r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5d9435c884bf4a0777fdf4b57079ae09
7f04b9db47ffeec90ac6397416b7553e5336a550
fe77420ec3a11f547cf5172b68d30faa4fe0c13165ae305f0013b02914e61084
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FE77420EC3A11F547CF5172B68D30FAA4FE0C13165AE305F0013B02914E61084"
Last-Modified: Sat, 25 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8718
Expires: Sat, 25 Mar 2023 10:26:08 GMT
Date: Sat, 25 Mar 2023 08:00:50 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dfd491ebe7381221b3674c2c8bf9e566
d2ac5badf17f348c28a52e9db10e6eb80e5a231a
34a026664386054b0b73c36cd1ddfce023551ee41963df0e38248bac1e1eb56c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "34A026664386054B0B73C36CD1DDFCE023551EE41963DF0E38248BAC1E1EB56C"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10762
Expires: Sat, 25 Mar 2023 11:00:12 GMT
Date: Sat, 25 Mar 2023 08:00:50 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Alert, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 25 Mar 2023 07:15:21 GMT
content-type: application/json
age: 2729
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dc2752d83fbed82852248898a132467a
b27a6b4af2e07663a58cafb641513f7224c7a7c3
ea7838393d83805a7b8a2b01bd09e4423617c4da285b983a11e9ba36266810d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EA7838393D83805A7B8A2B01BD09E4423617C4DA285B983A11E9BA36266810D5"
Last-Modified: Wed, 22 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17747
Expires: Sat, 25 Mar 2023 12:56:37 GMT
Date: Sat, 25 Mar 2023 08:00:50 GMT
Connection: keep-alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
301 Moved Permanently 267 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 399d187aefd3b021dccbec7242ab9392
e2ad8a14b9d5ee0cfee7d0f3519d993d0af7a1cd
af14d3679c0b8d3e24d307af3cba807b7fba6f0b793676802627a98d55246375
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/ HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Mar 2023 08:00:50 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Location: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Content-Length: 267
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 8NVwsuYABBgn4Z40HaQhJ2YhTeHYKGTxK2fKpRQECee5YR8N6+njUIFvhMi42wK4FUkGz0UwrMkLOMhotoPmaA==
x-amz-request-id: J1QX5G9JNT7W0RP7
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 25 Mar 2023 07:54:50 GMT
age: 360
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 08:00:50 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 717ebcc65cb1390c2509851bac7b5878
1e04e3058329f3809bc01022d441172dcacc1aaa
3c8d41efe14dc75e001ce50aae65e133d90bcb2e2f86b2426cefe7abe4c7b588
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C8D41EFE14DC75E001CE50AAE65E133D90BCB2E2F86B2426CEFE7ABE4C7B588"
Last-Modified: Fri, 24 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4540
Expires: Sat, 25 Mar 2023 09:16:32 GMT
Date: Sat, 25 Mar 2023 08:00:52 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Retry-After, Content-Length, Alert, Cache-Control, Expires, Content-Type, Backoff, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 25 Mar 2023 07:14:33 GMT
age: 2779
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
200 OK 139 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2504)
Size 139 kB (138769 bytes)
Hash 8436bdd7ed9af3b527fb086ebb2c2a70
16e957b214db61f5de232b0a1faae7a14db48cc8
d494d8a0b806dbb4751a0dd397e684d9f0280e49da81bf1208e92d40d9fd450f
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/ HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:51 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 138769
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: WqddQZEGu+YwsYg1REGz6Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: htyPiKmidYLBpSV2ll70LhlwDJg=
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ec.js.download
200 OK 2.8 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ec.js.download
IP
File type ASCII text, with very long lines (2771)
Hash 0ae62a83927125e9b9dfa97f89af9d3f
efb68f49f2b9b6b5567bf26a17015ede289e429d
618688d9849fef712931832c71e01be145d1791d6da917a702ab86a74ce66089
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ec.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 2797
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ga_conversion_async.js.download
200 OK 36 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ga_conversion_async.js.download
IP
File type ASCII text, with very long lines (35846)
Hash 0a40602db7616a31c9da4548ee920190
878e01cb0c90cb247aabc137327655a6fcffcbd5
6c771bd1c269646a76015f2f6410a40c031e5adea88f665bfe9ae15a972ab6ab
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ga_conversion_async.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 35889
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(1).download
200 OK 117 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(1).download
IP
File type ASCII text, with very long lines (65507), with CRLF line terminators
Size 117 kB (117306 bytes)
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(1).download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 117306
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/nd
200 OK 55 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/nd
IP
File type ASCII text, with very long lines (2293)
Hash 9dbb04566ec754133d5311a6e26f284f
f0423c0cb1db1b547680472e5dd34fb8da7823bf
cc12563d68e186b0aa054336798db0b82e04ecdc8e1688625f477fd57e177678
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/nd HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 54581
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ga.js.download
200 OK 49 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ga.js.download
IP
File type ASCII text, with very long lines (49163)
Hash 8402e9ebdf9290c018b0617018227681
2d840fcd6c3008d9aca747ba0ce056b496db8e1b
0b2af045acafbdf14516bf55f310568036ace959946d16edb1acebcd58029d22
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ga.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 49189
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/adrum-ext.b4436be974de477658d4a93afb752165.js.download
200 OK 48 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/adrum-ext.b4436be974de477658d4a93afb752165.js.download
IP
File type ASCII text, with very long lines (599)
Hash aeccb854b0a76aa9f478e466c8011b29
625d31cbeb8978cf2419f58d14bba92a42dbb45c
7f0d10bc282c3d7b0eb4d7527303490f8d3b86a1c65e293c2d9f0793006441e6
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/adrum-ext.b4436be974de477658d4a93afb752165.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 48109
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(3).download
200 OK 117 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(3).download
IP
File type ASCII text, with very long lines (65507), with CRLF line terminators
Size 117 kB (117306 bytes)
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(3).download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 117306
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js.download
200 OK 117 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js.download
IP
File type ASCII text, with very long lines (65507), with CRLF line terminators
Size 117 kB (117306 bytes)
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 117306
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(2).download
200 OK 117 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(2).download
IP
File type ASCII text, with very long lines (65507), with CRLF line terminators
Size 117 kB (117306 bytes)
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(2).download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:52 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 117306
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/homepage_iaoffer.js.download
200 OK 59 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/homepage_iaoffer.js.download
IP
File type Unicode text, UTF-8 text, with very long lines (33131), with NEL line terminators
Hash 33ec52ff2ee8f8c67af046401cd73e22
f45728e593cde772d9b4c894ddaefb373c847b8b
983ee094a3e2d2587fa6367e8ffb02acdf53ca5d935e70090a91622365d97a83
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/homepage_iaoffer.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 59165
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/glu.js.download
200 OK 70 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/glu.js.download
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash c062b053133a0a3c664a7060ccf0bea3
b31c16628cd43859099b6b68f27917f14539bea1
d7b62768ab921d7145c2cc2d9c7f02051b8fd8e57267887406ecd01a7f9290a3
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/glu.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 69864
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ps-homepage.css
200 OK 173 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ps-homepage.css
IP
File type ASCII text, with very long lines (65536), with no line terminators
Size 173 kB (172639 bytes)
Hash 8afd4293c04671c155f450b4a1ca99e0
47a5f10412c74fb7a2926146505b1038eb4cec00
ef06dad5cf7396d39f44d87d4fc6d036fd54684e33a80db33e88856e204ff7f1
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ps-homepage.css HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 172639
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/detector-dom.min.js.download
200 OK 440 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/detector-dom.min.js.download
IP
File type ASCII text, with very long lines (65434)
Size 440 kB (440531 bytes)
Hash d980391562cb88335867228eb62355e0
ee7af0c08ee43ff66f6bba09c08852f7b3859a42
313c07f6e4facc5730db27563c4aeaad1a86126333d448e47c7b29adb1f806fd
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/detector-dom.min.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 440531
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/general_alt.js(1).download
200 OK 266 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/general_alt.js(1).download
IP
File type ASCII text, with very long lines (65536), with no line terminators
Size 266 kB (266092 bytes)
Hash 836c4fcbb760fe1b0bd5675c777e1bed
0435190d7d75c1023ec2ae31cdfd2579b91ff636
c4b2906db153e138d16deb90857402a37fb2727495d4f138c9ff867e7e17ea5e
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/general_alt.js(1).download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 266092
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/pic.js.download
200 OK 90 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/pic.js.download
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash 4062abb3bfdbb31b4b1895997874f219
2b02354af47c67f7bfdf84a5b4082cbc76cb3324
e09fd8d46b92df6e1b402b0b229af65ff7db0ce6234c5eda354a2986542995fb
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/pic.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 89980
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb
200 OK 131 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb
IP
File type ASCII text, with no line terminators
Hash abf8096f6003159b63cf71b5429f90ca
fb5ea6ba375ff149caa78dc1267af83ded68d3db
30f0e4411f2d7e707c05bbb0ca31dcdc2f8a2cc927eefa4bde7a914b4145aa0b
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 131
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/general_alt.js.download
200 OK 543 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/general_alt.js.download
IP
File type ASCII text, with very long lines (65357)
Size 543 kB (543121 bytes)
Hash 2ebe1f343eef1598263831c72bee5d92
3a9a8ba970e54572bfbb11d12039a52157557e39
e2afa6367d38dde83b3c734b10a6235bf0124d908663db531efbcecaab12e61d
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/general_alt.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 543121
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(1)
200 OK 130 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(1)
IP
File type ASCII text, with no line terminators
Hash 3fecc01579fe22519493132cefca2c9b
529f82b6faa7fbad76af83c019a1e4bb77c1a08d
ca3dade1270fd45c0ff5b4b97e77158383c67e3839690486df9d0de49475c807
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(1) HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 130
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ay6u
200 OK 131 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ay6u
IP
File type ASCII text, with no line terminators
Hash 55c1846dc179144e0a1d6975a2abbe53
d84d956b638321093cfad366439967c39114bf3a
ea11b3203493c08740444421015761fcab21c4bdc1a0f2705383c606b90c0e9d
