc2NOWU5KVzdRRzY2QjY4RXhBRlMvckc3a0VPWGdya3RBTUQyNzh3Qk5tWGdHTklDeE5qVHVFTkIvUGpHYkhaVWFwb2wvRlhYVzV4SEszMmlGQVQrVmFmYjRHQk44dzFNdXhvY1Z6NzU5SG0vR3o5cHIydGZDbHZKQ1BEektwaitHVGVhTmpPM1d5Q3wwNWM5ZjU3NzI4NTI5YmYwNTJlNDQyOTE0YjY3Zjg5NDU0MGUxYzA1NWUyYmRjYjM5NWM0MWJmMGM3YTNmNjNjNDk2MDhlMjFkNjJiYjU2MGE5MzViYjFmMGM5NzZjZDBmYjY3Y2Q1Y2ViODVjYTk4NzVlNjI4MGUzZDNmNzA1YjEwNGJhYzRjNTNlNzA3MDFjZDQyN2E4NWVkZWQwZDYyZTJiN2M5MWQ0NTkxMjI1ZmYzMzIwZjYyM2FhOGUxMTNkNmYyYTFjZmQ2MjI4MTI0MzBjNmJjODdlOWFiZmI3M2M4NWE3ZTA1OWQ3NDE2YmUxZGQzMDNkZjM3NTgwZDU1OTY1MzY0ZjUyODE1NTk3YzhkMWUzYzdmOGE0MWM4ZjcxOTY1OGQzMTU2OTQzMDJkNjI4Y2Q3MGQxNWZkZDVhMzIyYzg1OWQ3ZTAxN2M3N2UxZDkyNzI4MDY2MzRjMWQ4OWExYWM4MjQ1ZWM4NWM1ZjlmMDI1MWMwMjY1YmY1MjAzNWY0YWQ4YTMzYmRmMzBiMjA2OGQ0Njg0YjEwM2FjM2VjNTZhNWZjOGQyOWE2MTZiMjkzMGYzOGNkNzRhMGRjZDdmYWQzN2Q3OTFiNWU0ZWFkZTgyM2ViODU5YzIxMTA1YmY5MjYyMTE5YWU5ZWQyZjdlYjk5Mzc4OWQ0N2JiMHwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fgmdva.org&t=jsonp&c=kdqfmmzeazgfsgxc&eu=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F
74.124.217.28200 OK 131 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb?d=ZW5jZEBSZEoxaE1ZZWxBaDFDK28ySVkrQWxTWE9LUWpyb0RiektnOXVITkljSDA1QVFoREgyZDFHcVVhN1B2OWpsUklqblZubmxHaVcxY2dtSmJXWEgyempEMmRDa1V6ZVUvbHZIM2VSdnlTV2VVRUF2MlU0K1gvNUJPY0tlSi85VjhIdThXM0ZjNzNYbHZZSnVYTzlNL0loQVZmL1JJcUovVVRpbmhYdWFZZ1Fjc2NOWU5KVzdRRzY2QjY4RXhBRlMvckc3a0VPWGdya3RBTUQyNzh3Qk5tWGdHTklDeE5qVHVFTkIvUGpHYkhaVWFwb2wvRlhYVzV4SEszMmlGQVQrVmFmYjRHQk44dzFNdXhvY1Z6NzU5SG0vR3o5cHIydGZDbHZKQ1BEektwaitHVGVhTmpPM1d5Q3wwNWM5ZjU3NzI4NTI5YmYwNTJlNDQyOTE0YjY3Zjg5NDU0MGUxYzA1NWUyYmRjYjM5NWM0MWJmMGM3YTNmNjNjNDk2MDhlMjFkNjJiYjU2MGE5MzViYjFmMGM5NzZjZDBmYjY3Y2Q1Y2ViODVjYTk4NzVlNjI4MGUzZDNmNzA1YjEwNGJhYzRjNTNlNzA3MDFjZDQyN2E4NWVkZWQwZDYyZTJiN2M5MWQ0NTkxMjI1ZmYzMzIwZjYyM2FhOGUxMTNkNmYyYTFjZmQ2MjI4MTI0MzBjNmJjODdlOWFiZmI3M2M4NWE3ZTA1OWQ3NDE2YmUxZGQzMDNkZjM3NTgwZDU1OTY1MzY0ZjUyODE1NTk3YzhkMWUzYzdmOGE0MWM4ZjcxOTY1OGQzMTU2OTQzMDJkNjI4Y2Q3MGQxNWZkZDVhMzIyYzg1OWQ3ZTAxN2M3N2UxZDkyNzI4MDY2MzRjMWQ4OWExYWM4MjQ1ZWM4NWM1ZjlmMDI1MWMwMjY1YmY1MjAzNWY0YWQ4YTMzYmRmMzBiMjA2OGQ0Njg0YjEwM2FjM2VjNTZhNWZjOGQyOWE2MTZiMjkzMGYzOGNkNzRhMGRjZDdmYWQzN2Q3OTFiNWU0ZWFkZTgyM2ViODU5YzIxMTA1YmY5MjYyMTE5YWU5ZWQyZjdlYjk5Mzc4OWQ0N2JiMHwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fgmdva.org&t=jsonp&c=kdqfmmzeazgfsgxc&eu=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F
IP 74.124.217.28:0
File type ASCII text, with no line terminators
Hash abf8096f6003159b63cf71b5429f90ca
fb5ea6ba375ff149caa78dc1267af83ded68d3db
30f0e4411f2d7e707c05bbb0ca31dcdc2f8a2cc927eefa4bde7a914b4145aa0b
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb?d=ZW5jZEBSZEoxaE1ZZWxBaDFDK28ySVkrQWxTWE9LUWpyb0RiektnOXVITkljSDA1QVFoREgyZDFHcVVhN1B2OWpsUklqblZubmxHaVcxY2dtSmJXWEgyempEMmRDa1V6ZVUvbHZIM2VSdnlTV2VVRUF2MlU0K1gvNUJPY0tlSi85VjhIdThXM0ZjNzNYbHZZSnVYTzlNL0loQVZmL1JJcUovVVRpbmhYdWFZZ1Fjc2NOWU5KVzdRRzY2QjY4RXhBRlMvckc3a0VPWGdya3RBTUQyNzh3Qk5tWGdHTklDeE5qVHVFTkIvUGpHYkhaVWFwb2wvRlhYVzV4SEszMmlGQVQrVmFmYjRHQk44dzFNdXhvY1Z6NzU5SG0vR3o5cHIydGZDbHZKQ1BEektwaitHVGVhTmpPM1d5Q3wwNWM5ZjU3NzI4NTI5YmYwNTJlNDQyOTE0YjY3Zjg5NDU0MGUxYzA1NWUyYmRjYjM5NWM0MWJmMGM3YTNmNjNjNDk2MDhlMjFkNjJiYjU2MGE5MzViYjFmMGM5NzZjZDBmYjY3Y2Q1Y2ViODVjYTk4NzVlNjI4MGUzZDNmNzA1YjEwNGJhYzRjNTNlNzA3MDFjZDQyN2E4NWVkZWQwZDYyZTJiN2M5MWQ0NTkxMjI1ZmYzMzIwZjYyM2FhOGUxMTNkNmYyYTFjZmQ2MjI4MTI0MzBjNmJjODdlOWFiZmI3M2M4NWE3ZTA1OWQ3NDE2YmUxZGQzMDNkZjM3NTgwZDU1OTY1MzY0ZjUyODE1NTk3YzhkMWUzYzdmOGE0MWM4ZjcxOTY1OGQzMTU2OTQzMDJkNjI4Y2Q3MGQxNWZkZDVhMzIyYzg1OWQ3ZTAxN2M3N2UxZDkyNzI4MDY2MzRjMWQ4OWExYWM4MjQ1ZWM4NWM1ZjlmMDI1MWMwMjY1YmY1MjAzNWY0YWQ4YTMzYmRmMzBiMjA2OGQ0Njg0YjEwM2FjM2VjNTZhNWZjOGQyOWE2MTZiMjkzMGYzOGNkNzRhMGRjZDdmYWQzN2Q3OTFiNWU0ZWFkZTgyM2ViODU5YzIxMTA1YmY5MjYyMTE5YWU5ZWQyZjdlYjk5Mzc4OWQ0N2JiMHwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fgmdva.org&t=jsonp&c=kdqfmmzeazgfsgxc&eu=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0; utag_main=v_id:01871659ed8400178867f50132c100050003b00900918$_sn:1$_se:1$_ss:1$_st:1679709004997$ses_id:1679707204997%3Bexp-session$_pn:1%3Bexp-session; PHPSESSID=7dc0ae91b8789025fc1db1debbf9589e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 131
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5%3A0&_cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6&pv=2&f_cls_s=true
23.36.79.18200 OK 1.2 kB URL HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5%3A0&_cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6&pv=2&f_cls_s=true
IP 23.36.79.18:0
ASN #20940 Akamai International B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (5109), with no line terminators
