| indloguass.pages.dev/css/styles.7083615ebe6cea4aa24b.css | 172.66.44.186 | 200 OK | 44 B |
URL GET HTTP/3indloguass.pages.dev/css/styles.7083615ebe6cea4aa24b.css IP172.66.44.186:443
Requested byhttps://indloguass.pages.dev/cbol-pre-login-static-assets CertificateIssuerGoogle Trust Services LLC Subjectindloguass.pages.dev Fingerprint01:B9:59:CC:43:38:13:BB:DA:81:FB:23:6C:DF:3E:71:EB:AA:5A:D1 ValidityTue, 02 Apr 2024 09:27:49 GMT - Mon, 01 Jul 2024 09:27:48 GMT
File typeHTML document, ASCII text, with no line terminators Hashbbf7496b50a6f6ddaa9a8c733cb6f07d aaa63fee59ff8e69ba5948ef78d11ded29e8fc83 b1727c1b9c1b66ed8410c007ddc73f7c169118d56af71ea1200b357706fbcbc7
Analyzer | Verdict | Alert | OpenPhish | phishing | Citigroup Inc. | Quad9 DNS | malicious | Sinkholed |
GET /css/styles.7083615ebe6cea4aa24b.css HTTP/1.1
Host: indloguass.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://indloguass.pages.dev/cbol-pre-login-static-assets
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:29:12 GMT
content-type: text/css; charset=utf-8
content-length: 44
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "86254074c7cacf67f564f81e4519a31d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YqRO7N2cFwDf4y3LG2pi9RsedZb5ma%2FwwrBsp8x61WaD9pYxKS%2BJ8bVbZoR2rXcdqd7wPBopEq1rFMcJzsBiBGeqsM3IgTxiSu3Cmj82mm9hbN%2F0u67My9GDVQyMe7qLapZRiHeFsA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879359d5ee9e1c0e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| indloguass.pages.dev/images/citilogoredesign.png | 172.66.44.186 | 200 OK | 1.8 kB |
URL GET HTTP/3indloguass.pages.dev/images/citilogoredesign.png IP172.66.44.186:443
Requested byhttps://indloguass.pages.dev/cbol-pre-login-static-assets CertificateIssuerGoogle Trust Services LLC Subjectindloguass.pages.dev Fingerprint01:B9:59:CC:43:38:13:BB:DA:81:FB:23:6C:DF:3E:71:EB:AA:5A:D1 ValidityTue, 02 Apr 2024 09:27:49 GMT - Mon, 01 Jul 2024 09:27:48 GMT
File typePNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced Hashb8c9db53b866a0120618cd396e1513f1 5cfe9732c78e4eb7365681834cdd682b977a0232 102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Citi | OpenPhish | phishing | Citigroup Inc. | Quad9 DNS | malicious | Sinkholed |
GET /images/citilogoredesign.png HTTP/1.1
Host: indloguass.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://indloguass.pages.dev/cbol-pre-login-static-assets
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:29:12 GMT
content-type: image/png
content-length: 1799
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "103c4ab7cc885ff97432791c46c64109"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dc5QaTngUMmGs806TzTYRFn3u3vg55CWwgeAzqx7ctss5s%2Bed%2Bly93iLIsa8l5R5%2Fds9q1z3nhDtvCHZzuT9E7DZy0b6SuQ3v5hzqDv5QGJdEqSxEtsR1FWKGDHa7Jb1kYTji8pSJA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879359d5ee9f1c0e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff | 104.110.24.232 | 200 OK | 76 kB |
URL GET HTTP/2www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff IP104.110.24.232:443
Requested byhttps://indloguass.pages.dev/cbol-pre-login-static-assets CertificateIssuerDigiCert Inc Subjectwww.citi.com Fingerprint7B:97:41:ED:8C:0E:70:DA:7E:FF:FC:93:66:2A:DF:E0:12:35:0A:00 ValidityTue, 07 Nov 2023 00:00:00 GMT - Thu, 05 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format, TrueType, length 75538, version 1.197 Hash3d1d3153b04b6ce8a33a20f60df9d723 60e91c7766bdc415134c1111a283ffed3749dbae f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff HTTP/1.1
Host: www.citi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://indloguass.pages.dev/
Origin: https://indloguass.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: font/woff
content-length: 75538
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