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ay6u HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 131
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(2)
200 OK 121 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(2)
IP
File type ASCII text, with no line terminators
Hash 98eb97f81982128b173db5baff4dd1fc
12d60092ea61efba2f5000b439275a6392fd2d3e
a027f6b72e494bf913595f0ca8e54072779ed333dcbe80267683aa1c05578147
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(2) HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 121
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(3)
200 OK 120 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(3)
IP
File type ASCII text, with no line terminators
Hash 90979f5917d1b3c9ff5a96d82183d13d
ed8df6786f485b73b02913347b4af8e685420aba
3a80faeb61ad99e2c936d64daede2902d846b35465885ec4eed22b00668e6847
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(3) HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 120
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(4)
200 OK 120 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(4)
IP
File type ASCII text, with no line terminators
Hash 02b7139b6db6ce2d12568e0d38f7c5af
24cdff0854111a321969e11ca97a3afca43d7b1b
16db041a747da62afcfb57354c0a1b6e13b6b946aaf8e09ea23abed13e62c855
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(4) HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 120
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
200 OK 2.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2f9e97870725142046712437d067b97f
bf8db685193835edea05ac95e5671b24e0f49467
50ce7b0d954443e5fd62e3cd003bc7124bda0b30dd58d6a66485c72be96959c0
GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
etag: "61619278-cf3e"
last-modified: Thu, 14 Jul 2022 02:02:39 GMT
server: Akamai Image Manager
content-length: 2340
content-type: image/webp
cache-control: private, no-transform, max-age=1383404
expires: Mon, 10 Apr 2023 08:17:38 GMT
date: Sat, 25 Mar 2023 08:00:54 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
200 OK 49 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP
File type PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Hash 4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39
GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:05:23 GMT
etag: "62d9b183-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=12429419
expires: Wed, 16 Aug 2023 04:37:53 GMT
date: Sat, 25 Mar 2023 08:00:54 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
200 OK 23 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Hash 83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=5970092
expires: Fri, 02 Jun 2023 10:22:26 GMT
date: Sat, 25 Mar 2023 08:00:54 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Hash f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704
GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=5813265
expires: Wed, 31 May 2023 14:48:39 GMT
date: Sat, 25 Mar 2023 08:00:54 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfui-container-bottom.js.download
200 OK 45 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfui-container-bottom.js.download
IP
File type Unicode text, UTF-8 text, with very long lines (45298)
Hash 308e427d5e59a148900bf524ecd5829a
73baa209d84f2d15c88606b28280d2121efd878c
c15cbdeb4d6f20c36afa165203fc74d9ee00c6d77954971b0e1ba2e5ec222b07
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfui-container-bottom.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 45349
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
200 OK 2.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash cd43a2d200f1b8eec84495408eb299f0
2eb173b0af9b49b634e0645a96931f5fdf6e3ab3
659ec8c02bafa9c286c39731fb1d2d382a7a8dd2ee8cc4132146558dbe27b6a8
GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
etag: "61619278-9f2c"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 858
x-check-cacheable: YES
content-length: 2330
content-type: image/webp
cache-control: private, no-transform, max-age=1466391
expires: Tue, 11 Apr 2023 07:20:45 GMT
date: Sat, 25 Mar 2023 08:00:54 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Hash 0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=5970088
expires: Fri, 02 Jun 2023 10:22:22 GMT
date: Sat, 25 Mar 2023 08:00:54 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
200 OK 2.1 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash bf02d082705f06162b2e73f68602e79e
219dbb45081fa5d8663bad2f96e9066e7f17aa6e
10c22e3b130204065c1a61e7995a9defe21f0408801e8b442035a03f8d16ad64
GET /assets/images/homepage/position-3-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
etag: "61619278-7b35"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
x-serial: 416
x-check-cacheable: YES
content-length: 2092
content-type: image/webp
cache-control: private, no-transform, max-age=1466977
expires: Tue, 11 Apr 2023 07:30:31 GMT
date: Sat, 25 Mar 2023 08:00:54 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Hash 1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc
GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=5970077
expires: Fri, 02 Jun 2023 10:22:11 GMT
date: Sat, 25 Mar 2023 08:00:54 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/login-userprefs.min.js.download
200 OK 5.8 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/login-userprefs.min.js.download
IP
File type ASCII text, with very long lines (559)
Hash ee4b346d4f675591688c3f63986e2bf5
659e67d4670028a98f4a99f8a4f7a061c9f36806
ee5f267a50e556878a0645c16ba63e883706aad9f721a0eca27391ace9268be9
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/login-userprefs.min.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 5774
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gTAX0OcTI
200 OK 189 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gTAX0OcTI
IP
Size 189 kB (189086 bytes)
Hash 6fc31419caed24a8f72b99ed2c9457a8
0bd02dc5a12fe97a41a5bd040ee33995d8e1e088
f48b4a7088d3d7c820aed240ca677012df229b53c8070d91cf16f93aca936d3b
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gTAX0OcTI HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 189086
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.download
200 OK 1.2 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.download
IP
Hash 7730890fa6357da237002ed4052a7484
445b584507b5af28a765a89674ca0d4dcd13045f
6bba5cfedba0df5d88b9ce92ff8d023991cf1bff57ade36468f8f5e9ff15214f
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 1175
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ps-homepage.js.download
200 OK 182 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ps-homepage.js.download
IP
File type Unicode text, UTF-8 text, with very long lines (65500), with no line terminators
Size 182 kB (182242 bytes)
Hash 490c7f900c0cb2ac4c2ec112dd40d1fe
6edf6cc5b25e9ba3216f4eed51b5dd2633256fd5
3284462b6d51ca036f6eb7aba842486c4d25ec204c62621f274e5119f95a5264
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ps-homepage.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 182242
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9937
Expires: Sat, 25 Mar 2023 10:46:31 GMT
Date: Sat, 25 Mar 2023 08:00:54 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9937
Expires: Sat, 25 Mar 2023 10:46:31 GMT
Date: Sat, 25 Mar 2023 08:00:54 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9937
Expires: Sat, 25 Mar 2023 10:46:31 GMT
Date: Sat, 25 Mar 2023 08:00:54 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9937
Expires: Sat, 25 Mar 2023 10:46:31 GMT
Date: Sat, 25 Mar 2023 08:00:54 GMT
Connection: keep-alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/adrum-ext.js.download
200 OK 45 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/adrum-ext.js.download
IP
File type ASCII text, with very long lines (32088), with CRLF line terminators
Hash 5f310e2e2a558d76b916e137aee73462
c7ff0190c9c2c414321211f3863e9e27f32b713e
385196f0fce7cea80c2c99d971780ecb73df9dea6e5b2d95d19df3aa849c7b1f
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/adrum-ext.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 45340
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9937
Expires: Sat, 25 Mar 2023 10:46:31 GMT
Date: Sat, 25 Mar 2023 08:00:54 GMT
Connection: keep-alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/utag.js.download
200 OK 206 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/utag.js.download
IP
File type ASCII text, with very long lines (14989)
Size 206 kB (205701 bytes)
Hash 03ad4c4b549ca0f83ee52e8080977ee1
21dd07ccde97b15149b4c1c0132bf6f281c14501
a7dc85dfc2eb3597f713bae049f38092df3509b0dec67a1d264a2d1ece782868
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/utag.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 205701
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6f9abe8-74dc-41f6-984c-4a9e53a6198a.jpeg
200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6f9abe8-74dc-41f6-984c-4a9e53a6198a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dd191e3a122d6e31f81e6e9d434c58d6
aec88022970c93289434f8097e4a663da33e5271
1f00c901ef479637ec703d7924526a970cb13dd2635b2bbb68b285df9d98e011
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6f9abe8-74dc-41f6-984c-4a9e53a6198a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6185
x-amzn-requestid: 223de50b-9a7e-4ac7-9305-336658eec4ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTiwYHoLoAMFXtg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e1802-226bd8524ade75234053ff50;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:37:06 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Ye0ADORg1hFVLxcNVj-qS60tlfguOEtyTx_XFU4ooJOcDHqNsqV3kw==
via: 1.1 3698a5f586d9ecca74d570e41f4c8516.cloudfront.net (CloudFront), 1.1 1ec2938341958d70d56193d709c89dee.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:57:14 GMT
age: 36220
etag: "aec88022970c93289434f8097e4a663da33e5271"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdaf1038f-e1d8-41a0-a039-85a85d278271.jpeg
200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdaf1038f-e1d8-41a0-a039-85a85d278271.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 02e0767e0c72d95e30337ad42f5d15b3
79aa21ca35c9d98ea7d0713d219e9b67083bdc05
7991a0c4d409cca49259cb626d0de39684635f14fad72e074b303235026673a9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdaf1038f-e1d8-41a0-a039-85a85d278271.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6511
x-amzn-requestid: 38d33f4d-2b85-4666-b778-04f4b4dfdf10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTihSFIdIAMFRjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e17a1-036a28e75189d05209396933;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:35:29 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: eYAgUDZFGkaskq0A77VgX54hvvjtQtClrFyED3COkankS76uD7hTAQ==
via: 1.1 53ee82a7eb57de316cba44c26680b4a6.cloudfront.net (CloudFront), 1.1 1ec2938341958d70d56193d709c89dee.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:43:52 GMT
age: 37022
etag: "79aa21ca35c9d98ea7d0713d219e9b67083bdc05"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca67e232-d39a-48ac-a0be-316741df0c53.jpeg
200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca67e232-d39a-48ac-a0be-316741df0c53.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aecd210f66f83c73c3450d047ae7448a
d68861e96e12e8a3f293dbae8b687f05b6e15afb
22b69c41c56e5538d91f824d5dc2e63ab5563f99ae8e429c9166f4b397cacd0e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca67e232-d39a-48ac-a0be-316741df0c53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5296
x-amzn-requestid: 11fdf0c8-244c-4cd5-bfa7-4c77d777174f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTiuzEqkIAMFXOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e17f8-5c241d63598dbf595b54ead5;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:36:56 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: b1KWFmKdRQ4DU0v5JmC7AJatpv2B5FAHKVWL7pFiyh13fqYDA5qydA==
via: 1.1 b5695e36d7fbc522ece27885d73757ae.cloudfront.net (CloudFront), 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:57:13 GMT
age: 36221
etag: "d68861e96e12e8a3f293dbae8b687f05b6e15afb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg
200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c831201ad81f55c63c1b101ce854a810
0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5
c854489720d2ca4a95eef00addda0fcdaf481402d044df7725282654a97eb54a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5556
x-amzn-requestid: 6b050645-14aa-47f7-b4a5-2e27abbe5115
