Submitted URL: https://mediaproevent.id/wp-includes/SimplePie/goldg/
Effective URL: https://www.gwcu.org/phishing
Submission: On December 21 via automatic, source openphish

Summary

This website contacted 15 IPs in 6 countries across 12 domains to perform 47 HTTP transactions. The main IP is 67.128.159.195, located in Kaysville, United States and belongs to CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US. The main domain is www.gwcu.org.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on January 4th 2018. Valid for: 2 years.
This is the only time www.gwcu.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 118.98.75.67 7713 (TELKOMNET...)
13 67.128.159.211 209 (CENTURYLI...)
2 4 2a00:1450:400... 15169 (GOOGLE)
17 67.128.159.195 209 (CENTURYLI...)
1 172.217.23.162 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 2 2a05:f500:10:... 14413 (LINKEDIN)
1 1 2a05:f500:11:... 14413 (LINKEDIN)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 2a03:2880:f11... 32934 (FACEBOOK)
1 152.199.21.2 15133 (EDGECAST)
47 15
Domain Requested by
17 www.gwcu.org online.gwcu.org
www.gwcu.org
13 online.gwcu.org mediaproevent.id
4 www.google-analytics.com 2 redirects online.gwcu.org
www.gwcu.org
2 stats.g.doubleclick.net 1 redirects www.gwcu.org
2 px.ads.linkedin.com 1 redirects www.gwcu.org
2 connect.facebook.net www.gwcu.org
connect.facebook.net
2 www.google.de www.gwcu.org
2 www.google.com 1 redirects www.gwcu.org
1 hello.myfonts.net
1 www.facebook.com www.gwcu.org
1 www.linkedin.com 1 redirects
1 snap.licdn.com www.gwcu.org
1 googleads.g.doubleclick.net www.googleadservices.com
1 www.googleadservices.com www.gwcu.org
1 mediaproevent.id
47 15
Subject Issuer Validity Valid
mediaproevent.id
cPanel, Inc. Certification Authority
2019-10-11 -
2020-01-09
3 months crt.sh
online.gwcu.org
DigiCert SHA2 Extended Validation Server CA
2019-03-22 -
2021-04-22
2 years crt.sh
*.google-analytics.com
GTS CA 1O1
2019-12-03 -
2020-02-25
3 months crt.sh
www.gwcu.org
DigiCert SHA2 Extended Validation Server CA
2018-01-04 -
2020-01-24
2 years crt.sh
www.googleadservices.com
GTS CA 1O1
2019-12-03 -
2020-02-25
3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1
2019-12-03 -
2020-02-25
3 months crt.sh
www.google.com
GTS CA 1O1
2019-12-03 -
2020-02-25
3 months crt.sh
www.google.de
GTS CA 1O1
2019-12-03 -
2020-02-25
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2019-12-06 -
2020-03-05
3 months crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA
2019-04-01 -
2021-05-07
2 years crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA
2019-05-29 -
2021-06-29
2 years crt.sh
hello.myfonts.net
DigiCert SHA2 Secure Server CA
2019-06-03 -
2021-06-07
2 years crt.sh

This page contains 1 frames:

Primary Page: https://www.gwcu.org/phishing
Frame ID: 50045EDFEFC9592D9895E2E65B51032A
Requests: 48 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://mediaproevent.id/wp-includes/SimplePie/goldg/ Page URL
  2. https://www.gwcu.org/phishing Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<div[^>]+class="[^"]*glyphicon glyphicon-/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

47
Requests

96 %
HTTPS

67 %
IPv6

12
Domains

15
Subdomains

15
IPs

6
Countries

1302 kB
Transfer

2029 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://mediaproevent.id/wp-includes/SimplePie/goldg/ Page URL
  2. https://www.gwcu.org/phishing Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 41
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=399980&url=https%3A%2F%2Fwww.gwcu.org%2Fphishing&time=1576888527672 HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D399980%26url%3Dhttps%253A%252F%252Fwww.gwcu.org%252Fphishing%26time%3D1576888527672%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=399980&url=https%3A%2F%2Fwww.gwcu.org%2Fphishing&time=1576888527672&liSync=true
Request Chain 42
  • https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1803068296&t=pageview&_s=1&dl=https%3A%2F%2Fwww.gwcu.org%2Fphishing&dr=https%3A%2F%2Fmediaproevent.id%2Fwp-includes%2FSimplePie%2Fgoldg%2F&ul=en-us&de=UTF-8&dt=Phishing%20Alert&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=1347543809&gjid=1196340472&cid=284087572.1576888528&tid=UA-4307350-1&_gid=1060161391.1576888528&_r=1&z=1859050523 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-4307350-1&cid=284087572.1576888528&jid=1347543809&_gid=1060161391.1576888528&gjid=1196340472&_v=j79&z=1859050523
Request Chain 43
  • https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1803068296&t=pageview&_s=1&dl=https%3A%2F%2Fwww.gwcu.org%2Fphishing&dr=https%3A%2F%2Fmediaproevent.id%2Fwp-includes%2FSimplePie%2Fgoldg%2F&ul=en-us&de=UTF-8&dt=Phishing%20Alert&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEDAAEAB~&jid=979700570&gjid=517910728&cid=284087572.1576888528&tid=UA-4307350-14&_gid=1060161391.1576888528&_r=1&z=1156360124 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-4307350-14&cid=284087572.1576888528&jid=979700570&_gid=1060161391.1576888528&gjid=517910728&_v=j79&z=1156360124 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4307350-14&cid=284087572.1576888528&jid=979700570&_v=j79&z=1156360124 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4307350-14&cid=284087572.1576888528&jid=979700570&_v=j79&z=1156360124&slf_rd=1&random=1601692327

47 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
mediaproevent.id/wp-includes/SimplePie/goldg/
19 KB
20 KB
Document
General
Full URL
https://mediaproevent.id/wp-includes/SimplePie/goldg/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
118.98.75.67 , Indonesia, ASN7713 (TELKOMNET-AS-AP PT Telekomunikasi Indonesia, ID),
Reverse DNS
v6.techscape6.com
Software
Apache /
Resource Hash
ac4f38011be1cd524997f89a51abc7b1e4643f24489a0eaef12f4ef16603033a

Request headers

Host
mediaproevent.id
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User
?1
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User
?1

