r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bea3185dd820a31c1981317f37c3456d
1a548a5d27270fc11df9011837a7149571cedd78
469b97bf9f57401b3c9571039483589f2815f4794212b75c7c85cfefe0ae71e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9"
Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2871
Expires: Sat, 25 Mar 2023 07:22:48 GMT
Date: Sat, 25 Mar 2023 06:34:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfd491ebe7381221b3674c2c8bf9e566
d2ac5badf17f348c28a52e9db10e6eb80e5a231a
34a026664386054b0b73c36cd1ddfce023551ee41963df0e38248bac1e1eb56c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "34A026664386054B0B73C36CD1DDFCE023551EE41963DF0E38248BAC1E1EB56C"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15969
Expires: Sat, 25 Mar 2023 11:01:06 GMT
Date: Sat, 25 Mar 2023 06:34:57 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Alert, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 25 Mar 2023 06:27:43 GMT
content-type: application/json
age: 434
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1313ee2f06606d09c45b06ff9e8e1001
285ca89d1d3ea45d35832bc6d9827f834b3bfe21
63463447d29550c3734f621be02ec85290fbdf4612f79f9fad7e94f7e066dcb0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63463447D29550C3734F621BE02EC85290FBDF4612F79F9FAD7E94F7E066DCB0"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3513
Expires: Sat, 25 Mar 2023 07:33:30 GMT
Date: Sat, 25 Mar 2023 06:34:57 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 6L2eq1arcQa1b2floHoBIfEo93I5TZagmf648Yzf4PuL3op2h+SMvRBpUHRB+l19SNYdDe6pmgE=
x-amz-request-id: 0T5CJW1E1ESP7NG3
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 25 Mar 2023 05:54:48 GMT
age: 2409
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
74.124.217.28301 Moved Permanently 267 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 399d187aefd3b021dccbec7242ab9392
e2ad8a14b9d5ee0cfee7d0f3519d993d0af7a1cd
af14d3679c0b8d3e24d307af3cba807b7fba6f0b793676802627a98d55246375
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/ HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Mar 2023 06:34:57 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Location: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Content-Length: 267
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 06:34:57 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Retry-After, Content-Length, Alert, Cache-Control, Expires, Content-Type, Backoff, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 25 Mar 2023 06:17:24 GMT
age: 1053
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 70300b32357c46f3448d567189b64cb3
6ba66a5cf63cdbfeaec59b936151cc812bac56df
5a2b4f9fc5ebaa8062058bf68eae75fc28e06c6ef6a0e79c3c761c1d92f81cb9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5A2B4F9FC5EBAA8062058BF68EAE75FC28E06C6EF6A0E79C3C761C1D92F81CB9"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4041
Expires: Sat, 25 Mar 2023 07:42:18 GMT
Date: Sat, 25 Mar 2023 06:34:57 GMT
Connection: keep-alive
push.services.mozilla.com/
52.35.90.146101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.35.90.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GcRde6YhVIAjKOGEvkw2Tw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: BOMtp3CFVXzok+zjAv24SuJBpPA=
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
74.124.217.28200 OK 139 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2504)
Size 139 kB (138769 bytes)
Hash 8436bdd7ed9af3b527fb086ebb2c2a70
16e957b214db61f5de232b0a1faae7a14db48cc8
d494d8a0b806dbb4751a0dd397e684d9f0280e49da81bf1208e92d40d9fd450f
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/ HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:58 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 138769
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ec.js.download
74.124.217.28200 OK 2.8 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ec.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (2771)
Hash 0ae62a83927125e9b9dfa97f89af9d3f
efb68f49f2b9b6b5567bf26a17015ede289e429d
618688d9849fef712931832c71e01be145d1791d6da917a702ab86a74ce66089
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ec.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:58 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 2797
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ga_conversion_async.js.download
74.124.217.28200 OK 36 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ga_conversion_async.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (35846)
Hash 0a40602db7616a31c9da4548ee920190
878e01cb0c90cb247aabc137327655a6fcffcbd5
6c771bd1c269646a76015f2f6410a40c031e5adea88f665bfe9ae15a972ab6ab
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ga_conversion_async.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:58 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 35889
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(1).download
74.124.217.28200 OK 117 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(1).download
IP 74.124.217.28:0
File type ASCII text, with very long lines (65507), with CRLF line terminators
Size 117 kB (117306 bytes)
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(1).download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:58 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 117306
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ga.js.download
74.124.217.28200 OK 49 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ga.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (49163)
Hash 8402e9ebdf9290c018b0617018227681
2d840fcd6c3008d9aca747ba0ce056b496db8e1b
0b2af045acafbdf14516bf55f310568036ace959946d16edb1acebcd58029d22
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ga.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:58 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 49189
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/nd
74.124.217.28200 OK 55 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/nd
IP 74.124.217.28:0
File type ASCII text, with very long lines (2293)
Hash 9dbb04566ec754133d5311a6e26f284f
f0423c0cb1db1b547680472e5dd34fb8da7823bf
cc12563d68e186b0aa054336798db0b82e04ecdc8e1688625f477fd57e177678
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/nd HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:58 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 54581
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(3).download
74.124.217.28200 OK 117 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(3).download
IP 74.124.217.28:0
File type ASCII text, with very long lines (65507), with CRLF line terminators
Size 117 kB (117306 bytes)
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(3).download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:59 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 117306
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/adrum-ext.b4436be974de477658d4a93afb752165.js.download
74.124.217.28200 OK 48 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/adrum-ext.b4436be974de477658d4a93afb752165.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (599)
Hash aeccb854b0a76aa9f478e466c8011b29
625d31cbeb8978cf2419f58d14bba92a42dbb45c
7f0d10bc282c3d7b0eb4d7527303490f8d3b86a1c65e293c2d9f0793006441e6
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/adrum-ext.b4436be974de477658d4a93afb752165.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:58 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 48109
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js.download
74.124.217.28200 OK 117 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (65507), with CRLF line terminators
Size 117 kB (117306 bytes)
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:58 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 117306
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(2).download
74.124.217.28200 OK 117 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(2).download
IP 74.124.217.28:0
File type ASCII text, with very long lines (65507), with CRLF line terminators
Size 117 kB (117306 bytes)
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gtag.js(2).download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:58 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 117306
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/appdEUMConfig.js.download
74.124.217.28200 OK 2.0 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/appdEUMConfig.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (1952), with no line terminators
Hash e7cf4c458b327ab7ed31e0936ccd404f
970bf05073f91ad6b8f21521f7c9886f71f2af1d
52b687a685d2239142be0db5335c5710951ba8c2b39a44431a40f156b4d9312d
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/appdEUMConfig.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:59 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 1952
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/homepage_iaoffer.js.download
74.124.217.28200 OK 59 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/homepage_iaoffer.js.download
IP 74.124.217.28:0
File type Unicode text, UTF-8 text, with very long lines (33131), with NEL line terminators
Hash 33ec52ff2ee8f8c67af046401cd73e22
f45728e593cde772d9b4c894ddaefb373c847b8b
983ee094a3e2d2587fa6367e8ffb02acdf53ca5d935e70090a91622365d97a83
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/homepage_iaoffer.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:59 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 59165
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/general_alt.js(1).download
74.124.217.28200 OK 266 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/general_alt.js(1).download
IP 74.124.217.28:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 266 kB (266092 bytes)
Hash 836c4fcbb760fe1b0bd5675c777e1bed
0435190d7d75c1023ec2ae31cdfd2579b91ff636
c4b2906db153e138d16deb90857402a37fb2727495d4f138c9ff867e7e17ea5e
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/general_alt.js(1).download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:59 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 266092
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15126
Expires: Sat, 25 Mar 2023 10:47:05 GMT
Date: Sat, 25 Mar 2023 06:34:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15126
Expires: Sat, 25 Mar 2023 10:47:05 GMT
Date: Sat, 25 Mar 2023 06:34:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15126
Expires: Sat, 25 Mar 2023 10:47:05 GMT
Date: Sat, 25 Mar 2023 06:34:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15126
Expires: Sat, 25 Mar 2023 10:47:05 GMT
Date: Sat, 25 Mar 2023 06:34:59 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdaf1038f-e1d8-41a0-a039-85a85d278271.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdaf1038f-e1d8-41a0-a039-85a85d278271.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 02e0767e0c72d95e30337ad42f5d15b3
79aa21ca35c9d98ea7d0713d219e9b67083bdc05
7991a0c4d409cca49259cb626d0de39684635f14fad72e074b303235026673a9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdaf1038f-e1d8-41a0-a039-85a85d278271.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6511
x-amzn-requestid: 38d33f4d-2b85-4666-b778-04f4b4dfdf10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTihSFIdIAMFRjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e17a1-036a28e75189d05209396933;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:35:29 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: eYAgUDZFGkaskq0A77VgX54hvvjtQtClrFyED3COkankS76uD7hTAQ==
via: 1.1 53ee82a7eb57de316cba44c26680b4a6.cloudfront.net (CloudFront), 1.1 1ec2938341958d70d56193d709c89dee.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:43:52 GMT
age: 31867
etag: "79aa21ca35c9d98ea7d0713d219e9b67083bdc05"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bda2583-e595-45ff-852f-d4b6bd713109.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bda2583-e595-45ff-852f-d4b6bd713109.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 73f9697594d173d623b331b5c35eab8d
6323f751f6b7517f062a0442480f672086ea02a1
116cb71658b31e87f19c390b242c684f6505cc8edf90b7fc934ac726fc7ddd18
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bda2583-e595-45ff-852f-d4b6bd713109.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8635
x-amzn-requestid: fc715b03-f48f-4300-b752-ab157a684f08