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM69eHE3IAMF0Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b71ef-6ab2948e2bf2578f29798372;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:23:59 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: ZQcPeutl5BzzzysPzWEzrEY8WU-0F-0twvGPT7RAX-UjNOCk3NtmMQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 27a84054de24e45f952ea4056a821764.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 05:35:57 GMT
age: 8697
etag: "0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af2ab94-b5c3-4517-b9d7-97ddb369f62d.jpeg
200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af2ab94-b5c3-4517-b9d7-97ddb369f62d.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5773974a7341690f006b052ad02c94db
1b11316c952e2195da1646dd94671669e7e3bc2b
a06b72138745500cacc919fea29536ebd4188a1c483f6123e3402458e299f16a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af2ab94-b5c3-4517-b9d7-97ddb369f62d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7800
x-amzn-requestid: bad99b1e-3923-4de9-8bea-4dd04e96f7cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTigfFGcIAMFdBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e179c-0826b92d4c4af16553503600;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:35:24 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 9AGLmjvUSTKIsYIWECOR8QwdF4PP1tP1TweUm0VYvxQ0qskqj3YuLA==
via: 1.1 3698a5f586d9ecca74d570e41f4c8516.cloudfront.net (CloudFront), 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:43:53 GMT
age: 37021
etag: "1b11316c952e2195da1646dd94671669e7e3bc2b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee780ea6-5b5e-419f-916d-42d0f5e1912a.jpeg
200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee780ea6-5b5e-419f-916d-42d0f5e1912a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c7950abafdbc9bbc363ac4cd490f864f
d1356ae16dd758eb699eb62402122d4fb2f307c9
7e98a04cefe4e21aafdf261d0e819352c515695cb9250a64e316c0a5cafc143d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee780ea6-5b5e-419f-916d-42d0f5e1912a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9196
x-amzn-requestid: a63eade0-457b-48f3-bfdc-50d4f6a97363
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CK89kGECIAMFdpg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641aa856-5ce23570768e4a753ee47cf5;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 07:03:50 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Z76yj2_GJNtlI2FJQzYffZaBxC9LnaOg0quPYrSSA5LlLfUyDJoZ-g==
via: 1.1 5502255f9557c1e2c098b94110b6151c.cloudfront.net (CloudFront), 1.1 6a6653dfb47ccc5082f2a5b9d0d168ce.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 07:24:43 GMT
age: 2171
etag: "d1356ae16dd758eb699eb62402122d4fb2f307c9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/atadun.js.download
200 OK 1.2 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/atadun.js.download
IP
File type ASCII text, with CRLF line terminators
Hash 566dda94252f1860a7a28665c715b530
6aa0455dc8ea41441b1f3a733985758dc40af736
43dd833f33570535401d009e6b6f9cde54bdac4e210fc6c89cfdcfcbaa9fc903
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/atadun.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 1184
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wf_logo_220x23.png
200 OK 2.5 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wf_logo_220x23.png
IP
File type PNG image data, 220 x 23, 8-bit gray+alpha, non-interlaced\012- data
Hash dc1968433c75a52613cce778e0dae0da
af08ab767909b9c9462d821e6384e2b1f1698e72
10c1acb80b088029eab596925f58565e025206d10ef1edded0bf055dac884bbf
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wf_logo_220x23.png HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 2503
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi_ph_active-cash-card_1700x700.jpg
200 OK 12 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi_ph_active-cash-card_1700x700.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x423, components 3\012- data
Hash f4c1f0d1e32dea5834616dc9bf364db0
423727930c2e618746c02434d200c06d84b8ea2d
da7f561e57ebdb7cdea377180e6ba8d6186e7df83b3f4caeb10814d25d3498c3
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi_ph_active-cash-card_1700x700.jpg HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 11695
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_bc_7207608_collegesponsorship_bball_1600x700.jpg
200 OK 133 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_bc_7207608_collegesponsorship_bball_1600x700.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x502, components 3\012- data
Size 133 kB (132626 bytes)
Hash fd590ed393d8c2b12418ab2d348c01e3
83b7941d360c84063c075b503d079b79b46ef1fe
8d9e9914bddfb437538d710ce9c4e01ce0bc8ed7bcb951f23cfac146c8f579da
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_bc_7207608_collegesponsorship_bball_1600x700.jpg HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 132626
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/jpeg
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_900217040_616x353.jpg
200 OK 54 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_900217040_616x353.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 616x353, components 3\012- data
Hash 6d5ec1b65b44ea65384de2fe5bfe025d
5222ed5b82c15fba9d23f9cd3c27928ea69c60e1
7039ff515b881f9ab331dcbc26420d112730e05b8da6e73a0261f4d8de2cbe23
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_900217040_616x353.jpg HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 54091
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/jpeg
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_1200094303_616x353.jpg
200 OK 46 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_1200094303_616x353.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 616x353, components 3\012- data
Hash dcf7437b7a206b67e8a55258ceea28ae
88e53c53f0878df1b91a66feaaa14fd8fae4af48
360a07438b52ee265a76b81e252fa33b85d462168d6998b6e35df8df2899e9d3
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_1200094303_616x353.jpg HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 46359
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/jpeg
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_482407060_616x353.jpg
200 OK 51 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_482407060_616x353.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 616x353, components 3\012- data
Hash 5d32e05b0a91f8297175a874253142e0
f9f58624dc5ddf5f9f1bb0bd4d9d818ffd8e4dd4
b30be25d8117203acbc8cdc89a1e09e933cdf301490df1c891277b3d536ec902
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_482407060_616x353.jpg HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 51143
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/jpeg
gmdva.org/target/offers/conversations
404 Not Found 47 kB URL HTTP/1.1 gmdva.org/target/offers/conversations
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 89beaddf82da0c46c97135e88376bf30
c9e20084f413e22b6eeefe963ae081fd3e423759
6bf6e3bb7290a6461898285a9cfec11af18951e049780900fe4a5c9e43344e3c
Analyzer Verdict Alert fortinet Phishing
POST /target/offers/conversations HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 105
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: PHPSESSID=f17f198b59378dbc4609de0632f1d062; path=/
wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Native_App_Phone_Personal_v8.png
200 OK 39 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Native_App_Phone_Personal_v8.png
IP
File type PNG image data, 319 x 635, 8-bit/color RGBA, non-interlaced\012- data
Hash e6122beaf9ffcf6becada3bb5ded2dd3
1174ae5f3f04d5de450604f80b5133dfd2262bde
60673c8ca8bb7ceffcfb9148e5d5ceaa0ff23d6a18610fb4c910674f02450ed7
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Native_App_Phone_Personal_v8.png HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 38953
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ic_b_cash-stack_color-gradient_64x64.png
200 OK 2.1 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ic_b_cash-stack_color-gradient_64x64.png
IP
File type PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Hash b4f7871f036398988efb0a550cb67d27
d39cf385293d268c6d83e446398004dd7ade3d34
4ef26e2996754aa57a19bb8ba0f2bc8cb1875979e78ebf59254f52ad095260c6
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ic_b_cash-stack_color-gradient_64x64.png HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 2088
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
200 OK 2.4 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
IP
File type PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Hash 108adcb1bb504da50a6303a9c06125c7
2237780057264fc5857b025761a647056eb8fc94
4048603185d494ac282f68ff94b0e3cc89a85a074bd2f4e0209c3a059a409430
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ic_b_graduation-hat_color-gradient_64x64.png HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 2372
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/first_time_experience-account_summary.png
200 OK 4.7 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/first_time_experience-account_summary.png
IP
File type PNG image data, 148 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 4d6e0a7c2af1820aac3c2a9b4e194cf1
47f2af01b5befb347c468fe69af363eb8ee6338c
d92f4c64ac8ad6de5cdb01e0a3c9e6267d2b88b93b6509eb1cd7084ba2382548
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/first_time_experience-account_summary.png HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 4705
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: image/png
ocsp.digicert.com/
200 OK 471 B IP
Hash 9659cae81d193ae22211beedfd4f8d5a
7cf76f23cbc6b9bccc8623834bdc150e18c67bbb
6e74e7101f830de3cc4951f21e6d2356a10952892695a719d827d9718f495e7c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5767
Cache-Control: max-age=87162
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 08:00:54 GMT
Etag: "641d4529-1d7"
Expires: Sun, 26 Mar 2023 08:13:36 GMT
Last-Modified: Fri, 24 Mar 2023 06:37:29 GMT
Server: ECAcc (ska/F6D2)
X-Cache: HIT
Content-Length: 471
c1.wfinterface.com/tracking/hp/utag.js
200 OK 55 kB URL HTTP/1.1 c1.wfinterface.com/tracking/hp/utag.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (14989)
Hash 325fd5c1e9f3b04b500aa0a5214d9219
8adc6878a065c03ca375c03e509b1124e2d737db
a55e9e2d4fd5dbf0eb3a9437ce9fc2bcdd94e12693be87fcc0546aff39c4be98
GET /tracking/hp/utag.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Mon, 13 Feb 2023 21:04:14 GMT
Vary: Accept-Encoding
ETag: W/"63eaa5ce-32385"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 54869
Date: Sat, 25 Mar 2023 08:00:54 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=+4gL+1zjTu%2fYzK5+KXu6tg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Active-Cash-Card-79x50.png
200 OK 6.4 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Active-Cash-Card-79x50.png
IP
File type PNG image data, 79 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash ee610744aee59ec31b71e19e1ad6eaa7
448bc52e590983865deb19284b11137143776313
71ce94686e21c4bf0a70ea0ebdd3619425b12ca9f35d6fd2f7b1bfe0fc1f152c
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Active-Cash-Card-79x50.png HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 6434
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/png
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wf_autograph_card_79x50.jpg
200 OK 1.2 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wf_autograph_card_79x50.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 79x50, components 3\012- data
Hash 25e24347fda1a96d98a2f6bda9911747
ba4cbe1dc2710398d4bb3ab2f10fe5ed6f320220
797e2e1262decaaeaf403ce2d1d4634dccdbb7d130d7c0c1115c1d1c4187ba39
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wf_autograph_card_79x50.jpg HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 1249
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/jpeg
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Reflect-Card-79x50.png
200 OK 6.1 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Reflect-Card-79x50.png
IP
File type PNG image data, 79 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash 591b12f4d2c494c14a9b5c6b7b1ea2ae
da8e94c246fec3159f25e51723d7c90ed7aae79c
ad74103e9fe7dd74e0e0413c0ee84ef2b8b2eb995585973499a7ec5cad2dc524
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Reflect-Card-79x50.png HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 6084
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/png
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/bilt_card_79x50.png
200 OK 5.3 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/bilt_card_79x50.png
IP