Response headers

Date
Sat, 21 Dec 2019 00:35:19 GMT
Server
Apache
Last-Modified
Fri, 20 Dec 2019 19:39:42 GMT
Accept-Ranges
bytes
Content-Length
19882
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html
99_Pack.css
online.gwcu.org/User/StylesAuto/
74 KB
74 KB
Stylesheet
General
Full URL
https://online.gwcu.org/User/StylesAuto/99_Pack.css
Requested by
Host: mediaproevent.id
URL: https://mediaproevent.id/wp-includes/SimplePie/goldg/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.128.159.211 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
67-128-159-211.dia.static.centurylink.net
Software
/
Resource Hash
07011cc6e03b58f7b5ef8d73c4d9b0225f2fd00d85053c2a8da7571122b9913f

Request headers

Referer
https://mediaproevent.id/wp-includes/SimplePie/goldg/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 21 Dec 2019 00:35:44 GMT
Last-Modified
Sat, 21 Dec 2019 00:00:37 GMT
ETag
"93e79eac91b7d51:0"
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=86400
Accept-Ranges
bytes
Content-Type
text/css
Content-Length
75730
99_Pack.css
online.gwcu.org/User/StylesAuto.Customer/
21 KB
21 KB
Stylesheet
General
Full URL
https://online.gwcu.org/User/StylesAuto.Customer/99_Pack.css?nocache=20191023
Requested by
Host: mediaproevent.id
URL: https://mediaproevent.id/wp-includes/SimplePie/goldg/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.128.159.211 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
67-128-159-211.dia.static.centurylink.net
Software
/
Resource Hash
3968edebf724ceb81f391bde23086af3a713198acbc774d100c960a125cf31d0

Request headers

Referer
https://mediaproevent.id/wp-includes/SimplePie/goldg/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 21 Dec 2019 00:35:44 GMT
Last-Modified
Sat, 21 Dec 2019 00:00:37 GMT
ETag
"93e79eac91b7d51:0"
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=86400
Accept-Ranges
bytes
Content-Type
text/css
Content-Length
21522
Default
online.gwcu.org/User/Style/Render/
69 KB
8 KB
Stylesheet
General
Full URL
https://online.gwcu.org/User/Style/Render/Default?20190624_16
Requested by
Host: mediaproevent.id
URL: https://mediaproevent.id/wp-includes/SimplePie/goldg/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.128.159.211 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
67-128-159-211.dia.static.centurylink.net
Software
/
Resource Hash
e0aee78245253dec3ebb4891ca3c342c2532b935c01fd0193d8f835906e08d93

Request headers

Referer
https://mediaproevent.id/wp-includes/SimplePie/goldg/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 21 Dec 2019 00:35:44 GMT
Content-Encoding
gzip
Last-Modified
Sat, 21 Dec 2019 00:35:45 GMT
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
private
Content-Type
text/css; charset=utf-8
Content-Length
8183
Expires
Sat, 21 Dec 2019 00:35:45 GMT
99_Pack.js
online.gwcu.org/User/ScriptsAuto/
609 KB
609 KB
Script
General
Full URL
https://online.gwcu.org/User/ScriptsAuto/99_Pack.js
Requested by
Host: mediaproevent.id
URL: https://mediaproevent.id/wp-includes/SimplePie/goldg/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.128.159.211 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
67-128-159-211.dia.static.centurylink.net
Software
/
Resource Hash
1965d8467ad08e94c590bed3ae4df3bb78e58c7d35c3d41f69f279d63afb9025

Request headers

Referer
https://mediaproevent.id/wp-includes/SimplePie/goldg/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 21 Dec 2019 00:35:44 GMT
Last-Modified
Sat, 21 Dec 2019 00:00:37 GMT
ETag
"f948a1ac91b7d51:0"
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=86400
Accept-Ranges
bytes
Content-Type
application/javascript
Content-Length
623325
99_Pack.js
online.gwcu.org/User/ScriptsAuto.Custom/
14 KB
15 KB
Script
General
Full URL
https://online.gwcu.org/User/ScriptsAuto.Custom/99_Pack.js
Requested by
Host: mediaproevent.id
URL: https://mediaproevent.id/wp-includes/SimplePie/goldg/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.128.159.211 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
67-128-159-211.dia.static.centurylink.net
Software
/
Resource Hash
3964286620efa99eb443e611aaa5210e338466c02da4ab57deedce834f535a0e

Request headers

Referer
https://mediaproevent.id/wp-includes/SimplePie/goldg/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 21 Dec 2019 00:35:44 GMT
Last-Modified
Sat, 21 Dec 2019 00:00:37 GMT
ETag
"f948a1ac91b7d51:0"
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=86400
Accept-Ranges
bytes
Content-Type
application/javascript
Content-Length
14701
99_Pack.js
online.gwcu.org/User/ScriptsAuto.Customer/
15 KB
16 KB
Script
General
Full URL
https://online.gwcu.org/User/ScriptsAuto.Customer/99_Pack.js?nocache=20191023
Requested by
Host: mediaproevent.id
URL: https://mediaproevent.id/wp-includes/SimplePie/goldg/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.128.159.211 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
67-128-159-211.dia.static.centurylink.net
Software
/
Resource Hash
32ba4d61b1c939caa00070188412e64feccecb8d705aabc83def5ec55a09e0f5

Request headers

Referer
https://mediaproevent.id/wp-includes/SimplePie/goldg/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 21 Dec 2019 00:35:44 GMT
Last-Modified
Sat, 21 Dec 2019 00:00:37 GMT
ETag
"f948a1ac91b7d51:0"
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=86400
Accept-Ranges
bytes
Content-Type
application/javascript
Content-Length
15781
gwcu.js
online.gwcu.org/User/Content.Customer/Layout/Javascript/
591 B
915 B
Script
General
Full URL
https://online.gwcu.org/User/Content.Customer/Layout/Javascript/gwcu.js?nocache=20191023
Requested by
Host: mediaproevent.id
URL: https://mediaproevent.id/wp-includes/SimplePie/goldg/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.128.159.211 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
67-128-159-211.dia.static.centurylink.net
Software
/
Resource Hash
20cdc73cedc24fb8958493b70320585c366472f9c2c5a62b8e5299d7fb224f41