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTihcETyIAMFhYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e17a2-68f685ec0f50dae026ea3f64;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:35:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: i6dsVaC_gPijsRqh_EL5tZYZpjNEbQJvKIpPq501TIJZzcLUWeRz9w==
via: 1.1 ba490acb2ea716cd57876286ed686786.cloudfront.net (CloudFront), 1.1 34f8ef0e4c880df0650a814412a26ea6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:45:56 GMT
age: 31743
etag: "6323f751f6b7517f062a0442480f672086ea02a1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/glu.js.download
74.124.217.28200 OK 70 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/glu.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash c062b053133a0a3c664a7060ccf0bea3
b31c16628cd43859099b6b68f27917f14539bea1
d7b62768ab921d7145c2cc2d9c7f02051b8fd8e57267887406ecd01a7f9290a3
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/glu.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:59 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 69864
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca67e232-d39a-48ac-a0be-316741df0c53.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca67e232-d39a-48ac-a0be-316741df0c53.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aecd210f66f83c73c3450d047ae7448a
d68861e96e12e8a3f293dbae8b687f05b6e15afb
22b69c41c56e5538d91f824d5dc2e63ab5563f99ae8e429c9166f4b397cacd0e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca67e232-d39a-48ac-a0be-316741df0c53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5296
x-amzn-requestid: 11fdf0c8-244c-4cd5-bfa7-4c77d777174f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTiuzEqkIAMFXOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e17f8-5c241d63598dbf595b54ead5;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:36:56 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: b1KWFmKdRQ4DU0v5JmC7AJatpv2B5FAHKVWL7pFiyh13fqYDA5qydA==
via: 1.1 b5695e36d7fbc522ece27885d73757ae.cloudfront.net (CloudFront), 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:57:13 GMT
age: 31066
etag: "d68861e96e12e8a3f293dbae8b687f05b6e15afb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F530f5cd8-6254-4d95-b9d7-0a4408541d09.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F530f5cd8-6254-4d95-b9d7-0a4408541d09.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2cb19158aa416c7419bfc2eaa422a2b4
9c8c2be020b5d408ff7963b0528f0221a9f96df9
c709a57a40ee64368bc0f7967e49eda8677e67ab194aacd22224107167f14635
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F530f5cd8-6254-4d95-b9d7-0a4408541d09.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10682
x-amzn-requestid: 6a2b88c9-1d41-4ee1-9b15-1518b340b548
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CNtJtGhSIAMF1ZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641bc23d-0648c11518f78f423bd03ab9;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 03:06:37 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: FVHig0zDQ9mze-lwOaBrM5aUjfXkiPTJ_mP8pKcflTOQQMKhwMMa4w==
via: 1.1 f3802d173009698413044360f84de06c.cloudfront.net (CloudFront), 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 03:41:49 GMT
age: 10390
etag: "9c8c2be020b5d408ff7963b0528f0221a9f96df9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98ae84b9-2e9d-44e4-abe3-82b566299062.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98ae84b9-2e9d-44e4-abe3-82b566299062.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b0718f4a5b3b3a5a5b1b523a4b634163
9b5941bbfc5bdf9a541303247d4885bb4e142fe8
ec6fb85b68089d4b38d8dbf769fa5eaf12bce29463e76028d140a611e9b8fef4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98ae84b9-2e9d-44e4-abe3-82b566299062.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7384
x-amzn-requestid: 230584cf-44e6-4e53-ab88-27005fc130c9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTixJHnCIAMF1kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e1807-1709645f7941345117017427;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:37:11 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: V_oDHLZk8RPhatldQNTCWlgDmzEGrczx-IfOXoy5Id1crk56gwRx8g==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 f313d3df80c4dab8f5399614116801cc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:55:51 GMT
age: 31148
etag: "9b5941bbfc5bdf9a541303247d4885bb4e142fe8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af2ab94-b5c3-4517-b9d7-97ddb369f62d.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af2ab94-b5c3-4517-b9d7-97ddb369f62d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5773974a7341690f006b052ad02c94db
1b11316c952e2195da1646dd94671669e7e3bc2b
a06b72138745500cacc919fea29536ebd4188a1c483f6123e3402458e299f16a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af2ab94-b5c3-4517-b9d7-97ddb369f62d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7800
x-amzn-requestid: bad99b1e-3923-4de9-8bea-4dd04e96f7cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTigfFGcIAMFdBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e179c-0826b92d4c4af16553503600;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:35:24 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 9AGLmjvUSTKIsYIWECOR8QwdF4PP1tP1TweUm0VYvxQ0qskqj3YuLA==
via: 1.1 3698a5f586d9ecca74d570e41f4c8516.cloudfront.net (CloudFront), 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:43:53 GMT
age: 31866
etag: "1b11316c952e2195da1646dd94671669e7e3bc2b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/pic.js.download
74.124.217.28200 OK 90 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/pic.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 4062abb3bfdbb31b4b1895997874f219
2b02354af47c67f7bfdf84a5b4082cbc76cb3324
e09fd8d46b92df6e1b402b0b229af65ff7db0ce6234c5eda354a2986542995fb
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/pic.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:59 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 89980
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ps-homepage.css
74.124.217.28200 OK 173 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ps-homepage.css
IP 74.124.217.28:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 173 kB (172639 bytes)
Hash 8afd4293c04671c155f450b4a1ca99e0
47a5f10412c74fb7a2926146505b1038eb4cec00
ef06dad5cf7396d39f44d87d4fc6d036fd54684e33a80db33e88856e204ff7f1
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ps-homepage.css HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:59 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 172639
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb
74.124.217.28200 OK 131 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb
IP 74.124.217.28:0
File type ASCII text, with no line terminators
Hash abf8096f6003159b63cf71b5429f90ca
fb5ea6ba375ff149caa78dc1267af83ded68d3db
30f0e4411f2d7e707c05bbb0ca31dcdc2f8a2cc927eefa4bde7a914b4145aa0b
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:59 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 131
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/general_alt.js.download
74.124.217.28200 OK 543 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/general_alt.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (65357)
Size 543 kB (543121 bytes)
Hash 2ebe1f343eef1598263831c72bee5d92
3a9a8ba970e54572bfbb11d12039a52157557e39
e2afa6367d38dde83b3c734b10a6235bf0124d908663db531efbcecaab12e61d
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/general_alt.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:59 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 543121
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/mint.js.download
74.124.217.28200 OK 260 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/mint.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 260 kB (260264 bytes)
Hash 2b532ca3d4b9df2ecf67638936014059
25dd1d6a49ac0d72962a5bbd4902abda405a5e48
9dda4d6c5dc931d504ff91d5df0be668ba3154ed1514ecacc2dcc13155444f62
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/mint.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:59 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 260264
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(1)
74.124.217.28200 OK 130 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(1)
IP 74.124.217.28:0
File type ASCII text, with no line terminators
Hash 3fecc01579fe22519493132cefca2c9b
529f82b6faa7fbad76af83c019a1e4bb77c1a08d
ca3dade1270fd45c0ff5b4b97e77158383c67e3839690486df9d0de49475c807
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(1) HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:59 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 130
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ay6u
74.124.217.28200 OK 131 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ay6u
IP 74.124.217.28:0
File type ASCII text, with no line terminators
Hash 55c1846dc179144e0a1d6975a2abbe53
d84d956b638321093cfad366439967c39114bf3a
ea11b3203493c08740444421015761fcab21c4bdc1a0f2705383c606b90c0e9d
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ay6u HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:59 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 131
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(2)
74.124.217.28200 OK 121 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(2)
IP 74.124.217.28:0
File type ASCII text, with no line terminators
Hash 98eb97f81982128b173db5baff4dd1fc
12d60092ea61efba2f5000b439275a6392fd2d3e
a027f6b72e494bf913595f0ca8e54072779ed333dcbe80267683aa1c05578147
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(2) HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:59 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 121
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(3)
74.124.217.28200 OK 120 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(3)
IP 74.124.217.28:0
File type ASCII text, with no line terminators
Hash 90979f5917d1b3c9ff5a96d82183d13d
ed8df6786f485b73b02913347b4af8e685420aba
3a80faeb61ad99e2c936d64daede2902d846b35465885ec4eed22b00668e6847
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(3) HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:59 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 120
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(4)
74.124.217.28200 OK 120 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(4)
IP 74.124.217.28:0
File type ASCII text, with no line terminators
Hash 02b7139b6db6ce2d12568e0d38f7c5af
24cdff0854111a321969e11ca97a3afca43d7b1b
16db041a747da62afcfb57354c0a1b6e13b6b946aaf8e09ea23abed13e62c855
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb(4) HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:59 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 120
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ps-homepage.js.download
74.124.217.28200 OK 182 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ps-homepage.js.download
IP 74.124.217.28:0
File type Unicode text, UTF-8 text, with very long lines (65500), with no line terminators
Size 182 kB (182242 bytes)
Hash 490c7f900c0cb2ac4c2ec112dd40d1fe
6edf6cc5b25e9ba3216f4eed51b5dd2633256fd5
3284462b6d51ca036f6eb7aba842486c4d25ec204c62621f274e5119f95a5264
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ps-homepage.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:59 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 182242
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfui-container-bottom.js.download
74.124.217.28200 OK 45 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfui-container-bottom.js.download
IP 74.124.217.28:0
File type Unicode text, UTF-8 text, with very long lines (45298)
Hash 308e427d5e59a148900bf524ecd5829a
73baa209d84f2d15c88606b28280d2121efd878c
c15cbdeb4d6f20c36afa165203fc74d9ee00c6d77954971b0e1ba2e5ec222b07
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfui-container-bottom.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:59 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 45349
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
104.110.27.78200 OK 2.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2f9e97870725142046712437d067b97f
bf8db685193835edea05ac95e5671b24e0f49467
50ce7b0d954443e5fd62e3cd003bc7124bda0b30dd58d6a66485c72be96959c0
GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