File type PNG image data, 79 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash 6662319a905c635dcfcc415d246df0d5
a81d2f2299be68717ec84ade918d4f80b0e0a008
9d8b2fd8606a20cd2e27d0641847f5fe10adcba3eba209a73f53e5d2111bda04
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/bilt_card_79x50.png HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 5296
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/png
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfui-container-bottom.js.download/assets/js/wfui/ndep/websdk/nuance-websdk-loader.js
404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfui-container-bottom.js.download/assets/js/wfui/ndep/websdk/nuance-websdk-loader.js
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 6321f2b50eb0728d1efcaa81e0047c18
a868e353560cf4f11b04bc76be2d2a2946ae77f0
69528b31942c322eb4b0d1f0cf7137002b01febe48aaa662bab5ffc8d9389435
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfui-container-bottom.js.download/assets/js/wfui/ndep/websdk/nuance-websdk-loader.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: PHPSESSID=d014bc2625e3af2aa480e8ec3ee9b945; path=/
wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/runtime.bd6612f680d429d52883.js
404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/runtime.bd6612f680d429d52883.js
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 9b3ff1b75009b9a04a74a0a42bd59018
34906e0da52eac5276baae6399b6fdfd4f86f5df
fc1b2160773c3923880dd8c0ea62849b758ea6a802d43f3fcf8546524fdc286a
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/runtime.bd6612f680d429d52883.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0; PHPSESSID=f17f198b59378dbc4609de0632f1d062
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/activityi.html
200 OK 699 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/activityi.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (314)
Hash 7b162de68b7b5ec462901018f6e4fb81
037603c296a2f37e31152206ff10b83869277171
023c9ed6a6ca98a7270dbec9d7e16fb05e68d55083273accdb727905da329979
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/activityi.html HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0; PHPSESSID=f17f198b59378dbc4609de0632f1d062
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:55 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 699
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/html
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/main.ecf62c3a02822a5d5939.chunk.js
404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/main.ecf62c3a02822a5d5939.chunk.js
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 48a291d601e46fd194818cbefdf9a0a5
d85b83b178f7188766066acf55306e9060c0d1a8
0a75a62847d68ebfd95c105a202f48bebec1fcfd6b6e92a42a1a9d5364f1f369
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/main.ecf62c3a02822a5d5939.chunk.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0; PHPSESSID=f17f198b59378dbc4609de0632f1d062
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/saved_resource.html
200 OK 71 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/saved_resource.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (65017)
Hash ae4bcb97fea82ca505435163d9892c6e
04eb6f5515f19b040f4dcf046ec89279507ab3fc
cf287b2299a173aac359d135420df4f61508db3a3e4ccad5e91293b6abc1c02e
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/saved_resource.html HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0; PHPSESSID=f17f198b59378dbc4609de0632f1d062
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:55 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 71128
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: text/html
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/saved_resource(1).html
200 OK 728 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/saved_resource(1).html
IP
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (613)
Hash 2d25e1330fef653d1e712d87232dda57
073d496b33393d7096209628d8506e6995e71e8a
7178f45ed9dcc83e6eccf699bd0d58b4918bc7065ecb46da8a2d858a19517cae
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/saved_resource(1).html HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0; PHPSESSID=f17f198b59378dbc4609de0632f1d062
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:55 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 728
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/dc_pre=CKz1uZHw5_0CFcPUcwEdikELHw.html
200 OK 694 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/dc_pre=CKz1uZHw5_0CFcPUcwEdikELHw.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (306)
Hash 335e80c32ebe22decce415ec00332910
f69d62a2f129baa1bf2bd61d58d102fa25986a57
200d7943bfe36e073f6226e3092150fe71bc1e1c39b5f9b85b164e5bff8934a0
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/dc_pre=CKz1uZHw5_0CFcPUcwEdikELHw.html HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Cookie: _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:55 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 694
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: text/html
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ay6u(1)
200 OK 120 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ay6u(1)
IP
File type ASCII text, with no line terminators
Hash ddc2a6334c4a739543e4ff59e468dd60
f23c3183bd728510be4c983242c19724cc6320af
973d4f770014280b8f7860542563afa477f89b8990b2e9261122255892f3ae7d
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ay6u(1) HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/saved_resource.html
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0; PHPSESSID=d014bc2625e3af2aa480e8ec3ee9b945; utag_main=v_id:018717c916f90021d84bfebf1af800050003b00900918$_sn:1$_se:1$_ss:1$_st:1679733067322$ses_id:1679731267322%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:55 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 120
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/main.ebdd373bd9a28ceb3854.chunk.css
404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/main.ebdd373bd9a28ceb3854.chunk.css
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 6aa2bc811d0a6fd150679dc6f48936cb
df3b997c77f6c8940b483507d2a45e24a4394608
862647163dafed5737af854b4f1f0c94a8bf0437fd800d1a47dafebde1b1d8ff
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/main.ebdd373bd9a28ceb3854.chunk.css HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0; PHPSESSID=f17f198b59378dbc4609de0632f1d062
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/wfui.9bb8714839d00df85c4c.chunk.js
404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/wfui.9bb8714839d00df85c4c.chunk.js
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 872a6473d672e10726276e1f8f83b09e
6e28b1996aa5bcaa9c20eb3d1e630046fd8be721
01788a12bc09f78fbfbe9aa732b1f3e35937d164adc3200a0a636e3340eb57d1
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/wfui.9bb8714839d00df85c4c.chunk.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0; PHPSESSID=f17f198b59378dbc4609de0632f1d062
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/dc_pre=CKz1uZHw5_0CFcPUcwEdikELHw(1).html
200 OK 572 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/dc_pre=CKz1uZHw5_0CFcPUcwEdikELHw(1).html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (309)
Hash d2048011403a2e92d200ebb584aaaf6a
d4acd7d948715b9c88007436d7f07e5602fe11b6
7e5fb8a7df4b90bb3312a60777abd009dfd37416496de07de332fc8a29b1c5db
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/dc_pre=CKz1uZHw5_0CFcPUcwEdikELHw(1).html HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Cookie: _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:55 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 572
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/volunteers_cars_616x353.jpg
200 OK 39 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/volunteers_cars_616x353.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 616x353, components 3\012- data
Hash 4e64bce05e75ee62d111a1443979413f
631a78f1492b81b7e6cf339eb10ad6a939295813
4a5b98e86bc37f6a038ad8ce761e17cefe3d7dce918e3d987088fbbc57746b99
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/volunteers_cars_616x353.jpg HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:55 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 38692
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/jpeg
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/woman_in_office_616x353.jpg
200 OK 39 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/woman_in_office_616x353.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 616x353, components 3\012- data
Hash 8c9a4edfc392dfb0f49e6b4f2eb3d6f4
faec222495c4ef7faaf050030ab7901df8273267
5236e41ab67d061a56d0eede8177a04d0c84143d9ffa5496e67ba43d3932699e
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/woman_in_office_616x353.jpg HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:56 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 39087
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/jpeg
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/4DFM
200 OK 189 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/4DFM
IP
Size 189 kB (189086 bytes)
Hash 6fc31419caed24a8f72b99ed2c9457a8
0bd02dc5a12fe97a41a5bd040ee33995d8e1e088
f48b4a7088d3d7c820aed240ca677012df229b53c8070d91cf16f93aca936d3b
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/4DFM HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/saved_resource.html
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0; PHPSESSID=d014bc2625e3af2aa480e8ec3ee9b945; utag_main=v_id:018717c916f90021d84bfebf1af800050003b00900918$_sn:1$_se:1$_ss:1$_st:1679733067322$ses_id:1679731267322%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:55 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 189086
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
200 OK 16 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (599)
Hash 18a9dcc7cee831010cf1647c8e39088a
731f39c30835414c6e165dd4687bf4071fe0eb10
1dc439a17ef08f995584c4869ccc397120b2502b57ba40240887df28e347be9b
GET /assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 Mar 2021 23:46:24 GMT
Vary: Accept-Encoding
ETag: W/"60401fd0-bbed"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15970
Date: Sat, 25 Mar 2023 08:00:56 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=02UiYkV7C%2fovpLltwK8A0g%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/vendor.bce22143e85144f6d513.chunk.js
404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/vendor.bce22143e85144f6d513.chunk.js
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 9a9c80a1ef68312d32cc42af77747ebc
c42d90b3c91bf6b49a6348ffcf3b9c005d5e20c0
9de6c19707b16ebf7d663985dd10e12aa0cc57e467797b5ba939a92306d8c32b
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/vendor.bce22143e85144f6d513.chunk.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0; PHPSESSID=f17f198b59378dbc4609de0632f1d062
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 08:00:54 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
c1.wfinterface.com/tracking/gb/detector-dom.min.js
200 OK 132 kB URL HTTP/1.1 c1.wfinterface.com/tracking/gb/detector-dom.min.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65434)
Size 132 kB (131829 bytes)
Hash 73ad7a8f8ccda765b898b038f90d8274
756ac35ad2422d93a0b327dfeff7fe9200695883
60ccc38cf175aba7cbe63bf1ec6319b5c1648d9a52014dfefa6ec718476a17b7
GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:03:51 GMT
Vary: Accept-Encoding
ETag: W/"632cbfa7-6b8d3"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 131829
Date: Sat, 25 Mar 2023 08:00:56 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=fJfeqdwQOhKhOh+%2fSgKEMg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
200 OK 45 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sat, 25 Mar 2023 08:00:56 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=dH98kKNg6SjsuSLTbItt%2fQ%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
ocsp.digicert.com/
200 OK 471 B IP
Hash 1acdc82b2aa5400857a4bc33075573e0
8925d539e3a6b1fdfb29d9cd32da040721f1ffb5
d2b7aa5dece1b68cc2f9970b3f97c366df11a06eac837bbc855420a8ecfba5c2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2751
Cache-Control: max-age=165113
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 08:00:56 GMT
Etag: "641e8172-1d7"
Expires: Mon, 27 Mar 2023 05:52:49 GMT
Last-Modified: Sat, 25 Mar 2023 05:06:58 GMT
Server: ECAcc (ska/F7A5)
X-Cache: HIT
Content-Length: 471
connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
200 OK 570 B URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
IP
ASN #20940 Akamai International B.V.