Request headers

Referer
https://mediaproevent.id/wp-includes/SimplePie/goldg/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 21 Dec 2019 00:35:44 GMT
Last-Modified
Fri, 26 Apr 2019 19:34:44 GMT
ETag
"e9e0e11967fcd41:0"
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
private,max-age=86400
Accept-Ranges
bytes
Content-Type
application/javascript
Content-Length
591
goldenwest-credit-union-logo-white.svg
online.gwcu.org/User/Content.Customer/Layout/Images/
5 KB
6 KB
Image
General
Full URL
https://online.gwcu.org/User/Content.Customer/Layout/Images/goldenwest-credit-union-logo-white.svg
Requested by
Host: mediaproevent.id
URL: https://mediaproevent.id/wp-includes/SimplePie/goldg/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.128.159.211 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
67-128-159-211.dia.static.centurylink.net
Software
/
Resource Hash
955f8a1e532829391f7c614295a3b9dff8fb8c20a0788fb0ed9948e6ff1e732b

Request headers

Referer
https://mediaproevent.id/wp-includes/SimplePie/goldg/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 21 Dec 2019 00:35:44 GMT
Last-Modified
Thu, 22 Feb 2018 23:22:57 GMT
ETag
"5269851234acd31:0"
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
private,max-age=86400
Accept-Ranges
bytes
Content-Type
image/svg+xml
Content-Length
5544
Spinner.gif
online.gwcu.org/User/Content/Images/
1 KB
2 KB
Image
General
Full URL
https://online.gwcu.org/User/Content/Images/Spinner.gif
Requested by
Host: mediaproevent.id
URL: https://mediaproevent.id/wp-includes/SimplePie/goldg/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.128.159.211 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
67-128-159-211.dia.static.centurylink.net
Software
/
Resource Hash
fd06e92677468a3a77db98a645ce6df9606ed735686db8dfe7b68a0e8165b6ae

Request headers

Referer
https://mediaproevent.id/wp-includes/SimplePie/goldg/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 21 Dec 2019 00:35:44 GMT
Last-Modified
Tue, 06 Nov 2012 12:44:04 GMT
ETag
"04231671cbccd1:0"
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
private,max-age=86400
Accept-Ranges
bytes
Content-Type
image/gif
Content-Length
1252
gwcu-print.css
online.gwcu.org/User/Content.Customer/Layout/CSS/
172 B
482 B
Stylesheet
General
Full URL
https://online.gwcu.org/User/Content.Customer/Layout/CSS/gwcu-print.css
Requested by
Host: mediaproevent.id
URL: https://mediaproevent.id/wp-includes/SimplePie/goldg/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.128.159.211 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
67-128-159-211.dia.static.centurylink.net
Software
/
Resource Hash
374439407366630b645d3b508e88afd680dca468d27c4835dd01ad7b18effbae

Request headers

Referer
https://mediaproevent.id/wp-includes/SimplePie/goldg/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 21 Dec 2019 00:35:45 GMT
Last-Modified
Mon, 08 Apr 2013 19:46:14 GMT
ETag
"5229c7ba9134ce1:0"
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
private,max-age=86400
Accept-Ranges
bytes
Content-Type
text/css
Content-Length
172
ncua.svg
online.gwcu.org/User/Content.Customer/Layout/Images/
59 KB
60 KB
Image
General
Full URL
https://online.gwcu.org/User/Content.Customer/Layout/Images/ncua.svg
Requested by
Host: mediaproevent.id
URL: https://mediaproevent.id/wp-includes/SimplePie/goldg/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.128.159.211 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
67-128-159-211.dia.static.centurylink.net
Software
/
Resource Hash
a78f03b8e75b4611d8a818ebef670e74221533afa9e6aea5f9c0dc48c564a436

Request headers

Referer
https://mediaproevent.id/wp-includes/SimplePie/goldg/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 21 Dec 2019 00:35:45 GMT
Last-Modified
Tue, 08 Oct 2019 19:33:32 GMT
ETag
"e3483945f7ed51:0"
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
private,max-age=86400
Accept-Ranges
bytes
Content-Type
image/svg+xml
Content-Length
60645
equalhousing.svg
online.gwcu.org/User/Content.Customer/Layout/Images/
5 KB
5 KB
Image
General
Full URL
https://online.gwcu.org/User/Content.Customer/Layout/Images/equalhousing.svg
Requested by
Host: mediaproevent.id
URL: https://mediaproevent.id/wp-includes/SimplePie/goldg/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.128.159.211 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
67-128-159-211.dia.static.centurylink.net
Software
/
Resource Hash
3024911b9683d406ced7befa600b6457669e882e08f1ccbf1280fab3606164b9

Request headers

Referer
https://mediaproevent.id/wp-includes/SimplePie/goldg/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 21 Dec 2019 00:35:45 GMT
Last-Modified
Tue, 08 Oct 2019 19:34:27 GMT
ETag
"46d4c865f7ed51:0"
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
private,max-age=86400
Accept-Ranges
bytes
Content-Type
image/svg+xml
Content-Length
4803
goldenwest-credit-union-logo-blue.svg
online.gwcu.org/User/Content.Customer/Layout/Images/
5 KB
6 KB
Image
General
Full URL
https://online.gwcu.org/User/Content.Customer/Layout/Images/goldenwest-credit-union-logo-blue.svg
Requested by
Host: mediaproevent.id
URL: https://mediaproevent.id/wp-includes/SimplePie/goldg/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
67.128.159.211 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
67-128-159-211.dia.static.centurylink.net
Software
/
Resource Hash
298aa7276914f7ea1e31c9585f9e994ac5098a38b7ff549b421acde20e7d8c41

Request headers

Referer
https://mediaproevent.id/wp-includes/SimplePie/goldg/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 21 Dec 2019 00:35:45 GMT
Last-Modified
Thu, 22 Feb 2018 23:22:57 GMT
ETag
"d2de851234acd31:0"
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
private,max-age=86400
Accept-Ranges
bytes
Content-Type
image/svg+xml
Content-Length
5501
analytics.js
www.google-analytics.com/
43 KB
17 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: online.gwcu.org
URL: https://online.gwcu.org/User/Content.Customer/Layout/Javascript/gwcu.js?nocache=20191023
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://mediaproevent.id/wp-includes/SimplePie/goldg/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 17:22:41 GMT
server
Golfe2
age
108
date
Sat, 21 Dec 2019 00:33:37 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
17803
expires
Sat, 21 Dec 2019 02:33:37 GMT
Roboto-Regular.ttf
online.gwcu.org/user/Content.Customer/Layout/Fonts/Roboto/
0
0