etag: "61619278-cf3e"
last-modified: Thu, 14 Jul 2022 02:02:39 GMT
server: Akamai Image Manager
content-length: 2340
content-type: image/webp
cache-control: private, no-transform, max-age=1388558
expires: Mon, 10 Apr 2023 08:17:38 GMT
date: Sat, 25 Mar 2023 06:35:00 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
104.110.27.78200 OK 49 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP 104.110.27.78:0
File type PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Hash 4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39
GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:05:23 GMT
etag: "62d9b183-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=12434573
expires: Wed, 16 Aug 2023 04:37:53 GMT
date: Sat, 25 Mar 2023 06:35:00 GMT
X-Firefox-Spdy: h2
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/utag.js.download
74.124.217.28200 OK 206 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/utag.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (14989)
Size 206 kB (205701 bytes)
Hash 03ad4c4b549ca0f83ee52e8080977ee1
21dd07ccde97b15149b4c1c0132bf6f281c14501
a7dc85dfc2eb3597f713bae049f38092df3509b0dec67a1d264a2d1ece782868
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/utag.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:00 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 205701
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
104.110.27.78200 OK 2.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash cd43a2d200f1b8eec84495408eb299f0
2eb173b0af9b49b634e0645a96931f5fdf6e3ab3
659ec8c02bafa9c286c39731fb1d2d382a7a8dd2ee8cc4132146558dbe27b6a8
GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
etag: "61619278-9f2c"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 858
x-check-cacheable: YES
content-length: 2330
content-type: image/webp
cache-control: private, no-transform, max-age=1471545
expires: Tue, 11 Apr 2023 07:20:45 GMT
date: Sat, 25 Mar 2023 06:35:00 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
104.110.27.78200 OK 2.1 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash bf02d082705f06162b2e73f68602e79e
219dbb45081fa5d8663bad2f96e9066e7f17aa6e
10c22e3b130204065c1a61e7995a9defe21f0408801e8b442035a03f8d16ad64
GET /assets/images/homepage/position-3-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
etag: "61619278-7b35"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
x-serial: 416
x-check-cacheable: YES
content-length: 2092
content-type: image/webp
cache-control: private, no-transform, max-age=1472131
expires: Tue, 11 Apr 2023 07:30:31 GMT
date: Sat, 25 Mar 2023 06:35:00 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
104.110.27.78200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP 104.110.27.78:0
File type Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Hash 1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc
GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=5975231
expires: Fri, 02 Jun 2023 10:22:11 GMT
date: Sat, 25 Mar 2023 06:35:00 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
104.110.27.78200 OK 23 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP 104.110.27.78:0
File type Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Hash 83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=5975246
expires: Fri, 02 Jun 2023 10:22:26 GMT
date: Sat, 25 Mar 2023 06:35:00 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
104.110.27.78200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP 104.110.27.78:0
File type Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Hash 0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=5975242
expires: Fri, 02 Jun 2023 10:22:22 GMT
date: Sat, 25 Mar 2023 06:35:00 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
104.110.27.78200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP 104.110.27.78:0
File type Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Hash f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704
GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=5818419
expires: Wed, 31 May 2023 14:48:39 GMT
date: Sat, 25 Mar 2023 06:35:00 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/login-userprefs.min.js.download
74.124.217.28200 OK 5.8 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/login-userprefs.min.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (559)
Hash ee4b346d4f675591688c3f63986e2bf5
659e67d4670028a98f4a99f8a4f7a061c9f36806
ee5f267a50e556878a0645c16ba63e883706aad9f721a0eca27391ace9268be9
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/login-userprefs.min.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:00 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 5774
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.download
74.124.217.28200 OK 1.2 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.download
IP 74.124.217.28:0
Hash 7730890fa6357da237002ed4052a7484
445b584507b5af28a765a89674ca0d4dcd13045f
6bba5cfedba0df5d88b9ce92ff8d023991cf1bff57ade36468f8f5e9ff15214f
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:00 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 1175
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/adrum-ext.js.download
74.124.217.28200 OK 45 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/adrum-ext.js.download
IP 74.124.217.28:0
File type ASCII text, with very long lines (32088), with CRLF line terminators
Hash 5f310e2e2a558d76b916e137aee73462
c7ff0190c9c2c414321211f3863e9e27f32b713e
385196f0fce7cea80c2c99d971780ecb73df9dea6e5b2d95d19df3aa849c7b1f
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/adrum-ext.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:00 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 45340
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/atadun.js.download
74.124.217.28200 OK 1.2 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/atadun.js.download
IP 74.124.217.28:0
File type ASCII text, with CRLF line terminators
Hash 566dda94252f1860a7a28665c715b530
6aa0455dc8ea41441b1f3a733985758dc40af736
43dd833f33570535401d009e6b6f9cde54bdac4e210fc6c89cfdcfcbaa9fc903
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/atadun.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:00 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 1184
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gTAX0OcTI
74.124.217.28200 OK 189 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gTAX0OcTI
IP 74.124.217.28:0
Size 189 kB (189086 bytes)
Hash 6fc31419caed24a8f72b99ed2c9457a8
0bd02dc5a12fe97a41a5bd040ee33995d8e1e088
f48b4a7088d3d7c820aed240ca677012df229b53c8070d91cf16f93aca936d3b
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/gTAX0OcTI HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:00 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 189086
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wf_logo_220x23.png
74.124.217.28200 OK 2.5 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wf_logo_220x23.png
IP 74.124.217.28:0
File type PNG image data, 220 x 23, 8-bit gray+alpha, non-interlaced\012- data
Hash dc1968433c75a52613cce778e0dae0da
af08ab767909b9c9462d821e6384e2b1f1698e72
10c1acb80b088029eab596925f58565e025206d10ef1edded0bf055dac884bbf
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wf_logo_220x23.png HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:00 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 2503
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi_ph_active-cash-card_1700x700.jpg
74.124.217.28200 OK 12 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi_ph_active-cash-card_1700x700.jpg
IP 74.124.217.28:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x423, components 3\012- data
Hash f4c1f0d1e32dea5834616dc9bf364db0
423727930c2e618746c02434d200c06d84b8ea2d
da7f561e57ebdb7cdea377180e6ba8d6186e7df83b3f4caeb10814d25d3498c3
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi_ph_active-cash-card_1700x700.jpg HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:00 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 11695
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/jpeg
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_bc_7207608_collegesponsorship_bball_1600x700.jpg
74.124.217.28200 OK 133 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_bc_7207608_collegesponsorship_bball_1600x700.jpg
IP 74.124.217.28:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x502, components 3\012- data
Size 133 kB (132626 bytes)
Hash fd590ed393d8c2b12418ab2d348c01e3
83b7941d360c84063c075b503d079b79b46ef1fe
8d9e9914bddfb437538d710ce9c4e01ce0bc8ed7bcb951f23cfac146c8f579da
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_bc_7207608_collegesponsorship_bball_1600x700.jpg HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:00 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 132626
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/jpeg
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_900217040_616x353.jpg
74.124.217.28200 OK 54 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_900217040_616x353.jpg
IP 74.124.217.28:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 616x353, components 3\012- data
Hash 6d5ec1b65b44ea65384de2fe5bfe025d
5222ed5b82c15fba9d23f9cd3c27928ea69c60e1
7039ff515b881f9ab331dcbc26420d112730e05b8da6e73a0261f4d8de2cbe23
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_900217040_616x353.jpg HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:00 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 54091
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/jpeg
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_1200094303_616x353.jpg
74.124.217.28200 OK 46 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_1200094303_616x353.jpg
IP 74.124.217.28:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 616x353, components 3\012- data
Hash dcf7437b7a206b67e8a55258ceea28ae
88e53c53f0878df1b91a66feaaa14fd8fae4af48
360a07438b52ee265a76b81e252fa33b85d462168d6998b6e35df8df2899e9d3
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_1200094303_616x353.jpg HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:00 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 46359
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/jpeg
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_482407060_616x353.jpg
74.124.217.28200 OK 51 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_482407060_616x353.jpg
IP 74.124.217.28:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 616x353, components 3\012- data
Hash 5d32e05b0a91f8297175a874253142e0
f9f58624dc5ddf5f9f1bb0bd4d9d818ffd8e4dd4
b30be25d8117203acbc8cdc89a1e09e933cdf301490df1c891277b3d536ec902
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ph_g_482407060_616x353.jpg HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:00 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 51143
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/jpeg
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Native_App_Phone_Personal_v8.png
74.124.217.28200 OK 39 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Native_App_Phone_Personal_v8.png
IP 74.124.217.28:0
File type PNG image data, 319 x 635, 8-bit/color RGBA, non-interlaced\012- data
Hash e6122beaf9ffcf6becada3bb5ded2dd3
1174ae5f3f04d5de450604f80b5133dfd2262bde
60673c8ca8bb7ceffcfb9148e5d5ceaa0ff23d6a18610fb4c910674f02450ed7
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Native_App_Phone_Personal_v8.png HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:00 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 38953
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png
gmdva.org/target/offers/conversations
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/target/offers/conversations
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 5cc2a32b7c25358b03295b5a9dab81eb
263d9e77937c22e6eb4f137bc0d189be654779a9
06fe487edd9a8220fed029ed9f3fe2b5f6966b389394a00483305e31e610998d
Analyzer Verdict Alert fortinet Phishing
POST /target/offers/conversations HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 105
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 06:35:00 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: PHPSESSID=a00fcbd175b9e402ecd233c1946788ac; path=/
wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 9659cae81d193ae22211beedfd4f8d5a
7cf76f23cbc6b9bccc8623834bdc150e18c67bbb