Hash 7af42886cbcf150f5f025fe73d898a46
9c1750811a061fb0b294bf2161fba564b3c536c7
1e06e8784cc014d631eb50c253ec3c6d7c1bdba9db7b91eb58cd693f4df65591
GET /accounts/static/7M/accounts/short/accounts-cache.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Fri, 17 Feb 2023 18:07:52 GMT
Vary: Accept-Encoding
ETag: W/"63efc278-497"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 570
Date: Sat, 25 Mar 2023 08:00:56 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=E%2fbOnBBxZiGMpQVhyUw8QUP9GH9VNQTu5XsRBQCLWjQ%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 25 Mar 2023 08:15:56 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.sectigo.com/
200 OK 472 B IP
Hash 8ed3047ee91d173a374a1a85ae52a7a8
4b6029b31d616b6ce4510bbebfa3d19727830cb4
97397600ff0e83eabe0185e5d326aa997f8cec6ea2ae7d0af7d08015b11a6c4e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:56 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 23 Mar 2023 08:38:01 GMT
Expires: Thu, 30 Mar 2023 08:38:00 GMT
Etag: "4b6029b31d616b6ce4510bbebfa3d19727830cb4"
Cache-Control: max-age=433623,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ad59f80eb85b4ee-OSL
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb?d=ZW5jZEBOL3FXdHJOUFFLUmt5RW92Z2o3M1d5ZTh1bUo1VThRVG9yMjBzU0JJSjdPN3JycVp2YWMyYzd2aS9BbGhHZThJTk84M3JFaXBkMEdhc1VNanZKWXpwYTFvdjRsV1dZdnJaelBkUE5PbEk4aVBXamZzWnl2OFdCQ3VSRnlkZ0pLOUxZRk5zaXBlTHhnUU9vV1dmV2VKQkR4SzZNQ1BiRTNjcGNSa3hmeHB5c1NqNjlPNEpoMzhCbjJGTWJHOEhKSlM1cDlqazBqNitURHBSSmFYb1d4WFhRYTNXL1lHa25SSWF0cjZpZjZ6bU9qdzZhbHlVTUVES1JvZmZnUVllZjNiK0VsMGd4NjdrT2NISXZpUjN0eHlSVXlEaTRuc1IwbFJwNVJrUXM2NVZPQ0t6Njh0TEN5QnwxNDY2OGMwMjViZWNjY2Q5MTcyZWY1YjkzNGEwYjMzNmYxZTcwODBjODFkN2NiNTBhMTYzZjJhNTJiNjNmMzZmNjk0NWUyZmVmYmNkZjNiMDU1ODgwZDc4OTM0MmJlNTI5NTM3ODgyMjJjZDViZjliNWI1MjQyMDAxMzYwMWUxMTJmODg1ZDk4NzM4OTEyODBhOGYzNTBiMjVkN2JhZWEwNmM3OTFkOGMyODgzMDUzNGM3NjY4MGZjMDg4OWNjOThlYTNiMzEwMTcxZGI4YzVlMzVmZDZmNzFhMzZlZmQ0ODQ0Y2ZmYjk2MTE1MGZiODUwMjc4YmZlYjIwYjAxYWUxOTRjYTM5MjVlNzI5NTEyNDEwYjdiZDAwZmI0M2NiMTliNzY3YzBhN2JiODJiNDZjZDI0ZGVmYjRmOTExZjZlN2JjMDIyYTg4NjJiYmU4ZjdmOWU3YWE5YTQ5ZDFjOWIyMmE2NmI4M2RkYjRmZmNjYzM0ZDNmYTU5MjFiYmNlNTg0ZDAyYjIxYjBkM2VjNzkyNjZiODljMjI5NjQxMzM3MzQ5NGVjOWM1ZTM5ZDlhYmQyNzM0ZjA4NDZhN2ZhYjRiZDk3YmE2Njg0NzM0OTY2NjcwYWJhMTk4NDg0NjZmNzI0NzE2Y2I4NWZmNzQ3YTk2NTY2NDYyM2IyZWJhNzFkN3wwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fgmdva.org&t=jsonp&c=cnvfcmhhslzuprgt&eu=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F
200 OK 131 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb?d=ZW5jZEBOL3FXdHJOUFFLUmt5RW92Z2o3M1d5ZTh1bUo1VThRVG9yMjBzU0JJSjdPN3JycVp2YWMyYzd2aS9BbGhHZThJTk84M3JFaXBkMEdhc1VNanZKWXpwYTFvdjRsV1dZdnJaelBkUE5PbEk4aVBXamZzWnl2OFdCQ3VSRnlkZ0pLOUxZRk5zaXBlTHhnUU9vV1dmV2VKQkR4SzZNQ1BiRTNjcGNSa3hmeHB5c1NqNjlPNEpoMzhCbjJGTWJHOEhKSlM1cDlqazBqNitURHBSSmFYb1d4WFhRYTNXL1lHa25SSWF0cjZpZjZ6bU9qdzZhbHlVTUVES1JvZmZnUVllZjNiK0VsMGd4NjdrT2NISXZpUjN0eHlSVXlEaTRuc1IwbFJwNVJrUXM2NVZPQ0t6Njh0TEN5QnwxNDY2OGMwMjViZWNjY2Q5MTcyZWY1YjkzNGEwYjMzNmYxZTcwODBjODFkN2NiNTBhMTYzZjJhNTJiNjNmMzZmNjk0NWUyZmVmYmNkZjNiMDU1ODgwZDc4OTM0MmJlNTI5NTM3ODgyMjJjZDViZjliNWI1MjQyMDAxMzYwMWUxMTJmODg1ZDk4NzM4OTEyODBhOGYzNTBiMjVkN2JhZWEwNmM3OTFkOGMyODgzMDUzNGM3NjY4MGZjMDg4OWNjOThlYTNiMzEwMTcxZGI4YzVlMzVmZDZmNzFhMzZlZmQ0ODQ0Y2ZmYjk2MTE1MGZiODUwMjc4YmZlYjIwYjAxYWUxOTRjYTM5MjVlNzI5NTEyNDEwYjdiZDAwZmI0M2NiMTliNzY3YzBhN2JiODJiNDZjZDI0ZGVmYjRmOTExZjZlN2JjMDIyYTg4NjJiYmU4ZjdmOWU3YWE5YTQ5ZDFjOWIyMmE2NmI4M2RkYjRmZmNjYzM0ZDNmYTU5MjFiYmNlNTg0ZDAyYjIxYjBkM2VjNzkyNjZiODljMjI5NjQxMzM3MzQ5NGVjOWM1ZTM5ZDlhYmQyNzM0ZjA4NDZhN2ZhYjRiZDk3YmE2Njg0NzM0OTY2NjcwYWJhMTk4NDg0NjZmNzI0NzE2Y2I4NWZmNzQ3YTk2NTY2NDYyM2IyZWJhNzFkN3wwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fgmdva.org&t=jsonp&c=cnvfcmhhslzuprgt&eu=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F
IP
File type ASCII text, with no line terminators
Hash abf8096f6003159b63cf71b5429f90ca
fb5ea6ba375ff149caa78dc1267af83ded68d3db
30f0e4411f2d7e707c05bbb0ca31dcdc2f8a2cc927eefa4bde7a914b4145aa0b
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb?d=ZW5jZEBOL3FXdHJOUFFLUmt5RW92Z2o3M1d5ZTh1bUo1VThRVG9yMjBzU0JJSjdPN3JycVp2YWMyYzd2aS9BbGhHZThJTk84M3JFaXBkMEdhc1VNanZKWXpwYTFvdjRsV1dZdnJaelBkUE5PbEk4aVBXamZzWnl2OFdCQ3VSRnlkZ0pLOUxZRk5zaXBlTHhnUU9vV1dmV2VKQkR4SzZNQ1BiRTNjcGNSa3hmeHB5c1NqNjlPNEpoMzhCbjJGTWJHOEhKSlM1cDlqazBqNitURHBSSmFYb1d4WFhRYTNXL1lHa25SSWF0cjZpZjZ6bU9qdzZhbHlVTUVES1JvZmZnUVllZjNiK0VsMGd4NjdrT2NISXZpUjN0eHlSVXlEaTRuc1IwbFJwNVJrUXM2NVZPQ0t6Njh0TEN5QnwxNDY2OGMwMjViZWNjY2Q5MTcyZWY1YjkzNGEwYjMzNmYxZTcwODBjODFkN2NiNTBhMTYzZjJhNTJiNjNmMzZmNjk0NWUyZmVmYmNkZjNiMDU1ODgwZDc4OTM0MmJlNTI5NTM3ODgyMjJjZDViZjliNWI1MjQyMDAxMzYwMWUxMTJmODg1ZDk4NzM4OTEyODBhOGYzNTBiMjVkN2JhZWEwNmM3OTFkOGMyODgzMDUzNGM3NjY4MGZjMDg4OWNjOThlYTNiMzEwMTcxZGI4YzVlMzVmZDZmNzFhMzZlZmQ0ODQ0Y2ZmYjk2MTE1MGZiODUwMjc4YmZlYjIwYjAxYWUxOTRjYTM5MjVlNzI5NTEyNDEwYjdiZDAwZmI0M2NiMTliNzY3YzBhN2JiODJiNDZjZDI0ZGVmYjRmOTExZjZlN2JjMDIyYTg4NjJiYmU4ZjdmOWU3YWE5YTQ5ZDFjOWIyMmE2NmI4M2RkYjRmZmNjYzM0ZDNmYTU5MjFiYmNlNTg0ZDAyYjIxYjBkM2VjNzkyNjZiODljMjI5NjQxMzM3MzQ5NGVjOWM1ZTM5ZDlhYmQyNzM0ZjA4NDZhN2ZhYjRiZDk3YmE2Njg0NzM0OTY2NjcwYWJhMTk4NDg0NjZmNzI0NzE2Y2I4NWZmNzQ3YTk2NTY2NDYyM2IyZWJhNzFkN3wwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fgmdva.org&t=jsonp&c=cnvfcmhhslzuprgt&eu=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0; PHPSESSID=d014bc2625e3af2aa480e8ec3ee9b945; utag_main=v_id:018717c916f90021d84bfebf1af800050003b00900918$_sn:1$_se:1$_ss:1$_st:1679733067322$ses_id:1679731267322%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:56 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 131
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1679731268896
200 OK 321 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1679731268896
IP
File type JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Hash 5a345e1999ccc0b15cb2707c3a7e69b8
f76e3b891e0a9280654d443183a36ac63277535a
8c692d1e9aa1b5c9650c0387202dd75fdc8cdd0283573e813dabbb408745cf3a
GET /id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1679731268896 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://gmdva.org
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v046-0d62fe975.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=53806129373669158352629875458455760477; Max-Age=15552000; Expires=Thu, 21 Sep 2023 08:00:56 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: VtscsE6lRVI=
Content-Length: 321
Connection: keep-alive
api.rlcdn.com/api/identity/idl?pid=1317
451 Unavailable For Legal Reasons 0 B URL HTTP/2 api.rlcdn.com/api/identity/idl?pid=1317
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/identity/idl?pid=1317 HTTP/1.1
Host: api.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 451 Unavailable For Legal Reasons
date: Sat, 25 Mar 2023 08:00:56 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
200 OK 14 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (32088), with CRLF line terminators
Hash 3aebe41731e9656c48b87e8e8b2d1177
43369d1732f4ad8a5e7a1e9a3e133d96945afe02
6cf0cd136cefa8b4cce2da6ead22c33b83af4af3e87d7e4e9589b60f6ce4e395
GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Sat, 25 Mar 2023 08:00:56 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=taqkorI+oBaR12A1pDFLvQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
200 OK 150 kB URL HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Size 150 kB (149607 bytes)
Hash ea11e78222492c9124ddbb027979586f
27bc61bb4a54790f2c9d07c6c9f7378ccfd6cb7e
e3ac4baf548c438d0070f70f40fc1c12a2c6763af5ce0b93addb70b06fd6d5f0
GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"6410ff94-1854"
Last-Modified: Tue, 14 Mar 2023 23:13:24 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Sat, 25 Mar 2023 08:00:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=A0nsyBeHAQAAZpWBTZleaJAl7XZn9XK35_Z7s0J0Ylwlq7_CGM7BS4tjc0yzAVtaKpqcuDv8wH8AAEB3AAAAAA|1|0|58edd3e631d5647a06011357a54f1b830abf53d1; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=043bI+wS763KBhZvN1GRFXZKD+MNHzD10VLbH3fzyobTZyb2exln2bGPL2qGOCMG; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 25 Mar 2023 08:15:56 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
gmdva.org/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&cb=1679731268698&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
404 Not Found 48 kB URL HTTP/1.1 gmdva.org/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&cb=1679731268698&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 7448cbc0d1dc6a16870ea124a36ed6c7
de8b0be3409065d03126c94a8baafc2949c7a728
4c9d500e1f061fc9d5051f291d36c124c527ce9a14f928548e8285ad1b65e3c2
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&cb=1679731268698&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Connection: keep-alive
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0; PHPSESSID=d014bc2625e3af2aa480e8ec3ee9b945; utag_main=v_id:018717c916f90021d84bfebf1af800050003b00900918$_sn:1$_se:1$_ss:1$_st:1679733067322$ses_id:1679731267322%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 08:00:56 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761%3A0&_cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b&pv=2&f_cls_s=true
200 OK 1.2 kB URL HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761%3A0&_cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b&pv=2&f_cls_s=true
IP
ASN #20940 Akamai International B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (5109), with no line terminators
Hash 6b5f166cda434e6ed2bfc6549d74f053
89e8504e83f73b7ab057be3a68d5b07b0162c1ed
54e30292df48617ad27be921f8fc28d1a29dc525e44fdaa832135b677f187ef8
GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761%3A0&_cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://gmdva.org
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1189
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sat, 25 Mar 2023 08:00:56 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=de760e43; Secure; SameSite=None;HttpOnly;Secure
_cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0; Secure; SameSite=None;HttpOnly;Secure
_cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!iu597HImbR5rDZ3pnNE5eVRfS7HzY7vA8Sqk4Nv/eiBDtgE+/ZpUufav4FN/czsiYU4O4FJ9nos8Ng==; path=/; Httponly; Secure
DCID=%2fWpfL1Vu9FR1tEErF8acMjEt8h74gn94doD5YB1GoR1AAgasgMep6IuLk3guhjWb; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sat, 25 Mar 2023 08:15:56 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=53792145293895395602626223259838288974&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%011120230319042059961698062%011&ts=1679731269100