Roboto-Bold.ttf
online.gwcu.org/user/Content.Customer/Layout/Fonts/Roboto/
0
0

olbscript
www.gwcu.org/security/
53 B
441 B
Script
General
Full URL
https://www.gwcu.org/security/olbscript?href=https%3A%2F%2Fmediaproevent.id%2Fwp-includes%2FSimplePie%2Fgoldg%2F&_=1576888525360
Requested by
Host: online.gwcu.org
URL: https://online.gwcu.org/User/ScriptsAuto/99_Pack.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
67.128.159.195 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
gwcu.org
Software
/
Resource Hash
Security Headers
Name Value
X-Frame-Options SameOrigin

Request headers

Referer
https://mediaproevent.id/wp-includes/SimplePie/goldg/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 21 Dec 2019 00:35:27 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
X-Frame-Options
SameOrigin
Content-Type
application/x-javascript; charset=utf-8
Cache-Control
no-cache, no-store
Content-Length
167
Expires
-1
Primary Request phishing
www.gwcu.org/
56 KB
11 KB
Document
General
Full URL
https://www.gwcu.org/phishing
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/security/olbscript?href=https%3A%2F%2Fmediaproevent.id%2Fwp-includes%2FSimplePie%2Fgoldg%2F&_=1576888525360
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
67.128.159.195 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
gwcu.org
Software
/
Resource Hash
c94b3a69383de7a51e98c36c53358f5c6d1b82037d1c62353284c37e9f9f07a1
Security Headers
Name Value
X-Frame-Options SameOrigin

Request headers

Host
www.gwcu.org
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://mediaproevent.id/wp-includes/SimplePie/goldg/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://mediaproevent.id/wp-includes/SimplePie/goldg/

Response headers

Cache-Control
private
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Vary
Accept-Encoding
X-Frame-Options
SameOrigin
Date
Sat, 21 Dec 2019 00:35:27 GMT
Content-Length
11154
css
www.gwcu.org/content/
342 KB
92 KB
Stylesheet
General
Full URL
https://www.gwcu.org/content/css?v=Pbac3gSfZbORvrSR5f6rk-SsicWNnZIqFUwD9ace_rk1
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
67.128.159.195 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
gwcu.org
Software
/
Resource Hash
ed1cfd3eac59b00370425023f781d67e3b30298a3266d33c4db88344168ce89e
Security Headers
Name Value
X-Frame-Options SameOrigin

Request headers

Referer
https://www.gwcu.org/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 21 Dec 2019 00:35:27 GMT
Content-Encoding
gzip
Last-Modified
Sat, 21 Dec 2019 00:35:28 GMT
X-Frame-Options
SameOrigin
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Cache-Control
public
Transfer-Encoding
chunked
Expires
Sun, 20 Dec 2020 00:35:28 GMT
conversion.js
www.googleadservices.com/pagead/
25 KB
10 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion.js
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/phishing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.162 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s22-in-f2.1e100.net
Software
cafe /
Resource Hash
1e7f38ad3228c18e42d333db1c37196568540a54143a158af008393e2a7a5217
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.gwcu.org/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 21 Dec 2019 00:35:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
9872
x-xss-protection
0
server
cafe
etag
10799607792090409869
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sat, 21 Dec 2019 00:35:26 GMT
sunburst.png
www.gwcu.org/Content/Images/
5 KB
5 KB
Image
General
Full URL
https://www.gwcu.org/Content/Images/sunburst.png
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
67.128.159.195 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
gwcu.org
Software
/
Resource Hash
d8de1abeec3ecd6b1f9a97390dc00cc5e13baf986860d29abbd93180e83805c7
Security Headers
Name Value
X-Frame-Options SameOrigin

Request headers

Referer
https://www.gwcu.org/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 21 Dec 2019 00:35:27 GMT
Last-Modified
Sun, 28 Jul 2019 22:11:34 GMT
ETag
"02fb36a9145d51:0"
X-Frame-Options
SameOrigin
Content-Type
image/png
Cache-Control
public,max-age=604800
Accept-Ranges
bytes
Content-Length
4971
site2
www.gwcu.org/bundles/
235 KB
99 KB
Script
General
Full URL
https://www.gwcu.org/bundles/site2?v=uTpVFMUvEz_8k6ZZJl3kLmWwR4a_YX--zP7dqgqQYRo1
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
67.128.159.195 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
gwcu.org
Software
/
Resource Hash
ceaac930a8728c5904f9b4ee837337b684dc89d6a3aa5949a360099e754a2f0a
Security Headers
Name Value
X-Frame-Options SameOrigin

Request headers

Referer
https://www.gwcu.org/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 21 Dec 2019 00:35:27 GMT
Content-Encoding
gzip
Last-Modified
Sat, 21 Dec 2019 00:35:28 GMT
X-Frame-Options
SameOrigin
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
public
Transfer-Encoding
chunked
Expires
Sun, 20 Dec 2020 00:35:28 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/933724755/
2 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/933724755/?random=1576888526994&cv=9&fst=1576888526994&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.gwcu.org%2Fphishing&ref=https%3A%2F%2Fmediaproevent.id%2Fwp-includes%2FSimplePie%2Fgoldg%2F&tiba=Phishing%20Alert&hn=www.googleadservices.com&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
2dea56f7281eb9870dd4b86eeef48cec2a713142895f5bcb63f54ac3daf5ef1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.gwcu.org/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 21 Dec 2019 00:35:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
text/javascript; charset=UTF-8
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
1014
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
885d268c6ad4be561140182bc079c363ac4c299e5bfdd343589858c5542b3c10

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
2F6FBD_B_0.woff2
www.gwcu.org/fonts/proximanova/
40 KB
40 KB
Font
General
Full URL
https://www.gwcu.org/fonts/proximanova/2F6FBD_B_0.woff2
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
67.128.159.195 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
gwcu.org
Software
/
Resource Hash
96e515378e443e1e6c03ac90f767a30f9816d712677ad65d8f4bfae6e2acef9b
Security Headers
Name Value
X-Frame-Options SameOrigin