Hash 9ef2c568262eabbe4bdc118683994e30
d2f31821eebe83feadf000c504a51e27a9f74b1d
7f287b14f066e910734367ca446d36ead2f381ec577fbc107e68008ca73e520b
GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5%3A0&_cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://gmdva.org
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1189
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sat, 25 Mar 2023 01:19:54 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=de760e43; Secure; SameSite=None;HttpOnly;Secure
_cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0; Secure; SameSite=None;HttpOnly;Secure
_cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!8LJZ1NPDXOFtjCvpnNE5eVRfS7HzYwHcm8tPlXIVr29ljiThK5Rl2n87fdFWAgcs752Jp7PVV5O+pg==; path=/; Httponly; Secure
DCID=EFOUFj6BDe0PpkHVFgVHjoLsVbzYsnT7lMTYMNcAfXoFPvzb5h3eqlrnb1NPWjBl; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sat, 25 Mar 2023 01:34:54 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
23.36.79.34200 OK 150 kB URL HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP 23.36.79.34:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Size 150 kB (150482 bytes)
Hash 4476d35aaa643ab9019c2d8c56081b4d
daf825f96570553cb151b2bf0225e9f1cf456581
5b80033a78a1713328f276ed883b06663f0db870fe2483de7940a5f133283042
GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"6410ff94-1854"
Last-Modified: Tue, 14 Mar 2023 23:13:24 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Sat, 25 Mar 2023 01:19:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=AznFWRaHAQAAHGg4PrgDasTaYC9d-l_4M0psB7k0iBCM38lXlxBZr4CTvHBZAVtaKpqcuDv8wH8AAEB3AAAAAA|1|0|c42b64a95e9c5745e5693ed223ad2248899e5133; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=2U%2fsQC4mCIdLV71WalzU3i4MPDVmRE9EHtDWA9PnP2lUneLVks2b50arLSfp0Yju; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 25 Mar 2023 01:34:54 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 1eafb93b43a0c15aa0a5ec304be9a85c
be7e23035630e505954b9a0b907aa0628afc180c
37ccfa43119516e76649a5d67257337ca71aeab9b854fd4fce13e271ae3ac1d8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5088
Cache-Control: max-age=105115
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 01:19:54 GMT
Etag: "641d2ff5-1d7"
Expires: Sun, 26 Mar 2023 06:31:49 GMT
Last-Modified: Fri, 24 Mar 2023 05:07:01 GMT
Server: ECAcc (ska/F6D2)
X-Cache: HIT
Content-Length: 471
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 8ed3047ee91d173a374a1a85ae52a7a8
4b6029b31d616b6ce4510bbebfa3d19727830cb4
97397600ff0e83eabe0185e5d326aa997f8cec6ea2ae7d0af7d08015b11a6c4e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:54 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 23 Mar 2023 08:38:01 GMT
Expires: Thu, 30 Mar 2023 08:38:00 GMT
Etag: "4b6029b31d616b6ce4510bbebfa3d19727830cb4"
Cache-Control: max-age=457685,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ad3540f8865069b-OSL
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1679707206504
34.249.44.119200 OK 318 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1679707206504
IP 34.249.44.119:0
File type JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Hash 5d401ded5e28e8978f1ade238025d6d4
59ccb52aada738b6908ef21648a70409186caaaa
51a9ac3547d90a1626c63d1c9fc8df8d8b4b555dcc91b9d3c317500754d927cb
GET /id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1679707206504 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://gmdva.org
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v046-074cac5f7.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=60706112368306621384052667168029596713; Max-Age=15552000; Expires=Thu, 21 Sep 2023 01:19:54 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: I56VtLeWRGM=
Content-Length: 318
Connection: keep-alive
api.rlcdn.com/api/identity/idl?pid=1317
34.120.133.55451 Unavailable For Legal Reasons 0 B URL HTTP/2 api.rlcdn.com/api/identity/idl?pid=1317
IP 34.120.133.55:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/identity/idl?pid=1317 HTTP/1.1
Host: api.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 451 Unavailable For Legal Reasons
date: Sat, 25 Mar 2023 01:19:54 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
gmdva.org/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 4330e7195a6c6350a59cefd4034bdd8e
ad0f4b1875427d53d4286c9604233a3cc9a183d2
8a3b4ed64565b7ebdbe482f7f9b3698db66023f68aa543fe787aa4996e332dba
Analyzer Verdict Alert fortinet Phishing
POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Content-Type: multipart/form-data; boundary=---------------------------12321925355667301522621113844
Origin: https://gmdva.org
Content-Length: 169
Connection: keep-alive
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0; utag_main=v_id:01871659ed8400178867f50132c100050003b00900918$_sn:1$_se:1$_ss:1$_st:1679709004997$ses_id:1679707204997%3Bexp-session$_pn:1%3Bexp-session; PHPSESSID=7dc0ae91b8789025fc1db1debbf9589e; dti_apg=%7B%22_rt%22%3A%22DQcnSIJAhxvE8CmqgyuChsxhMNe2zyLrsWd7rwGJodQ%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 01:19:54 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 8ed3047ee91d173a374a1a85ae52a7a8
4b6029b31d616b6ce4510bbebfa3d19727830cb4
97397600ff0e83eabe0185e5d326aa997f8cec6ea2ae7d0af7d08015b11a6c4e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 01:19:55 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 23 Mar 2023 08:38:01 GMT
Expires: Thu, 30 Mar 2023 08:38:00 GMT
Etag: "4b6029b31d616b6ce4510bbebfa3d19727830cb4"
Cache-Control: max-age=457684,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ad3541038aa069b-OSL
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=60669613060901580574049016137408095802&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%011120230319042059961698062%011&ts=1679707206984
34.249.44.119200 OK 320 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=60669613060901580574049016137408095802&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%011120230319042059961698062%011&ts=1679707206984
IP 34.249.44.119:0
File type JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Hash 14ad81c4e27f3d30a490a07609cb25dd
1cdedde57a9cb50305458b412ca5b782837e6531
54a27fb462da98dbfa39c3369ef833d87c1f56351894ce960bd3b5c48daf50e7
GET /id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=60669613060901580574049016137408095802&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%011120230319042059961698062%011&ts=1679707206984 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://gmdva.org
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v046-04e0e9a66.edge-irl1.demdex.com 1 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=88543391190984479532684908121994710825; Max-Age=15552000; Expires=Thu, 21 Sep 2023 01:19:55 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: AAWUZPqdTQE=
Content-Length: 320
Connection: keep-alive
c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
95.101.10.106200 OK 45 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
IP 95.101.10.106:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sat, 25 Mar 2023 01:19:55 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=eh1Oz0DR9X%2feiv698TpHIg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
95.101.10.106200 OK 45 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
IP 95.101.10.106:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sat, 25 Mar 2023 01:19:55 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=VcuQ%2fYjopVkmj2zGEF8UvQ%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
45 kB URL c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
IP :0
File type gzip compressed data, max compression, from Unix\012- data
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
gmdva.org/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&cb=1679707206522&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
74.124.217.28404 Not Found 48 kB URL HTTP/1.1 gmdva.org/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&cb=1679707206522&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 5213936f7bb6d127a4d7126628ba29d6
0eea907b8fb6d3acb7906ea5a414c1269c301c3c
4ceb30ec6abe792cfd43afeb512c00c2809d7d2cb718ff2f247ea2dfa1541c0d
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&cb=1679707206522&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Connection: keep-alive
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0; utag_main=v_id:01871659ed8400178867f50132c100050003b00900918$_sn:1$_se:1$_ss:1$_st:1679709004997$ses_id:1679707204997%3Bexp-session$_pn:1%3Bexp-session; PHPSESSID=7dc0ae91b8789025fc1db1debbf9589e; dti_apg=%7B%22_rt%22%3A%22DQcnSIJAhxvE8CmqgyuChsxhMNe2zyLrsWd7rwGJodQ%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 01:19:54 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
c1.wfinterface.com/tracking/ga/ga.js
95.101.10.106200 OK 20 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/ga.js
IP 95.101.10.106:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (49163)
Hash d76c07f3794667edfb1c8ac0df3aac66
23e1915175dad06223c692b49c7b3c2aad1a5820