6e74e7101f830de3cc4951f21e6d2356a10952892695a719d827d9718f495e7c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 613
Cache-Control: max-age=87162
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 06:35:00 GMT
Etag: "641d4529-1d7"
Expires: Sun, 26 Mar 2023 06:47:42 GMT
Last-Modified: Fri, 24 Mar 2023 06:37:29 GMT
Server: ECAcc (amb/6B38)
X-Cache: HIT
Content-Length: 471
c1.wfinterface.com/tracking/hp/utag.js
23.36.79.9200 OK 55 kB URL HTTP/1.1 c1.wfinterface.com/tracking/hp/utag.js
IP 23.36.79.9:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (14989)
Hash 325fd5c1e9f3b04b500aa0a5214d9219
8adc6878a065c03ca375c03e509b1124e2d737db
a55e9e2d4fd5dbf0eb3a9437ce9fc2bcdd94e12693be87fcc0546aff39c4be98
GET /tracking/hp/utag.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Mon, 13 Feb 2023 21:04:14 GMT
Vary: Accept-Encoding
ETag: W/"63eaa5ce-32385"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 54869
Date: Sat, 25 Mar 2023 06:35:00 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=c47IZsGnFgabyXz11FWpAw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfui-container-bottom.js.download/assets/js/wfui/ndep/websdk/nuance-websdk-loader.js
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfui-container-bottom.js.download/assets/js/wfui/ndep/websdk/nuance-websdk-loader.js
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash efe5d1256f4bed54a3fe6f9cc60e0e95
b80a83114643e00e906c8934d8c30631343d87bc
6f395de4973d2d36dc14eaff96c0f46e9fee72ce3bc398af0ba599db2893f34e
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfui-container-bottom.js.download/assets/js/wfui/ndep/websdk/nuance-websdk-loader.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=08aab635-09af-4471-9ded-4478a51fafd0; _cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 06:35:00 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: PHPSESSID=b92f86e0abc36f3132c82a090a731e46; path=/
wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/runtime.bd6612f680d429d52883.js
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/runtime.bd6612f680d429d52883.js
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 39661990361466b4d7d3b391754f2cea
2778a5836972d62ea141ac289ce9f2dfdcac73ac
9b2026644ddfecc3e31aa58eef9640516b35026c6db9e23a2af402c3cd0af77c
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/runtime.bd6612f680d429d52883.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=08aab635-09af-4471-9ded-4478a51fafd0; _cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 06:35:00 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: PHPSESSID=91639169f7ea3cafcc1cbafac1e078d5; path=/
wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/vendor.bce22143e85144f6d513.chunk.js
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/vendor.bce22143e85144f6d513.chunk.js
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 57dbb2de3d1e4761b0c43f5ff77fc9d3
28a72c895285240636d207b3cf6bc936d6dbc477
4c978dfb32a6011c2201710e46aef7f36403385503b96a57557df11b2a593cad
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/vendor.bce22143e85144f6d513.chunk.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=08aab635-09af-4471-9ded-4478a51fafd0; _cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 06:35:00 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: PHPSESSID=8b93a8c0330d85c946ccb441427e6b81; path=/
wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ic_b_cash-stack_color-gradient_64x64.png
74.124.217.28200 OK 2.1 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ic_b_cash-stack_color-gradient_64x64.png
IP 74.124.217.28:0
File type PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Hash b4f7871f036398988efb0a550cb67d27
d39cf385293d268c6d83e446398004dd7ade3d34
4ef26e2996754aa57a19bb8ba0f2bc8cb1875979e78ebf59254f52ad095260c6
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ic_b_cash-stack_color-gradient_64x64.png HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:01 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 2088
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: image/png
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/main.ecf62c3a02822a5d5939.chunk.js
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/main.ecf62c3a02822a5d5939.chunk.js
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 1cf2e9635ea9fe946f380f32f05da07d
60f3b56f11eed4d084f1be9fbfed7b9d8248da86
fb012aa64f0cde1529640bc10e93ba0c41667049d4109ea7e0c2fc0f0c996f83
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/main.ecf62c3a02822a5d5939.chunk.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=08aab635-09af-4471-9ded-4478a51fafd0; _cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 06:35:00 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: PHPSESSID=20790883ff4b4d76f13b646e51e7d3fb; path=/
wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
74.124.217.28200 OK 2.4 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
IP 74.124.217.28:0
File type PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Hash 108adcb1bb504da50a6303a9c06125c7
2237780057264fc5857b025761a647056eb8fc94
4048603185d494ac282f68ff94b0e3cc89a85a074bd2f4e0209c3a059a409430
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wfi000_ic_b_graduation-hat_color-gradient_64x64.png HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:01 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 2372
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/png
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/wfui.9bb8714839d00df85c4c.chunk.js
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/wfui.9bb8714839d00df85c4c.chunk.js
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 23eeafa5390d1c6596f778b54c1462fa
141a381ebef373d3d7dab87f310f4b542a2ae4d6
205c71204aa047efd9bb964a740a43bd1d05d1807f142a7333a04d30ccfd6f10
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/wfui.9bb8714839d00df85c4c.chunk.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=08aab635-09af-4471-9ded-4478a51fafd0; _cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 06:35:00 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: PHPSESSID=b35724edeb0935d142d1dbb87e7282fc; path=/
wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/main.ebdd373bd9a28ceb3854.chunk.css
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/main.ebdd373bd9a28ceb3854.chunk.css
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 35e25acc68852b6f34f9157518d04b92
4a3687d1caf3cc2d2f374cf67828e20acbc0723c
213355e76c220c9a04ad8e5ff7e47d0cea357f6c089ca039a5933c6629e17f43
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/main.ebdd373bd9a28ceb3854.chunk.css HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=08aab635-09af-4471-9ded-4478a51fafd0; _cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 06:35:00 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: PHPSESSID=e0951a64c8984ea8af0668972739bcb0; path=/
wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/first_time_experience-account_summary.png
74.124.217.28200 OK 4.7 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/first_time_experience-account_summary.png
IP 74.124.217.28:0
File type PNG image data, 148 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 4d6e0a7c2af1820aac3c2a9b4e194cf1
47f2af01b5befb347c468fe69af363eb8ee6338c
d92f4c64ac8ad6de5cdb01e0a3c9e6267d2b88b93b6509eb1cd7084ba2382548
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/first_time_experience-account_summary.png HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:01 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 4705
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: image/png
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/activityi.html
74.124.217.28200 OK 699 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/activityi.html
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (314)
Hash 7b162de68b7b5ec462901018f6e4fb81
037603c296a2f37e31152206ff10b83869277171
023c9ed6a6ca98a7270dbec9d7e16fb05e68d55083273accdb727905da329979
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/activityi.html HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=08aab635-09af-4471-9ded-4478a51fafd0; _cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:01 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 699
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/saved_resource.html
74.124.217.28200 OK 71 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/saved_resource.html
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (65017)
Hash ae4bcb97fea82ca505435163d9892c6e
04eb6f5515f19b040f4dcf046ec89279507ab3fc
cf287b2299a173aac359d135420df4f61508db3a3e4ccad5e91293b6abc1c02e
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/saved_resource.html HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=08aab635-09af-4471-9ded-4478a51fafd0; _cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:01 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 71128
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/saved_resource(1).html
74.124.217.28200 OK 728 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/saved_resource(1).html
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (613)
Hash 2d25e1330fef653d1e712d87232dda57
073d496b33393d7096209628d8506e6995e71e8a
7178f45ed9dcc83e6eccf699bd0d58b4918bc7065ecb46da8a2d858a19517cae
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/saved_resource(1).html HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=08aab635-09af-4471-9ded-4478a51fafd0; _cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:01 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 728
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Active-Cash-Card-79x50.png
74.124.217.28200 OK 6.4 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Active-Cash-Card-79x50.png
IP 74.124.217.28:0
File type PNG image data, 79 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash ee610744aee59ec31b71e19e1ad6eaa7
448bc52e590983865deb19284b11137143776313
71ce94686e21c4bf0a70ea0ebdd3619425b12ca9f35d6fd2f7b1bfe0fc1f152c
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Active-Cash-Card-79x50.png HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:01 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 6434
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/png
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wf_autograph_card_79x50.jpg
74.124.217.28200 OK 1.2 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wf_autograph_card_79x50.jpg
IP 74.124.217.28:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 79x50, components 3\012- data
Hash 25e24347fda1a96d98a2f6bda9911747
ba4cbe1dc2710398d4bb3ab2f10fe5ed6f320220
797e2e1262decaaeaf403ce2d1d4634dccdbb7d130d7c0c1115c1d1c4187ba39
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/wf_autograph_card_79x50.jpg HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:01 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 1249
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: image/jpeg
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Reflect-Card-79x50.png
74.124.217.28200 OK 6.1 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Reflect-Card-79x50.png
IP 74.124.217.28:0
File type PNG image data, 79 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash 591b12f4d2c494c14a9b5c6b7b1ea2ae
da8e94c246fec3159f25e51723d7c90ed7aae79c
ad74103e9fe7dd74e0e0413c0ee84ef2b8b2eb995585973499a7ec5cad2dc524
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/Reflect-Card-79x50.png HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:01 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 6084
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/png
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/dc_pre=CKz1uZHw5_0CFcPUcwEdikELHw.html
74.124.217.28200 OK 694 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/dc_pre=CKz1uZHw5_0CFcPUcwEdikELHw.html
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (306)
Hash 335e80c32ebe22decce415ec00332910
f69d62a2f129baa1bf2bd61d58d102fa25986a57
200d7943bfe36e073f6226e3092150fe71bc1e1c39b5f9b85b164e5bff8934a0
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/dc_pre=CKz1uZHw5_0CFcPUcwEdikELHw.html HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Cookie: _cls_v=08aab635-09af-4471-9ded-4478a51fafd0; _cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:01 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 694