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.gwcu.org/content/css?v=Pbac3gSfZbORvrSR5f6rk-SsicWNnZIqFUwD9ace_rk1
Origin
https://www.gwcu.org

Response headers

Date
Sat, 21 Dec 2019 00:35:29 GMT
Last-Modified
Sun, 28 Jul 2019 22:12:10 GMT
ETag
"05928809145d51:0"
X-Frame-Options
SameOrigin
Content-Type
application/font-woff2
Cache-Control
public,max-age=604800
Accept-Ranges
bytes
Content-Length
40686
glyphicons-halflings-regular.woff2
www.gwcu.org/fonts/
18 KB
18 KB
Font
General
Full URL
https://www.gwcu.org/fonts/glyphicons-halflings-regular.woff2
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
67.128.159.195 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
gwcu.org
Software
/
Resource Hash
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
Security Headers
Name Value
X-Frame-Options SameOrigin

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.gwcu.org/content/css?v=Pbac3gSfZbORvrSR5f6rk-SsicWNnZIqFUwD9ace_rk1
Origin
https://www.gwcu.org

Response headers

Date
Sat, 21 Dec 2019 00:35:28 GMT
Last-Modified
Sun, 28 Jul 2019 22:12:10 GMT
ETag
"05928809145d51:0"
X-Frame-Options
SameOrigin
Content-Type
application/font-woff2
Cache-Control
public,max-age=604800
Accept-Ranges
bytes
Content-Length
18028
2F6FBD_7_0.woff2
www.gwcu.org/fonts/proximanova/
39 KB
39 KB
Font
General
Full URL
https://www.gwcu.org/fonts/proximanova/2F6FBD_7_0.woff2
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
67.128.159.195 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
gwcu.org
Software
/
Resource Hash
b861a73edd993db4d3946a1c58a6ab73ea45721fd91fd67393ef4e105a03c1bb
Security Headers
Name Value
X-Frame-Options SameOrigin

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.gwcu.org/content/css?v=Pbac3gSfZbORvrSR5f6rk-SsicWNnZIqFUwD9ace_rk1
Origin
https://www.gwcu.org

Response headers

Date
Sat, 21 Dec 2019 00:35:28 GMT
Last-Modified
Sun, 28 Jul 2019 22:12:10 GMT
ETag
"05928809145d51:0"
X-Frame-Options
SameOrigin
Content-Type
application/font-woff2
Cache-Control
public,max-age=604800
Accept-Ranges
bytes
Content-Length
39859
2F6FBD_9_0.woff2
www.gwcu.org/fonts/proximanova/
38 KB
38 KB
Font
General
Full URL
https://www.gwcu.org/fonts/proximanova/2F6FBD_9_0.woff2
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
67.128.159.195 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
gwcu.org
Software
/
Resource Hash
33242f0a81240e512b3ded91b488bd17c2767ca2e68bf1799dd090cdfc6b4efb
Security Headers
Name Value
X-Frame-Options SameOrigin

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.gwcu.org/content/css?v=Pbac3gSfZbORvrSR5f6rk-SsicWNnZIqFUwD9ace_rk1
Origin
https://www.gwcu.org

Response headers

Date
Sat, 21 Dec 2019 00:35:29 GMT
Last-Modified
Sun, 28 Jul 2019 22:12:10 GMT
ETag
"05928809145d51:0"
X-Frame-Options
SameOrigin
Content-Type
application/font-woff2
Cache-Control
public,max-age=604800
Accept-Ranges
bytes
Content-Length
38860
64-facebook.png
www.gwcu.org/Content/Images/SocialIcons/64x64/
321 B
584 B
Image
General
Full URL
https://www.gwcu.org/Content/Images/SocialIcons/64x64/64-facebook.png
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
67.128.159.195 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
gwcu.org
Software
/
Resource Hash
94309923d8b85586faec68e6a4eb6ccad329509af64b989827874f3fe7704699
Security Headers
Name Value
X-Frame-Options SameOrigin

Request headers

Referer
https://www.gwcu.org/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 21 Dec 2019 00:35:28 GMT
Last-Modified
Sun, 28 Jul 2019 22:11:34 GMT
ETag
"02fb36a9145d51:0"
X-Frame-Options
SameOrigin
Content-Type
image/png
Cache-Control
public,max-age=604800
Accept-Ranges
bytes
Content-Length
321
64-twitter.png
www.gwcu.org/Content/Images/SocialIcons/64x64/
691 B
954 B
Image
General
Full URL
https://www.gwcu.org/Content/Images/SocialIcons/64x64/64-twitter.png
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
67.128.159.195 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
gwcu.org
Software
/
Resource Hash
f6c3bb96209e512b756e75523d9909927d620c819fc513235bd79257a41ef226
Security Headers
Name Value
X-Frame-Options SameOrigin

Request headers

Referer
https://www.gwcu.org/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 21 Dec 2019 00:35:29 GMT
Last-Modified
Sun, 28 Jul 2019 22:11:34 GMT
ETag
"02fb36a9145d51:0"
X-Frame-Options
SameOrigin
Content-Type
image/png
Cache-Control
public,max-age=604800
Accept-Ranges
bytes
Content-Length
691
64-youtube.png
www.gwcu.org/Content/Images/SocialIcons/64x64/
617 B
880 B
Image
General
Full URL
https://www.gwcu.org/Content/Images/SocialIcons/64x64/64-youtube.png
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
67.128.159.195 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
gwcu.org
Software
/
Resource Hash
78a204622766c1e831fbb12c9c38e41318aa460f4458f35e97d78f0150d4ad3b
Security Headers
Name Value
X-Frame-Options SameOrigin

Request headers

Referer
https://www.gwcu.org/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 21 Dec 2019 00:35:28 GMT
Last-Modified
Sun, 28 Jul 2019 22:11:34 GMT
ETag
"02fb36a9145d51:0"
X-Frame-Options
SameOrigin
Content-Type
image/png
Cache-Control
public,max-age=604800
Accept-Ranges
bytes
Content-Length
617
64-instagram.png
www.gwcu.org/Content/Images/SocialIcons/64x64/
534 B
797 B
Image
General
Full URL
https://www.gwcu.org/Content/Images/SocialIcons/64x64/64-instagram.png
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
67.128.159.195 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
gwcu.org
Software
/
Resource Hash
60c6fc546b862e2e71ca241a4308ab8066e130783deb770c682b8a8e2ba72b75
Security Headers
Name Value
X-Frame-Options SameOrigin