e0a246ff71144016a26e53493b8275a3a02b9386c690a169801840072851136b
GET /tracking/ga/ga.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-c025"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 19477
Date: Sat, 25 Mar 2023 01:19:55 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=NgTokG9Fpto9Fwm8XeBWwQ%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1679707206511
52.51.183.68200 OK 315 B URL HTTP/1.1 wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1679707206511
IP 52.51.183.68:0
File type JSON data\012- , ASCII text, with very long lines (587), with no line terminators
Hash 19b25bc76fb98262fe02950eeac22f69
0d9a558550d77ccbd7fa168555bf96494e12c046
af40c1a0eb89073be1c221081daee33b25a89630c27c6c7cedf954cbc6ae0fe6
POST /event?d_dil_ver=9.5&_ts=1679707206511 HTTP/1.1
Host: wellsfargobankna.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 428
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://gmdva.org
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v046-0f6cf9230.edge-irl1.demdex.com 3 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=60706112368306621384052667168029596713; Max-Age=15552000; Expires=Thu, 21 Sep 2023 01:19:55 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: ygS/km8gT5U=
Content-Length: 315
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4355291ec58b85ddde02c2446ecb2bb4
4ad43e10f82193f83e862e8a78f3e46de9490ac4
e32fd5635627751770ee13e8f77b14b2555163cfc2d7db98aa8edb5b4bae4d9a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 01:19:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=1519536481&t=pageview&_s=1&dl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=6GBACUABBAAAAC~&jid=1842994875&gjid=89827389&cid=106456428.1679707207&tid=UA-107148943-1&_gid=1360731929.1679707207&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120230319042059961698062&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=106456428.1679707207&z=2088893027
216.58.207.206200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=1519536481&t=pageview&_s=1&dl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=6GBACUABBAAAAC~&jid=1842994875&gjid=89827389&cid=106456428.1679707207&tid=UA-107148943-1&_gid=1360731929.1679707207&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120230319042059961698062&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=106456428.1679707207&z=2088893027
IP 216.58.207.206:0
File type ASCII text, with no line terminators
Hash cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
POST /j/collect?v=1&_v=j92&aip=1&a=1519536481&t=pageview&_s=1&dl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=6GBACUABBAAAAC~&jid=1842994875&gjid=89827389&cid=106456428.1679707207&tid=UA-107148943-1&_gid=1360731929.1679707207&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120230319042059961698062&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=106456428.1679707207&z=2088893027 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://gmdva.org
date: Sat, 25 Mar 2023 01:19:55 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash fa363658b10afd87af493d2c443e3106
6d1f5da75206662432381be4dd22e72fb3cb968a
f0d0e2a38e51f762415e65b7f49f2acd09b4651b5c111875ff9184a58f0cc8f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 01:19:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gmdva.org/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&cb=1679707206588&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
74.124.217.28404 Not Found 48 kB URL HTTP/1.1 gmdva.org/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&cb=1679707206588&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 80a83c00504a2613dfddbd79aade66a9
4524bc1aa97b12533f9ba9b213b2cdd52d63d30f
1b8dfe8c043744046b88b4f2732020b28be1ee864c43de1d1fbc4b173d8b92a1
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&cb=1679707206588&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Connection: keep-alive
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0; utag_main=v_id:01871659ed8400178867f50132c100050003b00900918$_sn:1$_se:1$_ss:1$_st:1679709004997$ses_id:1679707204997%3Bexp-session$_pn:1%3Bexp-session; PHPSESSID=7dc0ae91b8789025fc1db1debbf9589e; dti_apg=%7B%22_rt%22%3A%22DQcnSIJAhxvE8CmqgyuChsxhMNe2zyLrsWd7rwGJodQ%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 01:19:54 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
2549153.fls.doubleclick.net/activityi;src=2549153;type=allv40;cat=all_a00;ord=3930774100987;gtm=2od8g0;auiddc=207799331.1679707207;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F?