200 OK 322 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=53792145293895395602626223259838288974&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%011120230319042059961698062%011&ts=1679731269100
IP
File type JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Hash 3e19d393b5b54396d8676d4d7c9a70a2
3256b090c085375a491650b6ed4c98b52e705e11
bd7993f77296d01d920a3fc644c51a6be86deb1f22da9c41bcbe83e2a297ff03
GET /id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=53792145293895395602626223259838288974&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%011120230319042059961698062%011&ts=1679731269100 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://gmdva.org
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v046-0c9e579d2.edge-irl1.demdex.com 4 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=52285867547523324553720177532987726096; Max-Age=15552000; Expires=Thu, 21 Sep 2023 08:00:56 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: 5iiQpONxRuA=
Content-Length: 322
Connection: keep-alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/wfui.5ca2a1f03b3b260c7b2a.chunk.css
404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/wfui.5ca2a1f03b3b260c7b2a.chunk.css
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash f92b17afe7d3d61210094b1b12e63687
65168aaba4192fdcd76117a7b8d80320ed14206f
76392ad18ed117c0e0f854b6aad458792ab3eaa35330a8bca1ddedb6ffc3e2ed
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/wfui.5ca2a1f03b3b260c7b2a.chunk.css HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0; PHPSESSID=f17f198b59378dbc4609de0632f1d062
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 08:00:55 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.sectigo.com/
200 OK 472 B IP
Hash 8ed3047ee91d173a374a1a85ae52a7a8
4b6029b31d616b6ce4510bbebfa3d19727830cb4
97397600ff0e83eabe0185e5d326aa997f8cec6ea2ae7d0af7d08015b11a6c4e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:56 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 23 Mar 2023 08:38:01 GMT
Expires: Thu, 30 Mar 2023 08:38:00 GMT
Etag: "4b6029b31d616b6ce4510bbebfa3d19727830cb4"
Cache-Control: max-age=433623,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ad59f81cc95b4ee-OSL
gmdva.org/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&cb=1679731268710&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
404 Not Found 48 kB URL HTTP/1.1 gmdva.org/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&cb=1679731268710&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 76ec4dd869a5d422a80bc6e23289ff5d
56b4990b9c21ac0f04c27a4a969c20a868ae9f25
7ca096f3a9812e5725c4a1fbeeb4513bef23f2b7b8fa9b883f257c30d1b68fb4
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&cb=1679731268710&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Connection: keep-alive
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0; PHPSESSID=d014bc2625e3af2aa480e8ec3ee9b945; utag_main=v_id:018717c916f90021d84bfebf1af800050003b00900918$_sn:1$_se:1$_ss:1$_st:1679733067322$ses_id:1679731267322%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 08:00:56 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1679731268903
200 OK 316 B URL HTTP/1.1 wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1679731268903
IP
File type JSON data\012- , ASCII text, with very long lines (587), with no line terminators
Hash 136b15cced69c0800684008c1eca9d4c
92e838eece998be826b3e311e4c6606fc817c809
661a735562ba22ea0021c6fb631d9aec28b00585b094af42ec3235e95f08093e
POST /event?d_dil_ver=9.5&_ts=1679731268903 HTTP/1.1
Host: wellsfargobankna.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 428
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://gmdva.org
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v046-0aa5f14bd.edge-irl1.demdex.com 4 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=53806129373669158352629875458455760477; Max-Age=15552000; Expires=Thu, 21 Sep 2023 08:00:56 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: nYNzts4uQjA=
Content-Length: 316
Connection: keep-alive
gmdva.org/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
404 Not Found 47 kB URL HTTP/1.1 gmdva.org/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 1a4fcd612f2921cdba1c86816811a9fd
6e7bd30a1dc30dce8362d60dec7ea25680810a6a
2869e39f5d03d45720ee7289aaef4f77e92adf69d0a0431c3be0e8c1b537dc2f
Analyzer Verdict Alert fortinet Phishing
POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Content-Type: multipart/form-data; boundary=---------------------------90078696539476108132696975686
Origin: https://gmdva.org
Content-Length: 169
Connection: keep-alive
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0; PHPSESSID=d014bc2625e3af2aa480e8ec3ee9b945; utag_main=v_id:018717c916f90021d84bfebf1af800050003b00900918$_sn:1$_se:1$_ss:1$_st:1679733067322$ses_id:1679731267322%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQEsW7Jugx%2FE8CmqlCekmt1LCMismwfm1Hov%2Fxzk3L0%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 08:00:56 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.digicert.com/
200 OK 471 B IP
Hash 24e5e7ec3507bcc60836a8798d125e32
f4db4ea71f3844ef76959f285c07789fb9cf70f8
92f002fbc1fe394f8d298e32c6f4b1d23de4e71585ea4c8fa809f609cb86ff77
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1282
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 08:00:57 GMT
Last-Modified: Sat, 25 Mar 2023 07:39:35 GMT
Server: ECAcc (ska/F776)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash 24e5e7ec3507bcc60836a8798d125e32
f4db4ea71f3844ef76959f285c07789fb9cf70f8
92f002fbc1fe394f8d298e32c6f4b1d23de4e71585ea4c8fa809f609cb86ff77
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1232
Cache-Control: max-age=114260
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 08:00:57 GMT
Etag: "641dc0bd-1d7"
Expires: Sun, 26 Mar 2023 15:45:17 GMT
Last-Modified: Fri, 24 Mar 2023 15:24:45 GMT
Server: ECAcc (ska/F7A3)
X-Cache: HIT
Content-Length: 471
c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
200 OK 45 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sat, 25 Mar 2023 08:00:57 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=veO99nQLGN%2fxnPcbcWt2WA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
200 OK 45 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sat, 25 Mar 2023 08:00:57 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=pKnYJTJbdoOjd%2f8%2fSTjJOA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
200 OK 45 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sat, 25 Mar 2023 08:00:57 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=+pa2yd+PhogSEESsxoCVRQ%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/ga.js
200 OK 20 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/ga.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (49163)
Hash d76c07f3794667edfb1c8ac0df3aac66
23e1915175dad06223c692b49c7b3c2aad1a5820
e0a246ff71144016a26e53493b8275a3a02b9386c690a169801840072851136b
GET /tracking/ga/ga.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-c025"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 19477
Date: Sat, 25 Mar 2023 08:00:57 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Fk6snST7EwSFAWRTT4hYTA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/vendor.3950f3b92beb9b7e513c.chunk.js
404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/vendor.3950f3b92beb9b7e513c.chunk.js
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash b3cc62216eea76b1176e3fc689a25ff2
7486c5d862c16763b73d00ac6e099bdcee277294
d43737aa4d897b6c6ef4d4d1915b99e6e6bfc36c2a39ef779ad7e65a893eae55
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/vendor.3950f3b92beb9b7e513c.chunk.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
ADRUM: isAjax:true
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0; PHPSESSID=d014bc2625e3af2aa480e8ec3ee9b945; utag_main=v_id:018717c916f90021d84bfebf1af800050003b00900918$_sn:1$_se:1$_ss:1$_st:1679733067322$ses_id:1679731267322%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQEsW7Jugx%2FE8CmqlCekmt1LCMismwfm1Hov%2Fxzk3L0%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 08:00:56 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4355291ec58b85ddde02c2446ecb2bb4
4ad43e10f82193f83e862e8a78f3e46de9490ac4
e32fd5635627751770ee13e8f77b14b2555163cfc2d7db98aa8edb5b4bae4d9a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 08:00:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash fa363658b10afd87af493d2c443e3106
6d1f5da75206662432381be4dd22e72fb3cb968a
f0d0e2a38e51f762415e65b7f49f2acd09b4651b5c111875ff9184a58f0cc8f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 08:00:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=260531193&t=pageview&_s=1&dl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=6GBACUABBAAAAC~&jid=600969704&gjid=295345391&cid=1149832434.1679731270&tid=UA-107148943-1&_gid=272518448.1679731270&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120230319042059961698062&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=1149832434.1679731270&z=266580051
200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=260531193&t=pageview&_s=1&dl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=6GBACUABBAAAAC~&jid=600969704&gjid=295345391&cid=1149832434.1679731270&tid=UA-107148943-1&_gid=272518448.1679731270&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120230319042059961698062&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=1149832434.1679731270&z=266580051
IP
File type ASCII text, with no line terminators
Hash cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
POST /j/collect?v=1&_v=j92&aip=1&a=260531193&t=pageview&_s=1&dl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=6GBACUABBAAAAC~&jid=600969704&gjid=295345391&cid=1149832434.1679731270&tid=UA-107148943-1&_gid=272518448.1679731270&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120230319042059961698062&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=1149832434.1679731270&z=266580051 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://gmdva.org
date: Sat, 25 Mar 2023 08:00:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
2549153.fls.doubleclick.net/activityi;src=2549153;type=allv40;cat=all_a00;ord=647592972810;gtm=2od8g0;auiddc=1097435300.1679731270;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F?