access-control-max-age: 2147483647
dclocation: GT1DMS
etag: W/"12712-18edb4cb448"
last-modified: Sun, 14 Apr 2024 06:30:21 GMT
nonce: 8619135711713931
referrer-policy: no-referrer
scope: VISITOR
sid: 090bcdb8-416c-4702-b79e-c78b2a871aad
uuid: 71f75d73-325c-47a0-a17f-d732b2415714
x-content-type-options: nosniff
x-vcap-request-id: 987ff145-7d6e-4040-53fb-524e235e6a8c
x-xss-protection: 1 ; mode=block
x-akamai-citisite: GTDC
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, no-transform, max-age=21600
expires: Wed, 24 Apr 2024 10:29:12 GMT
date: Wed, 24 Apr 2024 04:29:12 GMT
set-cookie: AKMTLTSID=06320D4CFA3F14EEA5616D5A391C3F71; path=/; domain=citi.com; secure
access-control-allow-credentials: true
access-control-allow-origin: https://citimobile.citibankonline.com
X-Firefox-Spdy: h2
|
|
| www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff | 104.110.24.232 | 200 OK | 79 kB |
URL GET HTTP/2www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff IP104.110.24.232:443
Requested byhttps://indloguass.pages.dev/cbol-pre-login-static-assets CertificateIssuerDigiCert Inc Subjectwww.citi.com Fingerprint7B:97:41:ED:8C:0E:70:DA:7E:FF:FC:93:66:2A:DF:E0:12:35:0A:00 ValidityTue, 07 Nov 2023 00:00:00 GMT - Thu, 05 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format, TrueType, length 78762, version 1.197 Hashb1f3eca7de0c2cb35740f32dd0b83823 dffc474081c23fc151265b637a4468e82004ecc8 045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe
GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff HTTP/1.1
Host: www.citi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://indloguass.pages.dev/
Origin: https://indloguass.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: font/woff
content-length: 78762
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
access-control-max-age: 2147483647
dclocation: GT1DMS
etag: W/"133aa-18edb4cb448"
last-modified: Sun, 14 Apr 2024 06:30:21 GMT
nonce: 6177670342399341
referrer-policy: no-referrer
scope: VISITOR
sid: fdb9af1f-1bdd-456e-8800-b95133ed38c4
uuid: da13d33a-3b3f-4f46-a085-4c84d3616fef
x-content-type-options: nosniff
x-vcap-request-id: 30c63ac6-7f2a-443f-695c-460f78c76be7
x-xss-protection: 1 ; mode=block
x-akamai-citisite: GTDC
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, no-transform, max-age=21600
expires: Wed, 24 Apr 2024 10:29:12 GMT
date: Wed, 24 Apr 2024 04:29:12 GMT
set-cookie: AKMTLTSID=8CDBACCDFB6EBFC86FE2E13BB6F1E6BD; path=/; domain=citi.com; secure
access-control-allow-credentials: true
access-control-allow-origin: https://citimobile.citibankonline.com
X-Firefox-Spdy: h2
|
|
| www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff | 104.110.24.232 | 200 OK | 72 kB |
URL GET HTTP/2www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff IP104.110.24.232:443
Requested byhttps://indloguass.pages.dev/cbol-pre-login-static-assets CertificateIssuerDigiCert Inc Subjectwww.citi.com Fingerprint7B:97:41:ED:8C:0E:70:DA:7E:FF:FC:93:66:2A:DF:E0:12:35:0A:00 ValidityTue, 07 Nov 2023 00:00:00 GMT - Thu, 05 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format, TrueType, length 71874, version 1.197 Hash9fd45584370dd1c58e1ed9050efb925f 7b41085678166c62e23e8cf3c8c9ab13e13c356d e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff HTTP/1.1
Host: www.citi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://indloguass.pages.dev/
Origin: https://indloguass.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: font/woff
content-length: 71874
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
access-control-max-age: 2147483647
dclocation: GT1DMS
etag: W/"118c2-18edb4cb448"
last-modified: Sun, 14 Apr 2024 06:30:21 GMT
nonce: 5723817147935276
referrer-policy: no-referrer
scope: VISITOR
sid: 16ccbb89-7744-480b-8592-b95d8aae0308