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/html
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ay6u(1)
74.124.217.28200 OK 120 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ay6u(1)
IP 74.124.217.28:0
File type ASCII text, with no line terminators
Hash ddc2a6334c4a739543e4ff59e468dd60
f23c3183bd728510be4c983242c19724cc6320af
973d4f770014280b8f7860542563afa477f89b8990b2e9261122255892f3ae7d
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/ay6u(1) HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/saved_resource.html
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=08aab635-09af-4471-9ded-4478a51fafd0; _cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0; utag_main=v_id:0187177a7030002116b711a53ae400050003b00900918$_sn:1$_se:1$_ss:1$_st:1679727912817$ses_id:1679726112817%3Bexp-session$_pn:1%3Bexp-session; PHPSESSID=e0951a64c8984ea8af0668972739bcb0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:01 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 120
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/bilt_card_79x50.png
74.124.217.28200 OK 5.3 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/bilt_card_79x50.png
IP 74.124.217.28:0
File type PNG image data, 79 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash 6662319a905c635dcfcc415d246df0d5
a81d2f2299be68717ec84ade918d4f80b0e0a008
9d8b2fd8606a20cd2e27d0641847f5fe10adcba3eba209a73f53e5d2111bda04
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/bilt_card_79x50.png HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:01 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 5296
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: image/png
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/volunteers_cars_616x353.jpg
74.124.217.28200 OK 39 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/volunteers_cars_616x353.jpg
IP 74.124.217.28:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 616x353, components 3\012- data
Hash 4e64bce05e75ee62d111a1443979413f
631a78f1492b81b7e6cf339eb10ad6a939295813
4a5b98e86bc37f6a038ad8ce761e17cefe3d7dce918e3d987088fbbc57746b99
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/volunteers_cars_616x353.jpg HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:01 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 38692
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/jpeg
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/woman_in_office_616x353.jpg
74.124.217.28200 OK 39 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/woman_in_office_616x353.jpg
IP 74.124.217.28:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 616x353, components 3\012- data
Hash 8c9a4edfc392dfb0f49e6b4f2eb3d6f4
faec222495c4ef7faaf050030ab7901df8273267
5236e41ab67d061a56d0eede8177a04d0c84143d9ffa5496e67ba43d3932699e
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/woman_in_office_616x353.jpg HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:01 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 39087
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: image/jpeg
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/dc_pre=CKz1uZHw5_0CFcPUcwEdikELHw(1).html
74.124.217.28200 OK 572 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/dc_pre=CKz1uZHw5_0CFcPUcwEdikELHw(1).html
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (309)
Hash d2048011403a2e92d200ebb584aaaf6a
d4acd7d948715b9c88007436d7f07e5602fe11b6
7e5fb8a7df4b90bb3312a60777abd009dfd37416496de07de332fc8a29b1c5db
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/dc_pre=CKz1uZHw5_0CFcPUcwEdikELHw(1).html HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Cookie: _cls_v=08aab635-09af-4471-9ded-4478a51fafd0; _cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:01 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 572
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html
www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
104.110.27.78200 OK 9.2 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
IP 104.110.27.78:0
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash cd112f1acb59ef6e59e09c0effd8ce2a
bc104cd92adc32a8f695300d2b0cc69c2776f6af
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c
GET /assets/images/icons/ico/favicon.ico HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon
content-length: 9198
last-modified: Fri, 17 Dec 2021 21:10:38 GMT
etag: "61bcfcce-23ee"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=5998
expires: Sat, 25 Mar 2023 08:14:59 GMT
date: Sat, 25 Mar 2023 06:35:01 GMT
X-Firefox-Spdy: h2
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/4DFM
74.124.217.28200 OK 189 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/4DFM
IP 74.124.217.28:0
Size 189 kB (189086 bytes)
Hash 6fc31419caed24a8f72b99ed2c9457a8
0bd02dc5a12fe97a41a5bd040ee33995d8e1e088
f48b4a7088d3d7c820aed240ca677012df229b53c8070d91cf16f93aca936d3b
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/4DFM HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/saved_resource.html
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=08aab635-09af-4471-9ded-4478a51fafd0; _cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0; utag_main=v_id:0187177a7030002116b711a53ae400050003b00900918$_sn:1$_se:1$_ss:1$_st:1679727912817$ses_id:1679726112817%3Bexp-session$_pn:1%3Bexp-session; PHPSESSID=e0951a64c8984ea8af0668972739bcb0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:01 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 189086
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
104.110.27.78200 OK 1.0 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
IP 104.110.27.78:0
File type ISO Media, AVIF Image\012- data
Hash 4febe8c61db195a61e1bf6366a2dba1e
6b66fc1349bd2d08b0d9046a2f0c33d1b2925534
964596930b998b90463258b346ce36d991a0f28e7054770a1decfff35a9cda0c
GET /assets/images/icons/icon-hires_192x192.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6116f9a6-dcf"
last-modified: Tue, 17 Jan 2023 06:26:40 GMT
server: Akamai Image Manager
content-length: 1012
content-type: image/avif
cache-control: private, no-transform, max-age=1471523
expires: Tue, 11 Apr 2023 07:20:24 GMT
date: Sat, 25 Mar 2023 06:35:01 GMT
X-Firefox-Spdy: h2
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
95.101.10.152200 OK 16 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
IP 95.101.10.152:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (599)
Hash 18a9dcc7cee831010cf1647c8e39088a
731f39c30835414c6e165dd4687bf4071fe0eb10
1dc439a17ef08f995584c4869ccc397120b2502b57ba40240887df28e347be9b
GET /assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 Mar 2021 23:46:24 GMT
Vary: Accept-Encoding
ETag: W/"60401fd0-bbed"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15970
Date: Sat, 25 Mar 2023 06:35:02 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=0t1sG%2fJ004Hnap0L04oz9g%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/gb/detector-dom.min.js
23.36.79.9200 OK 132 kB URL HTTP/1.1 c1.wfinterface.com/tracking/gb/detector-dom.min.js
IP 23.36.79.9:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65434)
Size 132 kB (131829 bytes)
Hash 73ad7a8f8ccda765b898b038f90d8274
756ac35ad2422d93a0b327dfeff7fe9200695883
60ccc38cf175aba7cbe63bf1ec6319b5c1648d9a52014dfefa6ec718476a17b7
GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:03:51 GMT
Vary: Accept-Encoding
ETag: W/"632cbfa7-6b8d3"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 131829
Date: Sat, 25 Mar 2023 06:35:02 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=fIVIztw4ueA+4fEMmseQng%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb?d=ZW5jZEBXeThRdWhCME9vZnRabDF4Q3pzZ1NGOGdod2sxVlZPNksxSW5VVzR2dmM2ekVkRWl4bllXYTZEK244WDNDaDVUSmU5ZFFWcW1Ya0daTWl0N2NsNGU4eWs1NU9oNUhwQXhhWlRmOWFZMERJLzFUNVVUZzdZOHdHMFYxQm1udXBqUnRqUE5qdTRRUitEOVgwZnpSU2MvUDRNK25KWTJJTzd0UkV6RkR0U29KRWRRT3p4T01FYmFrOWVtQ2lOOStzRG9qeStCSkJ0RENmWWtmRTdDQUM2RmFHemxUOTJQK3RYdERvSWpMamUzL1QxeE9JdEtqaU1yLzUxZGd4ckxwcndabDU0aFJvWWJmNXc5cnJIZzdnR0Z4Q0ZTc2dudFRucTY1b2xreG5kQXZmTnFIRGpLRjBCYnxhYjZjMjRiMjhiYzZkNjQ0ZjlkMzI2M2U3YzFhM2Y5NGNkYjMwOTY4N2ZiMjNjZDk3MTg3NDViZTkyNDYwZjJiOWVlYTk2NDY4YzZjZTExMTFiNTUzZWJkYzcwODk3NjcyMmViODE4YzAzYTRiYmU2MTE4NDBjMDA3Y2QyMGJjOGNiOTdiYTUwYWNlYzdmNWM3ZmE5ZDY4NDczYjQ1OTBhYWYxZDE3Mzg2MmRmOWIzYmYxZjQwOGQwODA5MDI5ODJlMjFlM2MxZTkzYWE3MTI4NmViNmUwODJmNWQ1MGE1MWU0OTdiY2YwOTFhYzMyMTc5YjAzM2QzY2Y3NTQ2NGU0MzUwMWQyNTFiZWM1MzVlNmI5OTQ3ZjkwODg2YzdlYWE3YzcyOWNhNThhYzZlOTI4NGQ1NTAzZjgwMDlkYjRhYTc1NGVkMGM1ODJjNzk0OTNkNTdkZmI3NWY5NmNiODFkNGM2NGU1NWQzNTFkMzc2ODJjOGY1YWMxZWEzMDcyODVlMTllODUyMjc4NDMwNTA5MGJjYzY2NzM4OTlkYzZhODRmMzRhNmRiZDkyNjJlMWM3MjEyYjJkMTQzODc5MDU4NjMyZDEyYmVlNjc2MmFmNjI5NjE3MmM2MTVlNTE1MmJiM2IzYWFmNDUxNjg1YTkxOGYzZTMxZDg0YjQ4MTA0OXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fgmdva.org&t=jsonp&c=yaf_nvlxtspdbrl_&eu=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F
74.124.217.28200 OK 131 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb?d=ZW5jZEBXeThRdWhCME9vZnRabDF4Q3pzZ1NGOGdod2sxVlZPNksxSW5VVzR2dmM2ekVkRWl4bllXYTZEK244WDNDaDVUSmU5ZFFWcW1Ya0daTWl0N2NsNGU4eWs1NU9oNUhwQXhhWlRmOWFZMERJLzFUNVVUZzdZOHdHMFYxQm1udXBqUnRqUE5qdTRRUitEOVgwZnpSU2MvUDRNK25KWTJJTzd0UkV6RkR0U29KRWRRT3p4T01FYmFrOWVtQ2lOOStzRG9qeStCSkJ0RENmWWtmRTdDQUM2RmFHemxUOTJQK3RYdERvSWpMamUzL1QxeE9JdEtqaU1yLzUxZGd4ckxwcndabDU0aFJvWWJmNXc5cnJIZzdnR0Z4Q0ZTc2dudFRucTY1b2xreG5kQXZmTnFIRGpLRjBCYnxhYjZjMjRiMjhiYzZkNjQ0ZjlkMzI2M2U3YzFhM2Y5NGNkYjMwOTY4N2ZiMjNjZDk3MTg3NDViZTkyNDYwZjJiOWVlYTk2NDY4YzZjZTExMTFiNTUzZWJkYzcwODk3NjcyMmViODE4YzAzYTRiYmU2MTE4NDBjMDA3Y2QyMGJjOGNiOTdiYTUwYWNlYzdmNWM3ZmE5ZDY4NDczYjQ1OTBhYWYxZDE3Mzg2MmRmOWIzYmYxZjQwOGQwODA5MDI5ODJlMjFlM2MxZTkzYWE3MTI4NmViNmUwODJmNWQ1MGE1MWU0OTdiY2YwOTFhYzMyMTc5YjAzM2QzY2Y3NTQ2NGU0MzUwMWQyNTFiZWM1MzVlNmI5OTQ3ZjkwODg2YzdlYWE3YzcyOWNhNThhYzZlOTI4NGQ1NTAzZjgwMDlkYjRhYTc1NGVkMGM1ODJjNzk0OTNkNTdkZmI3NWY5NmNiODFkNGM2NGU1NWQzNTFkMzc2ODJjOGY1YWMxZWEzMDcyODVlMTllODUyMjc4NDMwNTA5MGJjYzY2NzM4OTlkYzZhODRmMzRhNmRiZDkyNjJlMWM3MjEyYjJkMTQzODc5MDU4NjMyZDEyYmVlNjc2MmFmNjI5NjE3MmM2MTVlNTE1MmJiM2IzYWFmNDUxNjg1YTkxOGYzZTMxZDg0YjQ4MTA0OXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fgmdva.org&t=jsonp&c=yaf_nvlxtspdbrl_&eu=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F
IP 74.124.217.28:0
File type ASCII text, with no line terminators
Hash abf8096f6003159b63cf71b5429f90ca
fb5ea6ba375ff149caa78dc1267af83ded68d3db
30f0e4411f2d7e707c05bbb0ca31dcdc2f8a2cc927eefa4bde7a914b4145aa0b
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/vyHb?d=ZW5jZEBXeThRdWhCME9vZnRabDF4Q3pzZ1NGOGdod2sxVlZPNksxSW5VVzR2dmM2ekVkRWl4bllXYTZEK244WDNDaDVUSmU5ZFFWcW1Ya0daTWl0N2NsNGU4eWs1NU9oNUhwQXhhWlRmOWFZMERJLzFUNVVUZzdZOHdHMFYxQm1udXBqUnRqUE5qdTRRUitEOVgwZnpSU2MvUDRNK25KWTJJTzd0UkV6RkR0U29KRWRRT3p4T01FYmFrOWVtQ2lOOStzRG9qeStCSkJ0RENmWWtmRTdDQUM2RmFHemxUOTJQK3RYdERvSWpMamUzL1QxeE9JdEtqaU1yLzUxZGd4ckxwcndabDU0aFJvWWJmNXc5cnJIZzdnR0Z4Q0ZTc2dudFRucTY1b2xreG5kQXZmTnFIRGpLRjBCYnxhYjZjMjRiMjhiYzZkNjQ0ZjlkMzI2M2U3YzFhM2Y5NGNkYjMwOTY4N2ZiMjNjZDk3MTg3NDViZTkyNDYwZjJiOWVlYTk2NDY4YzZjZTExMTFiNTUzZWJkYzcwODk3NjcyMmViODE4YzAzYTRiYmU2MTE4NDBjMDA3Y2QyMGJjOGNiOTdiYTUwYWNlYzdmNWM3ZmE5ZDY4NDczYjQ1OTBhYWYxZDE3Mzg2MmRmOWIzYmYxZjQwOGQwODA5MDI5ODJlMjFlM2MxZTkzYWE3MTI4NmViNmUwODJmNWQ1MGE1MWU0OTdiY2YwOTFhYzMyMTc5YjAzM2QzY2Y3NTQ2NGU0MzUwMWQyNTFiZWM1MzVlNmI5OTQ3ZjkwODg2YzdlYWE3YzcyOWNhNThhYzZlOTI4NGQ1NTAzZjgwMDlkYjRhYTc1NGVkMGM1ODJjNzk0OTNkNTdkZmI3NWY5NmNiODFkNGM2NGU1NWQzNTFkMzc2ODJjOGY1YWMxZWEzMDcyODVlMTllODUyMjc4NDMwNTA5MGJjYzY2NzM4OTlkYzZhODRmMzRhNmRiZDkyNjJlMWM3MjEyYjJkMTQzODc5MDU4NjMyZDEyYmVlNjc2MmFmNjI5NjE3MmM2MTVlNTE1MmJiM2IzYWFmNDUxNjg1YTkxOGYzZTMxZDg0YjQ4MTA0OXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fgmdva.org&t=jsonp&c=yaf_nvlxtspdbrl_&eu=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=08aab635-09af-4471-9ded-4478a51fafd0; _cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0; utag_main=v_id:0187177a7030002116b711a53ae400050003b00900918$_sn:1$_se:1$_ss:1$_st:1679727912817$ses_id:1679726112817%3Bexp-session$_pn:1%3Bexp-session; PHPSESSID=e0951a64c8984ea8af0668972739bcb0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:02 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 131
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
95.101.10.152200 OK 14 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP 95.101.10.152:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (32088), with CRLF line terminators