142.250.74.38200 OK 314 B URL HTTP/2 2549153.fls.doubleclick.net/activityi;src=2549153;type=allv40;cat=all_a00;ord=3930774100987;gtm=2od8g0;auiddc=207799331.1679707207;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F?
IP 142.250.74.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (555), with no line terminators
Hash d9c396a738ede39ce51a56ea6487de85
8ec475ce51ce1778de0bb0c28fd9ccb53b062bc6
b8c0956b6c9b6ec146014305ff8ec981d5c584bdeadf974307418f7461b56bcf
GET /activityi;src=2549153;type=allv40;cat=all_a00;ord=3930774100987;gtm=2od8g0;auiddc=207799331.1679707207;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F? HTTP/1.1
Host: 2549153.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 25 Mar 2023 01:19:55 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 314
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 25-Mar-2023 01:34:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4355291ec58b85ddde02c2446ecb2bb4
4ad43e10f82193f83e862e8a78f3e46de9490ac4
e32fd5635627751770ee13e8f77b14b2555163cfc2d7db98aa8edb5b4bae4d9a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 01:19:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash fa363658b10afd87af493d2c443e3106
6d1f5da75206662432381be4dd22e72fb3cb968a
f0d0e2a38e51f762415e65b7f49f2acd09b4651b5c111875ff9184a58f0cc8f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 01:19:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 24e5e7ec3507bcc60836a8798d125e32
f4db4ea71f3844ef76959f285c07789fb9cf70f8
92f002fbc1fe394f8d298e32c6f4b1d23de4e71585ea4c8fa809f609cb86ff77
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5214
Cache-Control: max-age=142304
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 01:19:55 GMT
Etag: "641dc0bd-1d7"
Expires: Sun, 26 Mar 2023 16:51:39 GMT
Last-Modified: Fri, 24 Mar 2023 15:24:45 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 471
c1.wfinterface.com/tracking/ga/ga_conversion_async.js
95.101.10.106200 OK 14 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/ga_conversion_async.js
IP 95.101.10.106:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (35846)
Hash 42c817a7b5f9583b2bc70f742dc950c9
ff75711716f8605860abe551b0235f7194e4348e
881b430ac699f32b3b5234582494d1f4fc0d22be1e6ac797847d66bc5ebc250f
GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Sat, 25 Mar 2023 01:19:55 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=hRLVEFxkyNUKCFrblxogAg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash eef4409d0ad90e2899e538028bd3fa76
2d6edd13cbd2d201ef921fc33c053aec8f8b740c
61eef3a534769ac291c82d37206b392dea96af36a38e9d7da4cf0fb2d5d2342d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 01:19:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=106456428.1679707207&jid=1842994875&gjid=89827389&_gid=1360731929.1679707207&_u=6GBACUAABAAAAC~&z=965977933
209.85.233.154200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=106456428.1679707207&jid=1842994875&gjid=89827389&_gid=1360731929.1679707207&_u=6GBACUAABAAAAC~&z=965977933
IP 209.85.233.154:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=106456428.1679707207&jid=1842994875&gjid=89827389&_gid=1360731929.1679707207&_u=6GBACUAABAAAAC~&z=965977933 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://gmdva.org
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 25 Mar 2023 01:19:55 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash eef4409d0ad90e2899e538028bd3fa76
2d6edd13cbd2d201ef921fc33c053aec8f8b740c
61eef3a534769ac291c82d37206b392dea96af36a38e9d7da4cf0fb2d5d2342d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 01:19:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
c1.wfinterface.com/tracking/gb/detector-dom.min.js
95.101.10.106200 OK 471 B URL HTTP/1.1 c1.wfinterface.com/tracking/gb/detector-dom.min.js
IP 95.101.10.106:0
ASN #20940 Akamai International B.V.
Hash f0f306ea49f1bd3f358f7579513e7377
c2845c696f6685a211bc040895d28ebf23fa1bc0
cda7588d5040ef3c8e83955838618a0ed0a6ee242d24abf5af697b2289fc8bdb
GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:03:51 GMT
Vary: Accept-Encoding
ETag: W/"632cbfa7-6b8d3"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 131829
Date: Sat, 25 Mar 2023 01:19:54 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=r9l5UBAIAi6ykkaWuJLuEQ%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
adservice.google.com/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=3930774100987;gtm=2od8g0;auiddc=207799331.1679707207;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F
142.250.74.162200 OK 313 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=3930774100987;gtm=2od8g0;auiddc=207799331.1679707207;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F
IP 142.250.74.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (554), with no line terminators
Hash d8f99cb1a5b431c7ee32e15152542970
8c78bd4faa982936aeb38a8254a73001a47c9feb
50de4fa31da506a2637e1875b0a8fe71a269b472ae94f26f767fc4a28172e3ed
GET /ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=3930774100987;gtm=2od8g0;auiddc=207799331.1679707207;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2549153.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 25 Mar 2023 01:19:55 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 313
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f0f306ea49f1bd3f358f7579513e7377
c2845c696f6685a211bc040895d28ebf23fa1bc0
cda7588d5040ef3c8e83955838618a0ed0a6ee242d24abf5af697b2289fc8bdb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 01:19:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0&_cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6&pid=35c58ad3-ad5a-49aa-8c69-9fd1b5da03fc&sn=1&cfg&pv=2&aid=