uuid: 90d8bbcf-8d88-4fcc-8294-d70f84debb70
x-content-type-options: nosniff
x-vcap-request-id: a4a37d39-536d-46bf-55db-224f9de25f4a
x-xss-protection: 1 ; mode=block
x-akamai-citisite: GTDC
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, no-transform, max-age=21600
expires: Wed, 24 Apr 2024 10:29:12 GMT
date: Wed, 24 Apr 2024 04:29:12 GMT
set-cookie: AKMTLTSID=D7EA44049223B1A60A1D9A8AA4DA9BEF; path=/; domain=citi.com; secure
access-control-allow-credentials: true
access-control-allow-origin: https://citimobile.citibankonline.com
X-Firefox-Spdy: h2
|
|
| indloguass.pages.dev/images/icon_globe_med-grey%402x.svg | 172.66.44.186 | 200 OK | 6.4 kB |
URL GET HTTP/3indloguass.pages.dev/images/icon_globe_med-grey%402x.svg IP172.66.44.186:443
Requested byhttps://indloguass.pages.dev/cbol-pre-login-static-assets CertificateIssuerGoogle Trust Services LLC Subjectindloguass.pages.dev Fingerprint01:B9:59:CC:43:38:13:BB:DA:81:FB:23:6C:DF:3E:71:EB:AA:5A:D1 ValidityTue, 02 Apr 2024 09:27:49 GMT - Mon, 01 Jul 2024 09:27:48 GMT
File typeSVG Scalable Vector Graphics image Hash8409dd31d1b13d560ad4b9ae144054f7 37114f6c37aa187f5bdc360547678f22eaa9d9c6 a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Citi | OpenPhish | phishing | Citigroup Inc. | Quad9 DNS | malicious | Sinkholed |
GET /images/icon_globe_med-grey%402x.svg HTTP/1.1
Host: indloguass.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://indloguass.pages.dev/cbol-pre-login-static-assets
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:29:12 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"5d8412c1fd989086a891e57d674196fd"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fsu43m9I3y0TesjzZt665qlUiGZ9GgMgYx8OrFHgMSYob6WSU69vLADS9HlveKaQI%2FIQtzq7H5%2FKb4vV6EgAitSYPxmb6LwiYpUOTwVgLilRDDyYSCLVkIIeOgUt%2BzpF2vXWBb%2Fm%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879359d5eea11c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| indloguass.pages.dev/images/LSO_4959.jpg | 172.66.44.186 | 200 OK | 175 kB |
URL GET HTTP/3indloguass.pages.dev/images/LSO_4959.jpg IP172.66.44.186:443
Requested byhttps://indloguass.pages.dev/cbol-pre-login-static-assets CertificateIssuerGoogle Trust Services LLC Subjectindloguass.pages.dev Fingerprint01:B9:59:CC:43:38:13:BB:DA:81:FB:23:6C:DF:3E:71:EB:AA:5A:D1 ValidityTue, 02 Apr 2024 09:27:49 GMT - Mon, 01 Jul 2024 09:27:48 GMT
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2160x600, components 3 Size175 kB (174933 bytes) Hash4c50aaf00ec3fd89b59019568e3ce376 e67b56776d6f8bcfbc25c6d31cfea22dc234f58e 48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Citi | OpenPhish | phishing | Citigroup Inc. | Quad9 DNS | malicious | Sinkholed |
GET /images/LSO_4959.jpg HTTP/1.1
Host: indloguass.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://indloguass.pages.dev/cbol-pre-login-static-assets
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:29:12 GMT
content-type: image/jpeg
content-length: 174933
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "e09e73384a2525a34bbcf3ac26e2bbfa"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HME5V%2Fptea6EbOmpwmnCoIO39qSGXSL2Vk%2FJxBvvJSZ1JfWkOTzG3NuCmVRUnSuJb02EHt1xJ3sKJxZ%2FaALfNCFcEW66aRTWeyUttg9UF64%2FGVq%2B5%2F6WohRnpcVlrNukHC%2FUq%2BOdNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879359d88f771c0e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| indloguass.pages.dev/css/origination.css | 172.66.44.186 | 200 OK | 338 kB |
URL GET HTTP/3indloguass.pages.dev/css/origination.css IP172.66.44.186:443