Hash 3aebe41731e9656c48b87e8e8b2d1177
43369d1732f4ad8a5e7a1e9a3e133d96945afe02
6cf0cd136cefa8b4cce2da6ead22c33b83af4af3e87d7e4e9589b60f6ce4e395
GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Sat, 25 Mar 2023 06:35:02 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=eUnrNQf+Heg61iamfgA5qw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
23.36.79.9200 OK 45 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
IP 23.36.79.9:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sat, 25 Mar 2023 06:35:02 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=KvzbPQ32c6hKAzN7GJ0Tkg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
23.36.79.9200 OK 45 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
IP 23.36.79.9:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sat, 25 Mar 2023 06:35:02 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=+O%2fCse%2fhvuiuNdSJvjXyoA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
23.36.79.9200 OK 45 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
IP 23.36.79.9:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sat, 25 Mar 2023 06:35:02 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=vD8%2fhmgdRxdsTXIsgUHcTA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3%3A0&_cls_v=08aab635-09af-4471-9ded-4478a51fafd0&pv=2&f_cls_s=true
23.36.79.18200 OK 1.2 kB URL HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3%3A0&_cls_v=08aab635-09af-4471-9ded-4478a51fafd0&pv=2&f_cls_s=true
IP 23.36.79.18:0
ASN #20940 Akamai International B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (5109), with no line terminators
Hash 40cbb5b38a3bfa833152a42d7c018c19
9fb57a854b6de6ecd698e2d1e531cf76419740b9
9c7a3cf74fc533b54215f49525f2dbf3bb3d26554dde522ffb35cf3bfadf2cc3
GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3%3A0&_cls_v=08aab635-09af-4471-9ded-4478a51fafd0&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://gmdva.org
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1186
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sat, 25 Mar 2023 06:35:02 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=de760e43; Secure; SameSite=None;HttpOnly;Secure
_cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0; Secure; SameSite=None;HttpOnly;Secure
_cls_v=08aab635-09af-4471-9ded-4478a51fafd0; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!JRem7J/ZcfVFE7bpnNE5eVRfS7HzY/5NUgpQROAiF8Gj0eci1hzIHgx7laxLuBKiMJFQjdJKTj868A==; path=/; Httponly; Secure
DCID=lFjZPOz%2fKkJPxvDOz5Mak0CwUZnFiYg%2fVKv+p0Hs0%2fYzBYy2OY2AAKooAOGuG1Lf; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sat, 25 Mar 2023 06:50:02 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
23.36.79.24200 OK 570 B URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
Hash 7af42886cbcf150f5f025fe73d898a46
9c1750811a061fb0b294bf2161fba564b3c536c7
1e06e8784cc014d631eb50c253ec3c6d7c1bdba9db7b91eb58cd693f4df65591
GET /accounts/static/7M/accounts/short/accounts-cache.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Fri, 17 Feb 2023 18:07:52 GMT
Vary: Accept-Encoding
ETag: W/"63efc278-497"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 570
Date: Sat, 25 Mar 2023 06:35:02 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=fA7gOGzKC0WXKlpEiVk9ERaYqo4PL9s9YHCFhNdn4C8%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 25 Mar 2023 06:50:02 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1679726114402
34.255.162.196200 OK 321 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1679726114402
IP 34.255.162.196:0
File type JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Hash be45b91ff1bfcec4e77fe121a2042419
60117eb66f5c332cdbd5be7417bff81d8ac1c803
dd87e02ac7ea5aca9e9e276e81f840436bed133c656990365db521af62af342b
GET /id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1679726114402 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://gmdva.org
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v046-03a127b6a.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=69016011176535175011561482854871888703; Max-Age=15552000; Expires=Thu, 21 Sep 2023 06:35:02 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: MjPwdCnpRao=
Content-Length: 321
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 8ed3047ee91d173a374a1a85ae52a7a8
4b6029b31d616b6ce4510bbebfa3d19727830cb4
97397600ff0e83eabe0185e5d326aa997f8cec6ea2ae7d0af7d08015b11a6c4e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:02 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 23 Mar 2023 08:38:01 GMT
Expires: Thu, 30 Mar 2023 08:38:00 GMT
Etag: "4b6029b31d616b6ce4510bbebfa3d19727830cb4"
Cache-Control: max-age=438777,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ad521aa5b36b50f-OSL
api.rlcdn.com/api/identity/idl?pid=1317
34.120.133.55451 Unavailable For Legal Reasons 0 B URL HTTP/2 api.rlcdn.com/api/identity/idl?pid=1317
IP 34.120.133.55:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/identity/idl?pid=1317 HTTP/1.1
Host: api.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 451 Unavailable For Legal Reasons
date: Sat, 25 Mar 2023 06:35:02 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
23.36.79.24200 OK 151 kB URL HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Size 151 kB (150658 bytes)
Hash 592758d76649386e1302516844c72740
09d51d171d3a9c3e8c648103d6347c9b533c39ee
3c89133db70566792f40a16b630b3762fd0ed597972edbc457be0399db7a16a4
GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"6410ff94-1854"
Last-Modified: Tue, 14 Mar 2023 23:13:24 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Sat, 25 Mar 2023 06:35:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=A89GeheHAQAAmp8QfYxuMYDBzpV2dDd-4Mth-e8GxExM9aLbCgGrRhQGmnbmAVtaKpqcuDv8wH8AAEB3AAAAAA|1|0|6e7e862efc1c2d25c967c26a08ec4e45d5ea4258; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=V+8Vc%2f3k5OoJIfO35bsk9rj22pLw5cnIEqk2E+Xode0%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 25 Mar 2023 06:50:02 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=69024352679692366541560085548486494508&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%011120230319042059961698062%011&ts=1679726114715
34.255.162.196200 OK 321 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=69024352679692366541560085548486494508&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%011120230319042059961698062%011&ts=1679726114715
IP 34.255.162.196:0
File type JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Hash 436e38520d59de9b18908743caeec281
d6e6d01d9c1a18d105be80aff4c8e2708b33dfe6
453fc03d03a12057d439c1b83b2933977505e0f942f0a546fe77184dc3971d9e
GET /id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=69024352679692366541560085548486494508&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%011120230319042059961698062%011&ts=1679726114715 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://gmdva.org
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v046-08630f9eb.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=60153857765756953671314307802593791059; Max-Age=15552000; Expires=Thu, 21 Sep 2023 06:35:02 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: 4WcVDuvwS78=
Content-Length: 321
Connection: keep-alive
c1.wfinterface.com/tracking/ga/ga.js
23.36.79.9200 OK 20 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/ga.js
IP 23.36.79.9:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (49163)
Hash d76c07f3794667edfb1c8ac0df3aac66
23e1915175dad06223c692b49c7b3c2aad1a5820
e0a246ff71144016a26e53493b8275a3a02b9386c690a169801840072851136b
GET /tracking/ga/ga.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-c025"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 19477
Date: Sat, 25 Mar 2023 06:35:02 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=HQydQWpM%2fKPFt51BB%2fcTjg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1679726114411
54.228.21.106200 OK 318 B URL HTTP/1.1 wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1679726114411
IP 54.228.21.106:0
File type JSON data\012- , ASCII text, with very long lines (587), with no line terminators
Hash aa21467ff1a9d34825ac4779cc9d159b
8f4e95d476dbd1f8dba8dba0b21b10f1699a3f8a
1fc495572e72c3128fb56d842ae8a790a94e3559c10f1cf63853934539fd0acb
POST /event?d_dil_ver=9.5&_ts=1679726114411 HTTP/1.1
Host: wellsfargobankna.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 428
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://gmdva.org
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v046-0c7c3d8a2.edge-irl1.demdex.com 4 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=69016011176535175011561482854871888703; Max-Age=15552000; Expires=Thu, 21 Sep 2023 06:35:02 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: ZWLLStLvQXE=
Content-Length: 318
Connection: keep-alive
c1.wfinterface.com/tracking/ga/ga_conversion_async.js
23.36.79.9200 OK 14 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/ga_conversion_async.js
IP 23.36.79.9:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (35846)
Hash 42c817a7b5f9583b2bc70f742dc950c9
ff75711716f8605860abe551b0235f7194e4348e
881b430ac699f32b3b5234582494d1f4fc0d22be1e6ac797847d66bc5ebc250f
GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Sat, 25 Mar 2023 06:35:02 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=p22qaEqKm67LtILzNPcb8g%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 8ed3047ee91d173a374a1a85ae52a7a8
4b6029b31d616b6ce4510bbebfa3d19727830cb4
97397600ff0e83eabe0185e5d326aa997f8cec6ea2ae7d0af7d08015b11a6c4e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:35:02 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 23 Mar 2023 08:38:01 GMT
Expires: Thu, 30 Mar 2023 08:38:00 GMT
Etag: "4b6029b31d616b6ce4510bbebfa3d19727830cb4"
Cache-Control: max-age=438777,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ad521ac1d5bb50f-OSL
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4355291ec58b85ddde02c2446ecb2bb4
4ad43e10f82193f83e862e8a78f3e46de9490ac4
e32fd5635627751770ee13e8f77b14b2555163cfc2d7db98aa8edb5b4bae4d9a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 06:35:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=800516977&t=pageview&_s=1&dl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=6GBACUABBAAAAC~&jid=1497151642&gjid=27080559&cid=1612135347.1679726115&tid=UA-107148943-1&_gid=1364443447.1679726115&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120230319042059961698062&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=1612135347.1679726115&z=1122649116
142.250.74.142200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=800516977&t=pageview&_s=1&dl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=6GBACUABBAAAAC~&jid=1497151642&gjid=27080559&cid=1612135347.1679726115&tid=UA-107148943-1&_gid=1364443447.1679726115&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120230319042059961698062&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=1612135347.1679726115&z=1122649116
IP 142.250.74.142:0
File type ASCII text, with no line terminators
Hash cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
POST /j/collect?v=1&_v=j92&aip=1&a=800516977&t=pageview&_s=1&dl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=6GBACUABBAAAAC~&jid=1497151642&gjid=27080559&cid=1612135347.1679726115&tid=UA-107148943-1&_gid=1364443447.1679726115&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120230319042059961698062&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=1612135347.1679726115&z=1122649116 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://gmdva.org
date: Sat, 25 Mar 2023 06:35:02 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash fa363658b10afd87af493d2c443e3106
6d1f5da75206662432381be4dd22e72fb3cb968a
f0d0e2a38e51f762415e65b7f49f2acd09b4651b5c111875ff9184a58f0cc8f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 06:35:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4355291ec58b85ddde02c2446ecb2bb4
4ad43e10f82193f83e862e8a78f3e46de9490ac4
e32fd5635627751770ee13e8f77b14b2555163cfc2d7db98aa8edb5b4bae4d9a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 06:35:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
2549153.fls.doubleclick.net/activityi;src=2549153;type=allv40;cat=all_a00;ord=7384405670259;gtm=2od8g0;auiddc=507512314.1679726115;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F?