23.36.79.18200 OK 1.2 kB URL HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0&_cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6&pid=35c58ad3-ad5a-49aa-8c69-9fd1b5da03fc&sn=1&cfg&pv=2&aid=
IP 23.36.79.18:0
ASN #20940 Akamai International B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (5109), with no line terminators
Hash 9ef2c568262eabbe4bdc118683994e30
d2f31821eebe83feadf000c504a51e27a9f74b1d
7f287b14f066e910734367ca446d36ead2f381ec577fbc107e68008ca73e520b
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0&_cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6&pid=35c58ad3-ad5a-49aa-8c69-9fd1b5da03fc&sn=1&cfg&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 11113
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Cookie: _cls_cfgver=de760e43; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://gmdva.org
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1189
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sat, 25 Mar 2023 01:19:55 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=de760e43; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!lycHUHYjrRXUxEbpnNE5eVRfS7HzYzC87XRDbrOxhL+xhSmbyDAGWd+q9i/K82ERvSHoxSDy9Ef47w==; path=/; Httponly; Secure
DCID=r0GgN00qp6%2f%2fPrkfAQpPXUisPPm8ySma1k5U3y7vAIiwrPc2LFek4Hvwomam+dVr; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sat, 25 Mar 2023 01:34:55 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
54.71.98.196200 OK 498 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP 54.71.98.196:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 868d3e781fc724888a59c482e45ef76e
c3e4021f387eff5dd30908c1b15c809e2620edcb
2f74f3e77d59ed2929fa882fd4459af1bb064d400be5be4125304c5151050745
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 01:19:55 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=3930774100987;gtm=2od8g0;auiddc=207799331.1679707207;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F
172.217.21.162200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=3930774100987;gtm=2od8g0;auiddc=207799331.1679707207;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F
IP 172.217.21.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=3930774100987;gtm=2od8g0;auiddc=207799331.1679707207;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 25 Mar 2023 01:19:55 GMT
expires: Sat, 25 Mar 2023 01:19:55 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 248b003a4a6dda3d2c481cfd45e49176
ae6e1dbc704dbe302549888e545689eb88e83bb9
14df223924711cca8488c64942b656023cb6e69cb83863ccd0f9cdb8ac4682fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 01:19:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/runtime.05a69a13044cc6fc4087.js
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/runtime.05a69a13044cc6fc4087.js
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 7848a7e45a41cccd0a551731c7ffb43d
16b2c5794f8a45f83ce71cdc3cfa5d17ec310b92
e855a24ffce185742f87f022ad3f201f4258e55833ff49575cae6893ff7f5030
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/runtime.05a69a13044cc6fc4087.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
ADRUM: isAjax:true
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0; utag_main=v_id:01871659ed8400178867f50132c100050003b00900918$_sn:1$_se:1$_ss:1$_st:1679709004997$ses_id:1679707204997%3Bexp-session$_pn:1%3Bexp-session; PHPSESSID=7dc0ae91b8789025fc1db1debbf9589e; dti_apg=%7B%22_rt%22%3A%22DQcnSIJAhxvE8CmqgyuChsxhMNe2zyLrsWd7rwGJodQ%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 01:19:54 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/main.3194ee7aa65e829eeddb.chunk.js
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/main.3194ee7aa65e829eeddb.chunk.js
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 39a7ad40ddaf05d38f5f09b1e4a6adcc
c0ab874ff4ed618607901d189dcf564ecd5eb8b6
ef8b5943a330975b1eef8f5699b3634bb08585a587abd7f435aae25513478ab4
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/main.3194ee7aa65e829eeddb.chunk.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
ADRUM: isAjax:true
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0; utag_main=v_id:01871659ed8400178867f50132c100050003b00900918$_sn:1$_se:1$_ss:1$_st:1679709004997$ses_id:1679707204997%3Bexp-session$_pn:1%3Bexp-session; PHPSESSID=7dc0ae91b8789025fc1db1debbf9589e; dti_apg=%7B%22_rt%22%3A%22DQcnSIJAhxvE8CmqgyuChsxhMNe2zyLrsWd7rwGJodQ%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 01:19:54 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/vendor.3950f3b92beb9b7e513c.chunk.js
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/vendor.3950f3b92beb9b7e513c.chunk.js
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash e2dd283dc51d36f401bae5a4e1fee2d5
7993b26e41edc4454fc8e849990a921e9ab98f76
9f913c87ab7a02b2936fa8e3dc3702afb2223f1b3c483db6fabc6bcbc2d8ad88
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/vendor.3950f3b92beb9b7e513c.chunk.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
ADRUM: isAjax:true
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0; utag_main=v_id:01871659ed8400178867f50132c100050003b00900918$_sn:1$_se:1$_ss:1$_st:1679709004997$ses_id:1679707204997%3Bexp-session$_pn:1%3Bexp-session; PHPSESSID=7dc0ae91b8789025fc1db1debbf9589e; dti_apg=%7B%22_rt%22%3A%22DQcnSIJAhxvE8CmqgyuChsxhMNe2zyLrsWd7rwGJodQ%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 01:19:54 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/wfui.ecd53189d0b6bf69e8f7.chunk.js