200 OK 315 B URL HTTP/2 2549153.fls.doubleclick.net/activityi;src=2549153;type=allv40;cat=all_a00;ord=647592972810;gtm=2od8g0;auiddc=1097435300.1679731270;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F?
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (555), with no line terminators
Hash 95df82a5d8a64277530d431651e3c4da
47a3035413ba4e063598a99b2dc376c7dd04a70b
7de023e29441d2d7259fa015920db4a00c66ef20b5fbee7251ff56c39d7d46a1
GET /activityi;src=2549153;type=allv40;cat=all_a00;ord=647592972810;gtm=2od8g0;auiddc=1097435300.1679731270;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F? HTTP/1.1
Host: 2549153.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 25 Mar 2023 08:00:57 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 315
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 25-Mar-2023 08:15:57 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 4355291ec58b85ddde02c2446ecb2bb4
4ad43e10f82193f83e862e8a78f3e46de9490ac4
e32fd5635627751770ee13e8f77b14b2555163cfc2d7db98aa8edb5b4bae4d9a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 08:00:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash fa363658b10afd87af493d2c443e3106
6d1f5da75206662432381be4dd22e72fb3cb968a
f0d0e2a38e51f762415e65b7f49f2acd09b4651b5c111875ff9184a58f0cc8f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 08:00:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
c1.wfinterface.com/tracking/ga/ga_conversion_async.js
200 OK 14 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/ga_conversion_async.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (35846)
Hash 42c817a7b5f9583b2bc70f742dc950c9
ff75711716f8605860abe551b0235f7194e4348e
881b430ac699f32b3b5234582494d1f4fc0d22be1e6ac797847d66bc5ebc250f
GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Sat, 25 Mar 2023 08:00:57 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=7qkAmB79yWW45szis+K5Yw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash eef4409d0ad90e2899e538028bd3fa76
2d6edd13cbd2d201ef921fc33c053aec8f8b740c
61eef3a534769ac291c82d37206b392dea96af36a38e9d7da4cf0fb2d5d2342d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 08:00:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=1149832434.1679731270&jid=600969704&gjid=295345391&_gid=272518448.1679731270&_u=6GBACUAABAAAAC~&z=2027161601
200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=1149832434.1679731270&jid=600969704&gjid=295345391&_gid=272518448.1679731270&_u=6GBACUAABAAAAC~&z=2027161601
IP
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=1149832434.1679731270&jid=600969704&gjid=295345391&_gid=272518448.1679731270&_u=6GBACUAABAAAAC~&z=2027161601 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://gmdva.org
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 25 Mar 2023 08:00:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
200 OK 498 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 213c4cdcae9c16c818be44639b7328ce
6d859452ba5b8ad80a4584d240f4a66428dd9081
d7ba8bd9a92eeef2a87bc7f6569e791b9cedd4c1f700078ec0420c04577bd2f4
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 08:00:57 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/runtime.05a69a13044cc6fc4087.js
404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/runtime.05a69a13044cc6fc4087.js
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash d7401f01a4ff3a5d1df97f472d502157
084e066c53d5891028287a293fcd710004f7b807
dd94a0605ef1d6ed936de79d6d0a783fdba7899557790177103753232008ff67
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/runtime.05a69a13044cc6fc4087.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
ADRUM: isAjax:true
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0; PHPSESSID=d014bc2625e3af2aa480e8ec3ee9b945; utag_main=v_id:018717c916f90021d84bfebf1af800050003b00900918$_sn:1$_se:1$_ss:1$_st:1679733067322$ses_id:1679731267322%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQEsW7Jugx%2FE8CmqlCekmt1LCMismwfm1Hov%2Fxzk3L0%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 08:00:56 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash f0f306ea49f1bd3f358f7579513e7377
c2845c696f6685a211bc040895d28ebf23fa1bc0
cda7588d5040ef3c8e83955838618a0ed0a6ee242d24abf5af697b2289fc8bdb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 08:00:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=647592972810;gtm=2od8g0;auiddc=1097435300.1679731270;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F
200 OK 314 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=647592972810;gtm=2od8g0;auiddc=1097435300.1679731270;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (554), with no line terminators
Hash ec5d19e6a381462349ccb2c53a83cea9
fd098c4321984efbc9bb50744b7d24101b05b784
e3c2e426ede15bd3625ad301056c2f5d616c1475a1c181d599afcbf8299bb6e3
GET /ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=647592972810;gtm=2od8g0;auiddc=1097435300.1679731270;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2549153.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 25 Mar 2023 08:00:57 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 314
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0&_cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b&pid=f8a0934d-4515-41a4-b219-2512ae225136&sn=1&cfg&pv=2&aid=
200 OK 1.2 kB URL HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0&_cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b&pid=f8a0934d-4515-41a4-b219-2512ae225136&sn=1&cfg&pv=2&aid=
IP
ASN #20940 Akamai International B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (5109), with no line terminators
Hash 6b5f166cda434e6ed2bfc6549d74f053
89e8504e83f73b7ab057be3a68d5b07b0162c1ed
54e30292df48617ad27be921f8fc28d1a29dc525e44fdaa832135b677f187ef8
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0&_cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b&pid=f8a0934d-4515-41a4-b219-2512ae225136&sn=1&cfg&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 14211
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Cookie: _cls_cfgver=de760e43; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0; _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://gmdva.org
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1189
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sat, 25 Mar 2023 08:00:57 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=de760e43; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!zQoafItsPIeLZe554TfMmyz5FQ342bExxrEFf886Lh9l8NikxIygprwp0dvxq5JEsQlYem0pDwzvNGs=; path=/; Httponly; Secure
DCID=6HzGxOWtXKWJgX5WhcAVVjhejJZf7FJ%2fzPOmC0u6Jyg%3d; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sat, 25 Mar 2023 08:15:57 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash f0f306ea49f1bd3f358f7579513e7377
c2845c696f6685a211bc040895d28ebf23fa1bc0
cda7588d5040ef3c8e83955838618a0ed0a6ee242d24abf5af697b2289fc8bdb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 08:00:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 248b003a4a6dda3d2c481cfd45e49176
ae6e1dbc704dbe302549888e545689eb88e83bb9
14df223924711cca8488c64942b656023cb6e69cb83863ccd0f9cdb8ac4682fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 08:00:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=647592972810;gtm=2od8g0;auiddc=1097435300.1679731270;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F
200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=647592972810;gtm=2od8g0;auiddc=1097435300.1679731270;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=647592972810;gtm=2od8g0;auiddc=1097435300.1679731270;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 25 Mar 2023 08:00:57 GMT
expires: Sat, 25 Mar 2023 08:00:57 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/wfui.ecd53189d0b6bf69e8f7.chunk.js
404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/wfui.ecd53189d0b6bf69e8f7.chunk.js
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash f77cb66b63e4c8507292313c7b569a00
63fab1edbd3e2b67fae7815cbb258525bf75733e
240166dbe2099c997bd049c1a149495b1011caedcb7e99846a69898c37c7aafd
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/wfui.ecd53189d0b6bf69e8f7.chunk.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
ADRUM: isAjax:true
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0; PHPSESSID=d014bc2625e3af2aa480e8ec3ee9b945; utag_main=v_id:018717c916f90021d84bfebf1af800050003b00900918$_sn:1$_se:1$_ss:1$_st:1679733067322$ses_id:1679731267322%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQEsW7Jugx%2FE8CmqlCekmt1LCMismwfm1Hov%2Fxzk3L0%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 08:00:56 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 248b003a4a6dda3d2c481cfd45e49176
ae6e1dbc704dbe302549888e545689eb88e83bb9
14df223924711cca8488c64942b656023cb6e69cb83863ccd0f9cdb8ac4682fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 08:00:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/main.3194ee7aa65e829eeddb.chunk.js
404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/main.3194ee7aa65e829eeddb.chunk.js
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 72c425c153d04ed4350dae88822fecb3
120d4f74b52e44977f281b8e91f687a3ace8b031
17c7cc5a8c6042d2b1f131a22ce914fae11afe1013ba928c207233ce40515bd1
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/main.3194ee7aa65e829eeddb.chunk.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
ADRUM: isAjax:true
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0; PHPSESSID=d014bc2625e3af2aa480e8ec3ee9b945; utag_main=v_id:018717c916f90021d84bfebf1af800050003b00900918$_sn:1$_se:1$_ss:1$_st:1679733067322$ses_id:1679731267322%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQEsW7Jugx%2FE8CmqlCekmt1LCMismwfm1Hov%2Fxzk3L0%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 08:00:56 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/mint.js.download
200 OK 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/mint.js.download
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash b37b4cc7da52a1eecfa3ad93dcb06c8f
c116b58e5f484be484494563e95ea00952d934b0
4e263e92071d53fc2b0ac5fbb782cf5b2e399496084c436b8df78b1eb84ae3dc
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/mint.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 08:00:53 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 260264