142.250.74.38200 OK 314 B URL HTTP/2 2549153.fls.doubleclick.net/activityi;src=2549153;type=allv40;cat=all_a00;ord=7384405670259;gtm=2od8g0;auiddc=507512314.1679726115;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F?
IP 142.250.74.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (555), with no line terminators
Hash 7fab5703657a0b539db806bdd13a9bbb
e0c05711151faca06e17bfdcdee30300abaed590
99c8b55c240c0d5635d1dac5631a39dd924df43ab3f4590b85ce0ac902b9c889
GET /activityi;src=2549153;type=allv40;cat=all_a00;ord=7384405670259;gtm=2od8g0;auiddc=507512314.1679726115;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F? HTTP/1.1
Host: 2549153.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 25 Mar 2023 06:35:02 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 314
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 25-Mar-2023 06:50:02 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash fa363658b10afd87af493d2c443e3106
6d1f5da75206662432381be4dd22e72fb3cb968a
f0d0e2a38e51f762415e65b7f49f2acd09b4651b5c111875ff9184a58f0cc8f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 06:35:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 24e5e7ec3507bcc60836a8798d125e32
f4db4ea71f3844ef76959f285c07789fb9cf70f8
92f002fbc1fe394f8d298e32c6f4b1d23de4e71585ea4c8fa809f609cb86ff77
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2367
Cache-Control: max-age=120550
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 06:35:02 GMT
Etag: "641dc0bd-1d7"
Expires: Sun, 26 Mar 2023 16:04:12 GMT
Last-Modified: Fri, 24 Mar 2023 15:24:45 GMT
Server: ECAcc (ska/F775)
X-Cache: HIT
Content-Length: 471
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0&_cls_v=08aab635-09af-4471-9ded-4478a51fafd0&pid=13faa52e-3194-413d-bda0-053d38fce40d&sn=1&cfg&pv=2&aid=
23.36.79.18200 OK 1.2 kB URL HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0&_cls_v=08aab635-09af-4471-9ded-4478a51fafd0&pid=13faa52e-3194-413d-bda0-053d38fce40d&sn=1&cfg&pv=2&aid=
IP 23.36.79.18:0
ASN #20940 Akamai International B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (5109), with no line terminators
Hash 40cbb5b38a3bfa833152a42d7c018c19
9fb57a854b6de6ecd698e2d1e531cf76419740b9
9c7a3cf74fc533b54215f49525f2dbf3bb3d26554dde522ffb35cf3bfadf2cc3
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0&_cls_v=08aab635-09af-4471-9ded-4478a51fafd0&pid=13faa52e-3194-413d-bda0-053d38fce40d&sn=1&cfg&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 8339
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Cookie: _cls_cfgver=de760e43; _cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0; _cls_v=08aab635-09af-4471-9ded-4478a51fafd0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://gmdva.org
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1186
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sat, 25 Mar 2023 06:35:03 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=de760e43; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!nUPgy6mc9trHfMTpnNE5eVRfS7HzYw5nVoMKOE2owLoNSRq6SmzaJUbYhSL5fGiI4aMhS4pvvR2j+Q==; path=/; Httponly; Secure
DCID=YQbQHYx%2fLcdpRoQDdsyohUgfAhmejTvg8tQXjGcbKwqdlRrUJq9wSKx%2flxbWgqcV; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sat, 25 Mar 2023 06:50:02 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash eef4409d0ad90e2899e538028bd3fa76
2d6edd13cbd2d201ef921fc33c053aec8f8b740c
61eef3a534769ac291c82d37206b392dea96af36a38e9d7da4cf0fb2d5d2342d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 06:35:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=1612135347.1679726115&jid=1497151642&gjid=27080559&_gid=1364443447.1679726115&_u=6GBACUAABAAAAC~&z=1551032831
173.194.221.155200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=1612135347.1679726115&jid=1497151642&gjid=27080559&_gid=1364443447.1679726115&_u=6GBACUAABAAAAC~&z=1551032831
IP 173.194.221.155:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=1612135347.1679726115&jid=1497151642&gjid=27080559&_gid=1364443447.1679726115&_u=6GBACUAABAAAAC~&z=1551032831 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://gmdva.org
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 25 Mar 2023 06:35:03 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash eef4409d0ad90e2899e538028bd3fa76
2d6edd13cbd2d201ef921fc33c053aec8f8b740c
61eef3a534769ac291c82d37206b392dea96af36a38e9d7da4cf0fb2d5d2342d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 06:35:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/wfui.5ca2a1f03b3b260c7b2a.chunk.css
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/wfui.5ca2a1f03b3b260c7b2a.chunk.css
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash a71ea78ff46be5625dfd89e0ec244378
ab2b8ecf22caa4d113c6f985fab6d395669d1376
c93f7e9fdbf305af0aa722f18fef5e7f1d40ce0e98960a499fdc1798041357b0
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/stylesheets/wfui.5ca2a1f03b3b260c7b2a.chunk.css HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiSllIZldJZXBPYk9ySmJCUnNIZ1FnUT09IiwiZSI6InZFQzJ4ODk3MTZFNnNrOVMzMmpPeTZsblhlMUhURW0xMFBydHRkWkcrWkhCOTVCYVRkckNleHB5T1BHclhhUmNNZVl4cUo4UHhHdkhMVThRR2d0SkNNbDBCSzREM3ZubnZTb0M4YUY3TGxSR0ptNjhwcGQyVjBFMlZxb1JqK25cL0ZMWGUzUVBIZzhWblkwdzlUdEdwSEE9PSJ9.7ef6d86247627c94.YjViNDIwOTM4NWNjNzVhMGMwZjM5M2QyMjBkNWQ0OTdmMDUzMTUxOTNlZDFkYTU2YmRiZmNkYjYwODMxYjgyMg%3D%3D; _cls_v=08aab635-09af-4471-9ded-4478a51fafd0; _cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 06:35:01 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: PHPSESSID=2332fcceae2f27186f12055f7e0fadbf; path=/
wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f0f306ea49f1bd3f358f7579513e7377
c2845c696f6685a211bc040895d28ebf23fa1bc0
cda7588d5040ef3c8e83955838618a0ed0a6ee242d24abf5af697b2289fc8bdb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 06:35:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=7384405670259;gtm=2od8g0;auiddc=507512314.1679726115;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F
216.58.211.2200 OK 312 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=7384405670259;gtm=2od8g0;auiddc=507512314.1679726115;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F
IP 216.58.211.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (554), with no line terminators
Hash c9522bedc249d3cefe48e518a2de0293
3d9ca15804b7b0bf1c9cd6ff2d1fdeab837acc72
848e0b72df1b89afee3d44345944866236ea9c709b22be0388f90eaaf3f1f0ee
GET /ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=7384405670259;gtm=2od8g0;auiddc=507512314.1679726115;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2549153.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 25 Mar 2023 06:35:03 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 312
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f0f306ea49f1bd3f358f7579513e7377
c2845c696f6685a211bc040895d28ebf23fa1bc0
cda7588d5040ef3c8e83955838618a0ed0a6ee242d24abf5af697b2289fc8bdb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 06:35:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 248b003a4a6dda3d2c481cfd45e49176
ae6e1dbc704dbe302549888e545689eb88e83bb9
14df223924711cca8488c64942b656023cb6e69cb83863ccd0f9cdb8ac4682fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 06:35:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=7384405670259;gtm=2od8g0;auiddc=507512314.1679726115;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F
142.250.74.130200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=7384405670259;gtm=2od8g0;auiddc=507512314.1679726115;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F
IP 142.250.74.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=7384405670259;gtm=2od8g0;auiddc=507512314.1679726115;u1=1120230319042059961698062;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 25 Mar 2023 06:35:03 GMT
expires: Sat, 25 Mar 2023 06:35:03 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 248b003a4a6dda3d2c481cfd45e49176
ae6e1dbc704dbe302549888e545689eb88e83bb9
14df223924711cca8488c64942b656023cb6e69cb83863ccd0f9cdb8ac4682fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 06:35:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gmdva.org/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&cb=1679726114317&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
74.124.217.28404 Not Found 48 kB URL HTTP/1.1 gmdva.org/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&cb=1679726114317&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 7704d0fb81a029e0840fe9a46e01a46b
53572a8368d71eb48b20f929928043e6aa8a40b7
1cdf81f5ccafa406b83593dc25b25a8167bf1a81f1ad26d32921a48172b44a35
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&cb=1679726114317&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Connection: keep-alive
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=08aab635-09af-4471-9ded-4478a51fafd0; _cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0; utag_main=v_id:0187177a7030002116b711a53ae400050003b00900918$_sn:1$_se:1$_ss:1$_st:1679727912817$ses_id:1679726112817%3Bexp-session$_pn:1%3Bexp-session; PHPSESSID=e0951a64c8984ea8af0668972739bcb0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 06:35:02 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&cb=1679726114249&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
74.124.217.28404 Not Found 48 kB URL HTTP/1.1 gmdva.org/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&cb=1679726114249&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash a437b5ec0d49498ecd4ec824a3f02d66