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/wfui.ecd53189d0b6bf69e8f7.chunk.js
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 63121b3e2b30a6063aee37b52e5c48b0
c8ae2b06899ccbaaddee5c55fc292df20e13f536
452e3ffe247dae180d92ba422e5f4f1aeef673cd204334fa2e1c045cae2c28fe
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/wfui.ecd53189d0b6bf69e8f7.chunk.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
ADRUM: isAjax:true
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0; utag_main=v_id:01871659ed8400178867f50132c100050003b00900918$_sn:1$_se:1$_ss:1$_st:1679709004997$ses_id:1679707204997%3Bexp-session$_pn:1%3Bexp-session; PHPSESSID=7dc0ae91b8789025fc1db1debbf9589e; dti_apg=%7B%22_rt%22%3A%22DQcnSIJAhxvE8CmqgyuChsxhMNe2zyLrsWd7rwGJodQ%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 01:19:55 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/main.1c37f30deebd44acd482.chunk.css
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/main.1c37f30deebd44acd482.chunk.css
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash ff2ae1ae98f97eb7f5a0d0de6e9f6cd3
928c98d210f72e4b78e5d3173a5eed48a66129ed
a572020c3c7362901c6acdfd0826c4795013647afd32a9f73c5004a7b6509be3
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/main.1c37f30deebd44acd482.chunk.css HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
ADRUM: isAjax:true
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0; utag_main=v_id:01871659ed8400178867f50132c100050003b00900918$_sn:1$_se:1$_ss:1$_st:1679709004997$ses_id:1679707204997%3Bexp-session$_pn:1%3Bexp-session; PHPSESSID=7dc0ae91b8789025fc1db1debbf9589e; dti_apg=%7B%22_rt%22%3A%22DQcnSIJAhxvE8CmqgyuChsxhMNe2zyLrsWd7rwGJodQ%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 01:19:55 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/as/jsLog
74.124.217.28404 Not Found 47 kB IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash e0968f44fff39c3ee5d8b729d8c874c5
559ba988474922f5b1ba0437b634e54073f96ee7
210e1e133ef2d060c932a0704f1b366deca96258c7f2e2a926dc597908172679
Analyzer Verdict Alert fortinet Phishing
POST /as/jsLog HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
ADRUM: isAjax:true
Content-Length: 193
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0; utag_main=v_id:01871659ed8400178867f50132c100050003b00900918$_sn:1$_se:1$_ss:1$_st:1679709004997$ses_id:1679707204997%3Bexp-session$_pn:1%3Bexp-session; PHPSESSID=7dc0ae91b8789025fc1db1debbf9589e; dti_apg=%7B%22_rt%22%3A%22DQcnSIJAhxvE8CmqgyuChsxhMNe2zyLrsWd7rwGJodQ%3D%22%2C%22_s%22%3A%22Rhtof9Uf%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C60669613060901580574049016137408095802%7CMCAAMLH-1680312006%7C6%7CMCAAMB-1679707205%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-982532154%7CMCOPTOUT-1679714406s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 01:19:56 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/wfui.18915ef50d53df2cce93.chunk.css
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/wfui.18915ef50d53df2cce93.chunk.css
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 427cef6dedaff6e978b22a62ba39e927
687dfec40d1c50407211b635a0aabb0f3719201a
e0b4fe99afec90e319b55589727919d83bbf0c56631943bc5d617d2db8052197
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/wfui.18915ef50d53df2cce93.chunk.css HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
ADRUM: isAjax:true
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0; utag_main=v_id:01871659ed8400178867f50132c100050003b00900918$_sn:1$_se:1$_ss:1$_st:1679709004997$ses_id:1679707204997%3Bexp-session$_pn:1%3Bexp-session; PHPSESSID=7dc0ae91b8789025fc1db1debbf9589e; dti_apg=%7B%22_rt%22%3A%22DQcnSIJAhxvE8CmqgyuChsxhMNe2zyLrsWd7rwGJodQ%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 01:19:55 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash e9709c5b359505700458d5e8a9ff2ad8
fddde5b378dba0f5efe406ebc5a1ffeb35ddeeae
1c86ea5bca04e726d60b3868f71151ddbaba02b129e2ea38699d5c03f19b0898
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5690
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 01:19:57 GMT
Last-Modified: Fri, 24 Mar 2023 23:45:07 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9b762efe5751eb25cd26ca67ad6dcf22
661f1247ecc842236957d05747967ec4f20835a2
c51c54e54ffc33cc7643bb0a64da2265f93efaf38838351ec0f2a2fe102efa2e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 01:19:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1679707207530&cv=9&fst=1679707207530&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1
142.250.74.162302 Found 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1679707207530&cv=9&fst=1679707207530&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1
IP 142.250.74.162:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/984436569/?random=1679707207530&cv=9&fst=1679707207530&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 25 Mar 2023 01:19:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-user-list/984436569/?random=1679707207530&cv=9&fst=1679706000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=1422061993&resp=GooglemKTybQhCsO
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 25-Mar-2023 01:34:57 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=106456428.1679707207&jid=1842994875&_u=6GBACUAABAAAAC~&z=1464315527
216.58.207.227200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=106456428.1679707207&jid=1842994875&_u=6GBACUAABAAAAC~&z=1464315527