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/wfui.18915ef50d53df2cce93.chunk.css
404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/wfui.18915ef50d53df2cce93.chunk.css
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 812cffb0a406e241ee5ac2a004f7e50d
2e302d683d634fd72a8c56ed59c9a6e8bd1757dd
6fd202c48284a308dec16eb9daeec79deec91535f98bc00abfca16260ed597ae
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/wfui.18915ef50d53df2cce93.chunk.css HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
ADRUM: isAjax:true
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0; PHPSESSID=d014bc2625e3af2aa480e8ec3ee9b945; utag_main=v_id:018717c916f90021d84bfebf1af800050003b00900918$_sn:1$_se:2$_ss:0$_st:1679733069087$ses_id:1679731267322%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQEsW7Jugx%2FE8CmqlCekmt1LCMismwfm1Hov%2Fxzk3L0%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 08:00:57 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/as/jsLog
404 Not Found 47 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash e0968f44fff39c3ee5d8b729d8c874c5
559ba988474922f5b1ba0437b634e54073f96ee7
210e1e133ef2d060c932a0704f1b366deca96258c7f2e2a926dc597908172679
Analyzer Verdict Alert fortinet Phishing
POST /as/jsLog HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
ADRUM: isAjax:true
Content-Length: 193
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0; PHPSESSID=d014bc2625e3af2aa480e8ec3ee9b945; utag_main=v_id:018717c916f90021d84bfebf1af800050003b00900918$_sn:1$_se:2$_ss:0$_st:1679733069087$ses_id:1679731267322%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQEsW7Jugx%2FE8CmqlCekmt1LCMismwfm1Hov%2Fxzk3L0%3D%22%2C%22_s%22%3A%22RhtKSdgZ%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C53792145293895395602626223259838288974%7CMCAAMLH-1680336069%7C6%7CMCAAMB-1680336069%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-982532154%7CMCOPTOUT-1679738469s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 08:00:57 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
200 OK 9.2 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
IP
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash cd112f1acb59ef6e59e09c0effd8ce2a
bc104cd92adc32a8f695300d2b0cc69c2776f6af
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c
GET /assets/images/icons/ico/favicon.ico HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon
content-length: 9198
last-modified: Fri, 17 Dec 2021 21:10:38 GMT
etag: "61bcfcce-23ee"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=79003
expires: Sun, 26 Mar 2023 05:57:41 GMT
date: Sat, 25 Mar 2023 08:00:58 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
200 OK 1.0 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
IP
File type ISO Media, AVIF Image\012- data
Hash 4febe8c61db195a61e1bf6366a2dba1e
6b66fc1349bd2d08b0d9046a2f0c33d1b2925534
964596930b998b90463258b346ce36d991a0f28e7054770a1decfff35a9cda0c
GET /assets/images/icons/icon-hires_192x192.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6116f9a6-dcf"
last-modified: Tue, 17 Jan 2023 06:26:40 GMT
server: Akamai Image Manager
content-length: 1012
content-type: image/avif
cache-control: private, no-transform, max-age=1466366
expires: Tue, 11 Apr 2023 07:20:24 GMT
date: Sat, 25 Mar 2023 08:00:58 GMT
X-Firefox-Spdy: h2
gmdva.org/dti_apg/api/imp/v1.0/report/?m&fq=load
404 Not Found 47 kB URL HTTP/1.1 gmdva.org/dti_apg/api/imp/v1.0/report/?m&fq=load
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 741f51e41fb725f0c8ce6a5187db7ed9
06b3a099493e52c77c3016c1467275e084d70953
c9494ce98fec4cde6e48992041624064e4fd3a5aeb20f5e4e600c22cb0545d2f
POST /dti_apg/api/imp/v1.0/report/?m&fq=load HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
content-type: text/plain;charset=UTF-8
Origin: https://gmdva.org
Content-Length: 660
Connection: keep-alive
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0; PHPSESSID=d014bc2625e3af2aa480e8ec3ee9b945; utag_main=v_id:018717c916f90021d84bfebf1af800050003b00900918$_sn:1$_se:2$_ss:0$_st:1679733069087$ses_id:1679731267322%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQEsW7Jugx%2FE8CmqlCekmt1LCMismwfm1Hov%2Fxzk3L0%3D%22%2C%22_s%22%3A%22RhtKSdgZ%22%2C%22_fr%22%3A10000%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C53792145293895395602626223259838288974%7CMCAAMLH-1680336069%7C6%7CMCAAMB-1680336069%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-982532154%7CMCOPTOUT-1679738469s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _ga=GA1.2.1149832434.1679731270; _gid=GA1.2.272518448.1679731270; _gat_gtag_UA_107148943_1=1; _gcl_au=1.1.1097435300.1679731270
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 08:00:57 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1149832434.1679731270&jid=600969704&_u=6GBACUAABAAAAC~&z=1609907713
200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1149832434.1679731270&jid=600969704&_u=6GBACUAABAAAAC~&z=1609907713
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1149832434.1679731270&jid=600969704&_u=6GBACUAABAAAAC~&z=1609907713 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 25 Mar 2023 08:00:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1679731270097&cv=9&fst=1679731270097&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1
302 Found 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1679731270097&cv=9&fst=1679731270097&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/984436569/?random=1679731270097&cv=9&fst=1679731270097&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 25 Mar 2023 08:00:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-user-list/984436569/?random=1679731270097&cv=9&fst=1679731200000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=3538907880&resp=GooglemKTybQhCsO
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 25-Mar-2023 08:15:59 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash f91bec0a4e5b6ec5598800635807a333
58e65c61d3622379fbdfc5a3344706cdd04df398
3312157f1da8d91cfe3727fe0c61082c65d33a3fc68e691db711cdc339f7eb02
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5370
Cache-Control: max-age=161639
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 08:00:59 GMT
Etag: "641e69a8-1d7"
Expires: Mon, 27 Mar 2023 04:54:58 GMT
Last-Modified: Sat, 25 Mar 2023 03:25:28 GMT
Server: ECAcc (ska/F6D2)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 9b762efe5751eb25cd26ca67ad6dcf22
661f1247ecc842236957d05747967ec4f20835a2
c51c54e54ffc33cc7643bb0a64da2265f93efaf38838351ec0f2a2fe102efa2e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 08:00:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0
200 OK 0 B URL HTTP/2 www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Sat, 25 Mar 2023 08:00:59 GMT
X-Firefox-Spdy: h2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1149832434.1679731270&jid=600969704&_u=6GBACUAABAAAAC~&z=1609907713
200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1149832434.1679731270&jid=600969704&_u=6GBACUAABAAAAC~&z=1609907713
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1149832434.1679731270&jid=600969704&_u=6GBACUAABAAAAC~&z=1609907713 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 25 Mar 2023 08:00:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash f91bec0a4e5b6ec5598800635807a333
58e65c61d3622379fbdfc5a3344706cdd04df398
3312157f1da8d91cfe3727fe0c61082c65d33a3fc68e691db711cdc339f7eb02
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6056
Cache-Control: max-age=162325
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 08:00:59 GMT
Etag: "641e69a8-1d7"
Expires: Mon, 27 Mar 2023 05:06:24 GMT
Last-Modified: Sat, 25 Mar 2023 03:25:28 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 471
gmdva.org/dti_apg/api/dip/v1/dip
404 Not Found 47 kB URL HTTP/1.1 gmdva.org/dti_apg/api/dip/v1/dip
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 1542f1fe6e69be58804e4cd16bc70dca
866a0cd7a16e6b3ac7e1cb9044defec4ce46a893
51145202b095a0225171192eeed330e9be349ad3edde2ab7ee0d24adcd16c2bb
Analyzer Verdict Alert fortinet Phishing
POST /dti_apg/api/dip/v1/dip HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
ADRUM: isAjax:true
Content-Length: 2022
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=cc629f44-8298-4ad0-b32f-821fcbe7b36b; _cls_s=33a49b4c-b6a4-4293-911b-8a23128c5761:0; PHPSESSID=d014bc2625e3af2aa480e8ec3ee9b945; utag_main=v_id:018717c916f90021d84bfebf1af800050003b00900918$_sn:1$_se:2$_ss:0$_st:1679733069087$ses_id:1679731267322%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQEsW7Jugx%2FE8CmqlCekmt1LCMismwfm1Hov%2Fxzk3L0%3D%22%2C%22_s%22%3A%22RhtKSdgZ%22%2C%22_fr%22%3A10000%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C53792145293895395602626223259838288974%7CMCAAMLH-1680336069%7C6%7CMCAAMB-1680336069%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-982532154%7CMCOPTOUT-1679738469s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _ga=GA1.2.1149832434.1679731270; _gid=GA1.2.272518448.1679731270; _gat_gtag_UA_107148943_1=1; _gcl_au=1.1.1097435300.1679731270
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 08:00:58 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
200 OK 0 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
IP
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 08:00:57 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
200 OK 0 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP
POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 20053
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 08:00:57 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:18|g:18078704-95ae-4058-ad1f-ccad24d86f8d; Path=/; Expires=Sat, 25-Mar-2023 08:01:27 GMT; Max-Age=30
ADRUM_BTa=R:18|g:18078704-95ae-4058-ad1f-ccad24d86f8d|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e; Path=/; Expires=Sat, 25-Mar-2023 08:01:27 GMT; Max-Age=30
SameSite=None; Path=/; Expires=Sat, 25-Mar-2023 08:01:27 GMT; Max-Age=30; Secure
ADRUM_BT1=R:18|i:559461; Path=/; Expires=Sat, 25-Mar-2023 08:01:27 GMT; Max-Age=30
ADRUM_BT1=R:18|i:559461|e:1; Path=/; Expires=Sat, 25-Mar-2023 08:01:27 GMT; Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
74.124.217.28
104.110.27.78
34.254.165.240
104.18.32.68
157.240.205.35