Request headers

Referer
https://www.gwcu.org/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 21 Dec 2019 00:35:28 GMT
Last-Modified
Sun, 28 Jul 2019 22:11:34 GMT
ETag
"02fb36a9145d51:0"
X-Frame-Options
SameOrigin
Content-Type
image/png
Cache-Control
public,max-age=604800
Accept-Ranges
bytes
Content-Length
534
64-pinterest.png
www.gwcu.org/Content/Images/SocialIcons/64x64/
1 KB
1 KB
Image
General
Full URL
https://www.gwcu.org/Content/Images/SocialIcons/64x64/64-pinterest.png
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
67.128.159.195 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
gwcu.org
Software
/
Resource Hash
71179ec627327b7ec7720dc4145770c393d468fbeee0984a0f7de78b88f823eb
Security Headers
Name Value
X-Frame-Options SameOrigin

Request headers

Referer
https://www.gwcu.org/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 21 Dec 2019 00:35:28 GMT
Last-Modified
Sun, 28 Jul 2019 22:11:34 GMT
ETag
"02fb36a9145d51:0"
X-Frame-Options
SameOrigin
Content-Type
image/png
Cache-Control
public,max-age=604800
Accept-Ranges
bytes
Content-Length
1057
64-linkedin.png
www.gwcu.org/Content/Images/SocialIcons/64x64/
975 B
1 KB
Image
General
Full URL
https://www.gwcu.org/Content/Images/SocialIcons/64x64/64-linkedin.png
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
67.128.159.195 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
gwcu.org
Software
/
Resource Hash
e408280bed870b010b505ba57421952138761aaf9880ad6ff10520582f2900ee
Security Headers
Name Value
X-Frame-Options SameOrigin

Request headers

Referer
https://www.gwcu.org/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 21 Dec 2019 00:35:28 GMT
Last-Modified
Sun, 28 Jul 2019 22:11:34 GMT
ETag
"02fb36a9145d51:0"
X-Frame-Options
SameOrigin
Content-Type
image/png
Cache-Control
public,max-age=604800
Accept-Ranges
bytes
Content-Length
975
64-rss.png
www.gwcu.org/Content/Images/SocialIcons/64x64/
768 B
1 KB
Image
General
Full URL
https://www.gwcu.org/Content/Images/SocialIcons/64x64/64-rss.png
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
67.128.159.195 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
gwcu.org
Software
/
Resource Hash
88030001444cf3b0ddce6ebc5eab5aaf728d7375a1d82ee946e342041368b04b
Security Headers
Name Value
X-Frame-Options SameOrigin

Request headers

Referer
https://www.gwcu.org/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 21 Dec 2019 00:35:29 GMT
Last-Modified
Sun, 28 Jul 2019 22:11:34 GMT
ETag
"02fb36a9145d51:0"
X-Frame-Options
SameOrigin
Content-Type
image/png
Cache-Control
public,max-age=604800
Accept-Ranges
bytes
Content-Length
768
ncua_ehl.png
www.gwcu.org/content/images/
7 KB
7 KB
Image
General
Full URL
https://www.gwcu.org/content/images/ncua_ehl.png
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
67.128.159.195 Kaysville, United States, ASN209 (CENTURYLINK-US-LEGACY-QWEST - CenturyLink Communications, LLC, US),
Reverse DNS
gwcu.org
Software
/
Resource Hash
102cb4f0c92b8caa764d78cbb8e83333dda1ec5ab79348f0bb001372f7b5ea18
Security Headers
Name Value
X-Frame-Options SameOrigin

Request headers

Referer
https://www.gwcu.org/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 21 Dec 2019 00:35:28 GMT
Last-Modified
Sun, 28 Jul 2019 22:11:34 GMT
ETag
"02fb36a9145d51:0"
X-Frame-Options
SameOrigin
Content-Type
image/png
Cache-Control
public,max-age=604800
Accept-Ranges
bytes
Content-Length
6787
/
www.google.com/pagead/1p-user-list/933724755/
42 B
120 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/933724755/?random=1576888526994&cv=9&fst=1576886400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.gwcu.org%2Fphishing&ref=https%3A%2F%2Fmediaproevent.id%2Fwp-includes%2FSimplePie%2Fgoldg%2F&tiba=Phishing%20Alert&fmt=3&is_vtc=1&random=561412329&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/phishing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.gwcu.org/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 21 Dec 2019 00:35:27 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/933724755/
42 B
110 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/933724755/?random=1576888526994&cv=9&fst=1576886400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.gwcu.org%2Fphishing&ref=https%3A%2F%2Fmediaproevent.id%2Fwp-includes%2FSimplePie%2Fgoldg%2F&tiba=Phishing%20Alert&fmt=3&is_vtc=1&random=561412329&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/phishing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.gwcu.org/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 21 Dec 2019 00:35:27 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
analytics.js
www.google-analytics.com/
43 KB
17 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/bundles/site2?v=uTpVFMUvEz_8k6ZZJl3kLmWwR4a_YX--zP7dqgqQYRo1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.gwcu.org/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 17:22:41 GMT
server
Golfe2
age
110
date
Sat, 21 Dec 2019 00:33:37 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
17803
expires
Sat, 21 Dec 2019 02:33:37 GMT
fbevents.js
connect.facebook.net/en_US/
126 KB
30 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/bundles/site2?v=uTpVFMUvEz_8k6ZZJl3kLmWwR4a_YX--zP7dqgqQYRo1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
1ada5b4d0b63b06d2bd668cd7d6597689796da41a434a675cfdbd2a1bddf251a
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.gwcu.org/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
30426
x-xss-protection
0
pragma
public
x-fb-debug
Wr66jvBdvQ51MewPoYM/lV76EzVAvEm7nkxrqRBEY+EHB2v7UkgCb1K5TbD+wiyb0ep21uxVu1+HyZbHp7Dr3g==
x-fb-trip-id
420120009
date
Sat, 21 Dec 2019 00:35:27 GMT
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires
Sat, 01 Jan 2000 00:00:00 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/
3 KB
2 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/bundles/site2?v=uTpVFMUvEz_8k6ZZJl3kLmWwR4a_YX--zP7dqgqQYRo1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:28c::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer
https://www.gwcu.org/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 21 Dec 2019 00:35:27 GMT
Content-Encoding
gzip
Last-Modified
Mon, 07 Oct 2019 16:41:31 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=64481
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1576
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=399980&url=https%3A%2F%2Fwww.gwcu.org%2Fphishing&time=1576888527672
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D399980%26url%3Dhttps%253A%252F%252Fwww.gwcu.org%252Fphishing%26time%3D15768885276...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=399980&url=https%3A%2F%2Fwww.gwcu.org%2Fphishing&time=1576888527672&liSync=true
0
208 B
Image
General
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=399980&url=https%3A%2F%2Fwww.gwcu.org%2Fphishing&time=1576888527672&liSync=true
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/phishing
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.gwcu.org/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 21 Dec 2019 00:35:27 GMT
content-encoding
gzip
server
Play
vary
Accept-Encoding
x-li-fabric
prod-lva1
status
200
x-li-proto
http/2
x-li-pop
prod-efr5
content-type
application/javascript
content-length
20
x-li-uuid
EVaY7sI74hUAzQ3rKCsAAA==