7dc3ad5511b42aac4a097d0858996d4b1f52ca5f
acb9a00d1d61d7b33ae5da597ca9bd50de7780da97836c9a90cb8fd64e93832f
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fgmdva.org%2F.i%2Fjt99%2Fae62dc811a0ffcf1a28725223745833a%2F&cb=1679726114249&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Connection: keep-alive
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=08aab635-09af-4471-9ded-4478a51fafd0; _cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0; utag_main=v_id:0187177a7030002116b711a53ae400050003b00900918$_sn:1$_se:1$_ss:1$_st:1679727912817$ses_id:1679726112817%3Bexp-session$_pn:1%3Bexp-session; PHPSESSID=e0951a64c8984ea8af0668972739bcb0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 06:35:01 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash e4070b82c6d0117f6e4a341c4be8b681
c35d3560b3b3360dd23b67556a22a60b3708c2aa
e2af31c7614e2f0a517e3726ba381420b4bd0d2fcef160917512638b0814b7b5
Analyzer Verdict Alert fortinet Phishing
POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Content-Type: multipart/form-data; boundary=---------------------------232348786539774321931908350931
Origin: https://gmdva.org
Content-Length: 171
Connection: keep-alive
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=08aab635-09af-4471-9ded-4478a51fafd0; _cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0; utag_main=v_id:0187177a7030002116b711a53ae400050003b00900918$_sn:1$_se:1$_ss:1$_st:1679727912817$ses_id:1679726112817%3Bexp-session$_pn:1%3Bexp-session; PHPSESSID=e0951a64c8984ea8af0668972739bcb0; dti_apg=%7B%22_rt%22%3A%22DQ5bdfhIuR%2FE8CmqyCLRqqcHKuCNgVCV1hkD%2BmWQs%2B8%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 06:35:02 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/runtime.05a69a13044cc6fc4087.js
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/runtime.05a69a13044cc6fc4087.js
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 56e6bf3f3cb4bc842e21b59075110295
9b8a3baac090ac3b9349a02ee847fab8e6493908
0879cfec370025da07b30470448e2f340c7ae748db7ffdba1b34bd1156d3a8ee
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/runtime.05a69a13044cc6fc4087.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
ADRUM: isAjax:true
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=08aab635-09af-4471-9ded-4478a51fafd0; _cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0; utag_main=v_id:0187177a7030002116b711a53ae400050003b00900918$_sn:1$_se:2$_ss:0$_st:1679727914570$ses_id:1679726112817%3Bexp-session$_pn:1%3Bexp-session; PHPSESSID=e0951a64c8984ea8af0668972739bcb0; dti_apg=%7B%22_rt%22%3A%22DQ5bdfhIuR%2FE8CmqyCLRqqcHKuCNgVCV1hkD%2BmWQs%2B8%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69024352679692366541560085548486494508%7CMCAAMLH-1680330914%7C6%7CMCAAMB-1679726113%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-982532154%7CMCOPTOUT-1679733314s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 06:35:02 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/main.3194ee7aa65e829eeddb.chunk.js
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/main.3194ee7aa65e829eeddb.chunk.js
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 286f88fceb1ff8ea1861bb72d2399de6
8297521cf207e4498246e3ae1f2b15c3dbf0bfae
406f2b172cc7f3339da19cb546480302c0e5052e338093675c36bde911916ffe
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/main.3194ee7aa65e829eeddb.chunk.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
ADRUM: isAjax:true
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=08aab635-09af-4471-9ded-4478a51fafd0; _cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0; utag_main=v_id:0187177a7030002116b711a53ae400050003b00900918$_sn:1$_se:2$_ss:0$_st:1679727914570$ses_id:1679726112817%3Bexp-session$_pn:1%3Bexp-session; PHPSESSID=e0951a64c8984ea8af0668972739bcb0; dti_apg=%7B%22_rt%22%3A%22DQ5bdfhIuR%2FE8CmqyCLRqqcHKuCNgVCV1hkD%2BmWQs%2B8%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69024352679692366541560085548486494508%7CMCAAMLH-1680330914%7C6%7CMCAAMB-1679726113%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-982532154%7CMCOPTOUT-1679733314s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 06:35:03 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/vendor.3950f3b92beb9b7e513c.chunk.js
74.124.217.28404 Not Found 47 kB URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/vendor.3950f3b92beb9b7e513c.chunk.js
IP 74.124.217.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1820), with CRLF, LF line terminators
Hash 66f7fb9f0433a4ddc2c2c8fad3ceb90d
26e74340b3763b274a7bd719ec51880a2f9e32e1
e2ad1134bc9f96c63d717b98ca5fa934231261448b28277c7097a99c5a28f65f
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/vendor.3950f3b92beb9b7e513c.chunk.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
ADRUM: isAjax:true
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=08aab635-09af-4471-9ded-4478a51fafd0; _cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0; utag_main=v_id:0187177a7030002116b711a53ae400050003b00900918$_sn:1$_se:2$_ss:0$_st:1679727914570$ses_id:1679726112817%3Bexp-session$_pn:1%3Bexp-session; PHPSESSID=e0951a64c8984ea8af0668972739bcb0; dti_apg=%7B%22_rt%22%3A%22DQ5bdfhIuR%2FE8CmqyCLRqqcHKuCNgVCV1hkD%2BmWQs%2B8%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69024352679692366541560085548486494508%7CMCAAMLH-1680330914%7C6%7CMCAAMB-1679726113%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-982532154%7CMCOPTOUT-1679733314s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 06:35:02 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/detector-dom.min.js.download
74.124.217.28200 OK 0 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/detector-dom.min.js.download
IP 74.124.217.28:0
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/detector-dom.min.js.download HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 06:34:59 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests;
Last-Modified: Fri, 24 Mar 2023 19:51:59 GMT
Accept-Ranges: bytes
Content-Length: 440531
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
23.36.79.9200 OK 0 B URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
IP 23.36.79.9:0
ASN #20940 Akamai International B.V.
GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sat, 25 Mar 2023 06:35:02 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=PC+mUXUPgKNIyqB6t5JXQA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/wfui.ecd53189d0b6bf69e8f7.chunk.js
74.124.217.28404 Not Found 0 B URL HTTP/1.1 gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/wfui.ecd53189d0b6bf69e8f7.chunk.js
IP 74.124.217.28:0
Analyzer Verdict Alert fortinet Phishing
GET /.i/jt99/ae62dc811a0ffcf1a28725223745833a/we_files/accounts-cache.js.downloadpublic/js/wfui.ecd53189d0b6bf69e8f7.chunk.js HTTP/1.1
Host: gmdva.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
ADRUM: isAjax:true
Connection: keep-alive
Referer: https://gmdva.org/.i/jt99/ae62dc811a0ffcf1a28725223745833a/
Cookie: LSESSIONID=eyJpIjoiWllPQldKOEd2Z21KN0lKU0JCR0FoZz09IiwiZSI6IjNEcUFcLzlINWxNNEFTejFBd0ROZHRsaE1odzJVVnllQkhpY3VON1hTMTUzSDA1cTRIQ0tlUVpxcXQ4czNSclNnS0FBdnJ2YnhnREVMWEY3VHg5VTFkbE5vZlwvY1RPVE15WGJJb2RPUDVJKzFUUGtXSmtuNWgzWWlaRFpFekxRRDhNM3dXR001Ym94K2dwTUVWQ3Rwc28wTEg1T0NRYjJvOXJqbGxVcXdpOHhMQ2hDbmpwbWRMMDhySEZtczBHb2pKIn0%3D.abd25b62f05016e2.YzgzMDBkZjU2NDg0NWU2MDQ1Y2JjMmY2ODY0MjhjMzA5MGQwOTJiMTMzODM4M2RmYTc1NTlmNWZmODhjMTUzYQ%3D%3D; _cls_v=08aab635-09af-4471-9ded-4478a51fafd0; _cls_s=1907040a-bfc2-431d-b0fd-309cd03401c3:0; utag_main=v_id:0187177a7030002116b711a53ae400050003b00900918$_sn:1$_se:2$_ss:0$_st:1679727914570$ses_id:1679726112817%3Bexp-session$_pn:1%3Bexp-session; PHPSESSID=e0951a64c8984ea8af0668972739bcb0; dti_apg=%7B%22_rt%22%3A%22DQ5bdfhIuR%2FE8CmqyCLRqqcHKuCNgVCV1hkD%2BmWQs%2B8%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69024352679692366541560085548486494508%7CMCAAMLH-1680330914%7C6%7CMCAAMB-1679726113%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-982532154%7CMCOPTOUT-1679733314s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 25 Mar 2023 06:35:04 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://gmdva.org/wp-json/>; rel="https://api.w.org/"
Set-Cookie: wccp_pro_functionality=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
Content-Security-Policy: upgrade-insecure-requests;
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
52.12.145.88200 OK 0 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP 52.12.145.88:0
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 06:35:03 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
52.12.145.88200 OK 0 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP 52.12.145.88:0
POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 16211
Origin: https://gmdva.org
Connection: keep-alive
Referer: https://gmdva.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 06:35:04 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:18|g:66f724b3-d04c-4811-8d1f-547f365d21fb; Path=/; Expires=Sat, 25-Mar-2023 06:35:34 GMT; Max-Age=30
ADRUM_BTa=R:18|g:66f724b3-d04c-4811-8d1f-547f365d21fb|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e; Path=/; Expires=Sat, 25-Mar-2023 06:35:34 GMT; Max-Age=30
SameSite=None; Path=/; Expires=Sat, 25-Mar-2023 06:35:34 GMT; Max-Age=30; Secure
ADRUM_BT1=R:18|i:559461; Path=/; Expires=Sat, 25-Mar-2023 06:35:34 GMT; Max-Age=30
ADRUM_BT1=R:18|i:559461|e:3; Path=/; Expires=Sat, 25-Mar-2023 06:35:34 GMT; Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2