Requested byhttps://indloguass.pages.dev/cbol-pre-login-static-assets CertificateIssuerGoogle Trust Services LLC Subjectindloguass.pages.dev Fingerprint01:B9:59:CC:43:38:13:BB:DA:81:FB:23:6C:DF:3E:71:EB:AA:5A:D1 ValidityTue, 02 Apr 2024 09:27:49 GMT - Mon, 01 Jul 2024 09:27:48 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size338 kB (337880 bytes) Hash12a07fe7685bf0433964b0235e5f3543 10b87d2b7b618bc378da1fa91be05ede56031332 78a7019b985cc187d3677d7ad21a629fe5a38e91f4bd0bcb29839afafe986919
Analyzer | Verdict | Alert | OpenPhish | phishing | Citigroup Inc. | Quad9 DNS | malicious | Sinkholed |
GET /css/origination.css HTTP/1.1
Host: indloguass.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://indloguass.pages.dev/cbol-pre-login-static-assets
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:29:12 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"72590497e4f7bb91bb40f38bb91d2881"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oSpV0uXzAXk170VH2F9AZhLndQIoNe%2BkRiG6v2cYSXEykePOKoLzUiqlR9LCRyjNAy7RZ2pgTH%2Bpb9BDOgnF2FgtxaoAhsMO49hahJLCAjS8aC20BSEs1V%2Fu6JlDkHJwfWo2YX3qTA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879359d5ee9d1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| indloguass.pages.dev/images/Appstore-Googleplay-JDPower-Sprite.png | 172.66.44.186 | 200 OK | 45 kB |
URL GET HTTP/3indloguass.pages.dev/images/Appstore-Googleplay-JDPower-Sprite.png IP172.66.44.186:443
Requested byhttps://indloguass.pages.dev/cbol-pre-login-static-assets CertificateIssuerGoogle Trust Services LLC Subjectindloguass.pages.dev Fingerprint01:B9:59:CC:43:38:13:BB:DA:81:FB:23:6C:DF:3E:71:EB:AA:5A:D1 ValidityTue, 02 Apr 2024 09:27:49 GMT - Mon, 01 Jul 2024 09:27:48 GMT
File typePNG image data, 120 x 203, 8-bit/color RGBA, interlaced Hash7be7c9b6b21cee4ae9dffb234765a60e ec853bb38a24a01498cff42a8ef53d8707b39cb0 b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Citi | OpenPhish | phishing | Citigroup Inc. | Quad9 DNS | malicious | Sinkholed |
GET /images/Appstore-Googleplay-JDPower-Sprite.png HTTP/1.1
Host: indloguass.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://indloguass.pages.dev/cbol-pre-login-static-assets
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:29:12 GMT
content-type: image/png
content-length: 44996
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "168b670c2045a8d9f247cac5de47dba1"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SOBbNTAWBN%2Fkgc%2BjbeRSvBlXFxkH6k903LnyoCvedw2mlk0BV4339LO5PVu2i3YphtV04Tn7nHureuNQHtEAVQSbbYXZ0hT%2B7iDkQZIOFuIZvO835zi5%2BNqbzuSOjJ0XCsCmn4M28Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879359d89f7c1c0e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| indloguass.pages.dev/images/social-media_facebook%403x.png | 172.66.44.186 | 200 OK | 445 B |
URL GET HTTP/3indloguass.pages.dev/images/social-media_facebook%403x.png IP172.66.44.186:443
Requested byhttps://indloguass.pages.dev/cbol-pre-login-static-assets CertificateIssuerGoogle Trust Services LLC Subjectindloguass.pages.dev Fingerprint01:B9:59:CC:43:38:13:BB:DA:81:FB:23:6C:DF:3E:71:EB:AA:5A:D1 ValidityTue, 02 Apr 2024 09:27:49 GMT - Mon, 01 Jul 2024 09:27:48 GMT
File typePNG image data, 27 x 48, 8-bit/color RGBA, non-interlaced Hash1f627e41e84a3b87f57c9de2e3a722d0 a7d350d9d267149f60b46a454f021920f89df877 695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Citi | OpenPhish | phishing | Citigroup Inc. | Quad9 DNS | malicious | Sinkholed |
GET /images/social-media_facebook%403x.png HTTP/1.1
Host: indloguass.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://indloguass.pages.dev/cbol-pre-login-static-assets
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:29:12 GMT
content-type: image/png
content-length: 445
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "806ee369567dcae299cb46f0fbbe9db0"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9IHgd0Lb%2Fe%2F4NdMVVmq%2FZN3sX6JduHhL9lL%2BfdzAqiNF8LgZSAb%2BgLzfRz%2B6WdUUczKHZlaUd6DCWnxV%2B6gBa%2Bay8p3eEvomYbdMZld%2F6F0klVz7r9u57xWTGhLvb%2BNrNLZs3DEpzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879359d89f7d1c0e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| indloguass.pages.dev/images/social-media_twitter%403x.png | 172.66.44.186 | 200 OK | 1.3 kB |