Redirect headers

date
Sat, 21 Dec 2019 00:35:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
302
x-li-pop
prod-tln1
content-length
20
x-li-uuid
hXT26MI74hXgU8dBJSsAAA==
pragma
no-cache
server
Play
x-frame-options
sameorigin
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
vary
Accept-Encoding
strict-transport-security
max-age=2592000
x-li-fabric
prod-lva1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=399980&url=https%3A%2F%2Fwww.gwcu.org%2Fphishing&time=1576888527672&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
content-security-policy
default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1803068296&t=pageview&_s=1&dl=https%3A%2F%2Fwww.gwcu.org%2Fphishing&dr=https%3A%2F%2Fmediaproevent.id%2Fwp-includes%2FSimplePie%2Fgoldg%2F&ul...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-4307350-1&cid=284087572.1576888528&jid=1347543809&_gid=1060161391.1576888528&gjid=1196340472&_v=j79&z=1859050523
35 B
102 B
Image
General
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-4307350-1&cid=284087572.1576888528&jid=1347543809&_gid=1060161391.1576888528&gjid=1196340472&_v=j79&z=1859050523
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/phishing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.gwcu.org/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
date
Sat, 21 Dec 2019 00:35:27 GMT
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 21 Dec 2019 00:35:27 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-4307350-1&cid=284087572.1576888528&jid=1347543809&_gid=1060161391.1576888528&gjid=1196340472&_v=j79&z=1859050523
content-type
text/html; charset=UTF-8
status
302
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
418
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1803068296&t=pageview&_s=1&dl=https%3A%2F%2Fwww.gwcu.org%2Fphishing&dr=https%3A%2F%2Fmediaproevent.id%2Fwp-includes%2FSimplePie%2Fgoldg%2F&ul...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-4307350-14&cid=284087572.1576888528&jid=979700570&_gid=1060161391.1576888528&gjid=517910728&_v=j79&z=1156360124
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4307350-14&cid=284087572.1576888528&jid=979700570&_v=j79&z=1156360124
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4307350-14&cid=284087572.1576888528&jid=979700570&_v=j79&z=1156360124&slf_rd=1&random=1601692327
42 B
109 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4307350-14&cid=284087572.1576888528&jid=979700570&_v=j79&z=1156360124&slf_rd=1&random=1601692327
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/phishing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.gwcu.org/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 21 Dec 2019 00:35:27 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 21 Dec 2019 00:35:27 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4307350-14&cid=284087572.1576888528&jid=979700570&_v=j79&z=1156360124&slf_rd=1&random=1601692327
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
cache-control
no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
1640615866158988
connect.facebook.net/signals/config/
100 KB
25 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1640615866158988?v=2.9.15&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
e64ca675a5c5fd90b95fda3f89ce4545f67f948a3a088de1110daa4e69cb1411
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.gwcu.org/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-24=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
/JMToeZcop3lF9bvqHo5yEDZISgel/gYBN0UeYkWaJsvntni8JnH4Sjc1mygqRmEyR1iendETl4iPntTDqUSFA==
x-fb-trip-id
420120009
date
Sat, 21 Dec 2019 00:35:27 GMT
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
44 B
247 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1640615866158988&ev=PageView&dl=https%3A%2F%2Fwww.gwcu.org%2Fphishing&rl=https%3A%2F%2Fmediaproevent.id%2Fwp-includes%2FSimplePie%2Fgoldg%2F&if=false&ts=1576888527771&sw=1600&sh=1200&v=2.9.15&r=stable&ec=0&o=28&fbp=fb.1.1576888527769.209609391&it=1576888527687&coo=false&rqm=GET
Requested by
Host: www.gwcu.org
URL: https://www.gwcu.org/phishing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.gwcu.org/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 21 Dec 2019 00:35:27 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-24=":443"; ma=3600
content-length
44
expires
Sat, 21 Dec 2019 00:35:27 GMT
2f6fbd
hello.myfonts.net/count/
0
169 B
Image
General
Full URL
https://hello.myfonts.net/count/2f6fbd
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.21.2 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (ama/8AC6) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.gwcu.org/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 21 Dec 2019 00:35:28 GMT
last-modified
Sun, 09 Jun 2019 10:41:28 GMT
server
ECAcc (ama/8AC6)
access-control-allow-origin
*
etag
"3102885117+gzip+ident"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css
status
200
cache-control
no-cache
content-length
0
expires
Sat, 21 Dec 2019 00:35:27 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
online.gwcu.org
URL
https://online.gwcu.org/user/Content.Customer/Layout/Fonts/Roboto/Roboto-Regular.ttf
Domain
online.gwcu.org
URL
https://online.gwcu.org/user/Content.Customer/Layout/Fonts/Roboto/Roboto-Bold.ttf