IP 216.58.207.227:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=106456428.1679707207&jid=1842994875&_u=6GBACUAABAAAAC~&z=1464315527 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 25 Mar 2023 01:19:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Sat, 25 Mar 2023 01:19:57 GMT
X-Firefox-Spdy: h2
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
54.71.98.196200 OK 42 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP 54.71.98.196:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 15758
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 01:19:56 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:18|g:ebf9a332-38a3-4da7-857d-427ed9d48d1b; Path=/; Expires=Sat, 25-Mar-2023 01:20:26 GMT; Max-Age=30
ADRUM_BTa=R:18|g:ebf9a332-38a3-4da7-857d-427ed9d48d1b|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e; Path=/; Expires=Sat, 25-Mar-2023 01:20:26 GMT; Max-Age=30
SameSite=None; Path=/; Expires=Sat, 25-Mar-2023 01:20:26 GMT; Max-Age=30; Secure
ADRUM_BT1=R:18|i:559461; Path=/; Expires=Sat, 25-Mar-2023 01:20:26 GMT; Max-Age=30
ADRUM_BT1=R:18|i:559461|e:6; Path=/; Expires=Sat, 25-Mar-2023 01:20:26 GMT; Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash e9709c5b359505700458d5e8a9ff2ad8
fddde5b378dba0f5efe406ebc5a1ffeb35ddeeae
1c86ea5bca04e726d60b3868f71151ddbaba02b129e2ea38699d5c03f19b0898
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4493
Cache-Control: max-age=98393
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 01:19:57 GMT
Etag: "641d1809-1d7"
Expires: Sun, 26 Mar 2023 04:39:50 GMT
Last-Modified: Fri, 24 Mar 2023 03:24:57 GMT
Server: ECAcc (ska/F6D2)
X-Cache: HIT
Content-Length: 471
www.google.com/pagead/1p-user-list/984436569/?random=1679707207530&cv=9&fst=1679706000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=1422061993&resp=GooglemKTybQhCsO
142.250.74.164302 Found 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/984436569/?random=1679707207530&cv=9&fst=1679706000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=1422061993&resp=GooglemKTybQhCsO
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/984436569/?random=1679707207530&cv=9&fst=1679706000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=1422061993&resp=GooglemKTybQhCsO HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gmdva.org/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 25 Mar 2023 01:19:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-user-list/984436569/?random=1679707207530&cv=9&fst=1679706000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=1422061993&resp=GooglemKTybQhCsO&ipr=y
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
gmdva.org/dti_apg/api/imp/v1.0/report/?m&fq=load
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/dti_apg/api/imp/v1.0/report/?m&fq=load
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 52df8342089aa08c26a009b45ea0db37
158fc60be91ef0a983e52d885769836bd14e2588
4c03f7398a3215edbaba7bae7e8af6461f3b7b1f19137a148188f3626272c655
POST /dti_apg/api/imp/v1.0/report/?m&fq=load HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
content-type: text/plain;charset=UTF-8
Origin: https://gmdva.org
Content-Length: 660
Connection: keep-alive
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0; utag_main=v_id:01871659ed8400178867f50132c100050003b00900918$_sn:1$_se:2$_ss:0$_st:1679709007031$ses_id:1679707204997%3Bexp-session$_pn:1%3Bexp-session; PHPSESSID=7dc0ae91b8789025fc1db1debbf9589e; dti_apg=%7B%22_rt%22%3A%22DQcnSIJAhxvE8CmqgyuChsxhMNe2zyLrsWd7rwGJodQ%3D%22%2C%22_s%22%3A%22Rhtof9Uf%22%2C%22_fr%22%3A10000%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C60669613060901580574049016137408095802%7CMCAAMLH-1680312007%7C6%7CMCAAMB-1680312007%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-982532154%7CMCOPTOUT-1679714407s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _ga=GA1.2.106456428.1679707207; _gid=GA1.2.1360731929.1679707207; _gat_gtag_UA_107148943_1=1; _gcl_au=1.1.207799331.1679707207
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 01:19:56 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/dti_apg/api/dip/v1/dip
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/dti_apg/api/dip/v1/dip
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash b91e626bbccbaedddf035ff941f70161
25c38e11e049dbe9fee1977afb36bb2127043b6e
f84a97e9cc11ab7a6349e7f4701b057f711167ebd405c05dba41edf786003d50
Analyzer Verdict Alert fortinet Phishing
POST /dti_apg/api/dip/v1/dip HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
ADRUM: isAjax:true
Content-Length: 2024
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=b0672e38-8a01-4fce-89b3-8b62ff0fe8f6; _cls_s=475110ec-9e03-486c-84c0-1dff163eb6c5:0; utag_main=v_id:01871659ed8400178867f50132c100050003b00900918$_sn:1$_se:2$_ss:0$_st:1679709007031$ses_id:1679707204997%3Bexp-session$_pn:1%3Bexp-session; PHPSESSID=7dc0ae91b8789025fc1db1debbf9589e; dti_apg=%7B%22_rt%22%3A%22DQcnSIJAhxvE8CmqgyuChsxhMNe2zyLrsWd7rwGJodQ%3D%22%2C%22_s%22%3A%22Rhtof9Uf%22%2C%22_fr%22%3A10000%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C60669613060901580574049016137408095802%7CMCAAMLH-1680312007%7C6%7CMCAAMB-1680312007%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-982532154%7CMCOPTOUT-1679714407s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _ga=GA1.2.106456428.1679707207; _gid=GA1.2.1360731929.1679707207; _gat_gtag_UA_107148943_1=1; _gcl_au=1.1.207799331.1679707207
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 01:19:56 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8