URL GET HTTP/3indloguass.pages.dev/images/social-media_twitter%403x.png IP172.66.44.186:443
Requested byhttps://indloguass.pages.dev/cbol-pre-login-static-assets CertificateIssuerGoogle Trust Services LLC Subjectindloguass.pages.dev Fingerprint01:B9:59:CC:43:38:13:BB:DA:81:FB:23:6C:DF:3E:71:EB:AA:5A:D1 ValidityTue, 02 Apr 2024 09:27:49 GMT - Mon, 01 Jul 2024 09:27:48 GMT
File typePNG image data, 66 x 48, 8-bit/color RGBA, non-interlaced Hash60b0fec951727b4762fabc2570a1317f 56f9ed9699233f4cef1317a9a2c83179070b5e8a 5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Citi | OpenPhish | phishing | Citigroup Inc. | Quad9 DNS | malicious | Sinkholed |
GET /images/social-media_twitter%403x.png HTTP/1.1
Host: indloguass.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://indloguass.pages.dev/cbol-pre-login-static-assets
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:29:12 GMT
content-type: image/png
content-length: 1277
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "b4d35665d6de0909e6dd6e9efa62d8df"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9VgQ1yYjTC00883fSSqnXPxP6YTCZRiw%2FYUU%2FSvSB%2BAkhdoVk7CbJkCgUwkskMq%2FAhwdFsBXTYGjPAJ%2FkzN8ukw0056gKcs3JaIRZOVq%2BazmZEenGsxWhbLGdkC8cNFsZ41INTU%2Buw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879359d89f7f1c0e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| indloguass.pages.dev/images/social-media_youtube%403x.png | 172.66.44.186 | 200 OK | 1.2 kB |
URL GET HTTP/3indloguass.pages.dev/images/social-media_youtube%403x.png IP172.66.44.186:443
Requested byhttps://indloguass.pages.dev/cbol-pre-login-static-assets CertificateIssuerGoogle Trust Services LLC Subjectindloguass.pages.dev Fingerprint01:B9:59:CC:43:38:13:BB:DA:81:FB:23:6C:DF:3E:71:EB:AA:5A:D1 ValidityTue, 02 Apr 2024 09:27:49 GMT - Mon, 01 Jul 2024 09:27:48 GMT
File typePNG image data, 72 x 48, 8-bit/color RGBA, non-interlaced Hash3541c5442b1b90b4efe20ab4b2802323 ad778d35efc7b9950d2158d800b61966204b75d8 be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Citi | OpenPhish | phishing | Citigroup Inc. | Quad9 DNS | malicious | Sinkholed |
GET /images/social-media_youtube%403x.png HTTP/1.1
Host: indloguass.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://indloguass.pages.dev/cbol-pre-login-static-assets
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:29:12 GMT
content-type: image/png
content-length: 1175
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "9322ea3f9821759d0bcb9db0d56011ce"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yScI00A6h5xbLNCbQyCxkp%2Fmm5xpiZmYdncIP69C3enLHBRuK5Tap3O3mW%2F%2BtPxQ3YQiRGfEPf8er65GQDLCSJqj9MrUq3CrX5wujjKqVUUqKk8gmLbN%2FrVV7G%2FD2I9iexwI0Ao0qg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879359d89f811c0e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| indloguass.pages.dev/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff | 172.66.44.186 | 200 OK | 263 kB |
URL GET HTTP/3indloguass.pages.dev/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff IP172.66.44.186:443
Requested byhttps://indloguass.pages.dev/cbol-pre-login-static-assets CertificateIssuerGoogle Trust Services LLC Subjectindloguass.pages.dev Fingerprint01:B9:59:CC:43:38:13:BB:DA:81:FB:23:6C:DF:3E:71:EB:AA:5A:D1 ValidityTue, 02 Apr 2024 09:27:49 GMT - Mon, 01 Jul 2024 09:27:48 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (57035) Size263 kB (262947 bytes) Hasha1e383d1905a304be577f70328439b66 e4452d5e3e955cb45cc21cd82f9646d9b6b28de1 e957134d2a178beb618c849e5ed3b27eabc4681de53c72d9cb46b25f44ad90f1