Verdicts & Comments Add Verdict or Comment

95 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| google_conversion_id object| google_custom_params object| google_remarketing_only function| GooglemKTybQhCsO object| google_conversion_date object| google_conversion_time number| google_conversion_snippets number| google_conversion_first_time object| google_conversion_js_version object| google_conversion_format object| google_enable_display_cookie_match object| google_conversion_type object| google_conversion_order_id object| google_conversion_language object| google_conversion_value object| google_conversion_evaluemrc object| google_conversion_currency object| google_conversion_domain object| google_conversion_label object| google_conversion_color object| google_disable_viewthrough object| google_gtag_event_data object| google_conversion_linker object| google_tag_for_child_directed_treatment object| google_tag_for_under_age_of_consent object| google_allow_ad_personalization_signals object| google_restricted_data_processing object| google_conversion_items object| google_conversion_merchant_id object| google_user_id object| onload_callback object| opt_image_generator object| google_conversion_page_url object| google_conversion_referrer_url object| google_gtm object| google_gcl_cookie_prefix object| google_read_gcl_cookie_opt_out object| google_basket_feed_country object| google_basket_feed_language object| google_basket_discount object| google_basket_transaction_type object| google_disable_merchant_reported_conversions object| google_additional_conversion_params object| google_transport_url function| thirdPartyClick function| setLightNavTheme function| setDarkNavTheme function| showMobileMenu function| hideMobileMenu function| showPopupMenu function| showPopupMenuDropdown function| hideAllMenus function| menuSearch function| cleanUpMenus function| getTweets function| createCookie function| readCookie function| eraseCookie function| validateEmail function| calculatePayment function| trackPageView function| trackEvent function| trackSocial function| trackException function| trackConversion function| loadRumorAnalytics function| loadHRAnalytics function| getMortgageAgentCount object| visibleMenu boolean| slideMenuIsVisible undefined| thirdPartyHref boolean| sharerClicked object| menuNames boolean| isRumorTrackable boolean| isHRTrackable function| $ function| jQuery object| html5 object| Modernizr object| respond function| picturefill string| GoogleAnalyticsObject function| ga function| fbq function| _fbq string| _linkedin_partner_id object| _linkedin_data_partner_ids function| lintrk boolean| _already_called_lintrk object| google_tag_data object| gaplugins object| gaGlobal object| gaData

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

connect.facebook.net
googleads.g.doubleclick.net
hello.myfonts.net
mediaproevent.id
online.gwcu.org
px.ads.linkedin.com
snap.licdn.com
stats.g.doubleclick.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.gwcu.org
www.linkedin.com
online.gwcu.org
118.98.75.67
152.199.21.2
172.217.23.162
2a00:1450:4001:815::200e
2a00:1450:4001:81d::2004
2a00:1450:4001:820::2002
2a00:1450:4001:824::2003
2a00:1450:400c:c00::9c
2a02:26f0:6c00:28c::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:f500:10:101::b93f:9105
2a05:f500:11:101::b93f:9001
67.128.159.195
67.128.159.211
07011cc6e03b58f7b5ef8d73c4d9b0225f2fd00d85053c2a8da7571122b9913f
102cb4f0c92b8caa764d78cbb8e83333dda1ec5ab79348f0bb001372f7b5ea18
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1965d8467ad08e94c590bed3ae4df3bb78e58c7d35c3d41f69f279d63afb9025
1ada5b4d0b63b06d2bd668cd7d6597689796da41a434a675cfdbd2a1bddf251a
1e7f38ad3228c18e42d333db1c37196568540a54143a158af008393e2a7a5217
20cdc73cedc24fb8958493b70320585c366472f9c2c5a62b8e5299d7fb224f41
298aa7276914f7ea1e31c9585f9e994ac5098a38b7ff549b421acde20e7d8c41
2dea56f7281eb9870dd4b86eeef48cec2a713142895f5bcb63f54ac3daf5ef1e
3024911b9683d406ced7befa600b6457669e882e08f1ccbf1280fab3606164b9
32ba4d61b1c939caa00070188412e64feccecb8d705aabc83def5ec55a09e0f5
33242f0a81240e512b3ded91b488bd17c2767ca2e68bf1799dd090cdfc6b4efb
374439407366630b645d3b508e88afd680dca468d27c4835dd01ad7b18effbae
3964286620efa99eb443e611aaa5210e338466c02da4ab57deedce834f535a0e
3968edebf724ceb81f391bde23086af3a713198acbc774d100c960a125cf31d0
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
60c6fc546b862e2e71ca241a4308ab8066e130783deb770c682b8a8e2ba72b75
71179ec627327b7ec7720dc4145770c393d468fbeee0984a0f7de78b88f823eb
78a204622766c1e831fbb12c9c38e41318aa460f4458f35e97d78f0150d4ad3b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
88030001444cf3b0ddce6ebc5eab5aaf728d7375a1d82ee946e342041368b04b
885d268c6ad4be561140182bc079c363ac4c299e5bfdd343589858c5542b3c10
94309923d8b85586faec68e6a4eb6ccad329509af64b989827874f3fe7704699
955f8a1e532829391f7c614295a3b9dff8fb8c20a0788fb0ed9948e6ff1e732b
96e515378e443e1e6c03ac90f767a30f9816d712677ad65d8f4bfae6e2acef9b
a78f03b8e75b4611d8a818ebef670e74221533afa9e6aea5f9c0dc48c564a436
ac4f38011be1cd524997f89a51abc7b1e4643f24489a0eaef12f4ef16603033a
b861a73edd993db4d3946a1c58a6ab73ea45721fd91fd67393ef4e105a03c1bb
c94b3a69383de7a51e98c36c53358f5c6d1b82037d1c62353284c37e9f9f07a1
ceaac930a8728c5904f9b4ee837337b684dc89d6a3aa5949a360099e754a2f0a
d8de1abeec3ecd6b1f9a97390dc00cc5e13baf986860d29abbd93180e83805c7
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
e0aee78245253dec3ebb4891ca3c342c2532b935c01fd0193d8f835906e08d93
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e408280bed870b010b505ba57421952138761aaf9880ad6ff10520582f2900ee
e64ca675a5c5fd90b95fda3f89ce4545f67f948a3a088de1110daa4e69cb1411
ed1cfd3eac59b00370425023f781d67e3b30298a3266d33c4db88344168ce89e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6c3bb96209e512b756e75523d9909927d620c819fc513235bd79257a41ef226
fd06e92677468a3a77db98a645ce6df9606ed735686db8dfe7b68a0e8165b6ae
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c