Analyzer | Verdict | Alert | OpenPhish | phishing | Citigroup Inc. | Quad9 DNS | malicious | Sinkholed |
GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff HTTP/1.1
Host: indloguass.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://indloguass.pages.dev/cbol-pre-login-static-assets
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:29:12 GMT
content-type: text/html; charset=utf-8
content-length: 262947
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "002e058f63983d06b82cb1fa8ce814a3"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lWqo65ErBWVN2o9vGhQ0eq4Xb20cjsBKcaM0Smo4mk8WsoxlOklTLQaDy8N2D17TLEU1AvPOhtog40NtQ0CulpuVTxiRSSXzpzQEU2WpYJxm7crcFex44Ta3cUF%2Fi3hcJQz0imarwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879359d8af831c0e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| indloguass.pages.dev/fonts/Interstate-Light.woff | 172.66.44.186 | 200 OK | 76 kB |
URL GET HTTP/3indloguass.pages.dev/fonts/Interstate-Light.woff IP172.66.44.186:443
Requested byhttps://indloguass.pages.dev/cbol-pre-login-static-assets CertificateIssuerGoogle Trust Services LLC Subjectindloguass.pages.dev Fingerprint01:B9:59:CC:43:38:13:BB:DA:81:FB:23:6C:DF:3E:71:EB:AA:5A:D1 ValidityTue, 02 Apr 2024 09:27:49 GMT - Mon, 01 Jul 2024 09:27:48 GMT
File typeWeb Open Font Format, TrueType, length 75538, version 1.197 Hash3d1d3153b04b6ce8a33a20f60df9d723 60e91c7766bdc415134c1111a283ffed3749dbae f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Citi | OpenPhish | phishing | Citigroup Inc. | Quad9 DNS | malicious | Sinkholed |
GET /fonts/Interstate-Light.woff HTTP/1.1
Host: indloguass.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://indloguass.pages.dev/css/stylee.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:29:12 GMT
content-type: application/font-woff
content-length: 75538
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "f3ad8e3733565f3ea20c0827d23ee539"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k9hlwulZsd2DSNe%2FT8dWCmstQ8%2BZQF1hau%2FI%2FqqPscuyq24Q3Wu1DRKhcFp3PM2%2FBohIx4hmjyPA9wIUim1bjqZXxxaQX9A2oRnMS1IIMXB%2BeOSw5woMCspFqHhbRBH%2Fx4CyBoA13Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879359da282d1c0e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| indloguass.pages.dev/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf | 172.66.44.186 | 200 OK | 105 kB |
URL GET HTTP/3indloguass.pages.dev/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf IP172.66.44.186:443
Requested byhttps://indloguass.pages.dev/cbol-pre-login-static-assets CertificateIssuerGoogle Trust Services LLC Subjectindloguass.pages.dev Fingerprint01:B9:59:CC:43:38:13:BB:DA:81:FB:23:6C:DF:3E:71:EB:AA:5A:D1 ValidityTue, 02 Apr 2024 09:27:49 GMT - Mon, 01 Jul 2024 09:27:48 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (57035) Size105 kB (104754 bytes) Hasha1e383d1905a304be577f70328439b66 e4452d5e3e955cb45cc21cd82f9646d9b6b28de1 e957134d2a178beb618c849e5ed3b27eabc4681de53c72d9cb46b25f44ad90f1
Analyzer | Verdict | Alert | OpenPhish | phishing | Citigroup Inc. | Quad9 DNS | malicious | Sinkholed |
GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf HTTP/1.1
Host: indloguass.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://indloguass.pages.dev/cbol-pre-login-static-assets
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:29:12 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"002e058f63983d06b82cb1fa8ce814a3"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DV2LY%2BLXhaeFDrcakcCa8I21fiePiGZ2ZKNM12XY9N6AHegijO2958Z3D1%2B924M4OsWT9kIH8ZZyuGQhpPFcCMXqPPxZ9PMfZJc6QrrQhHsxQfnaCdzH3V8j8DX4WhnbbQOUQeN6AA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879359da08191c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| indloguass.pages.dev/cbol-pre-login-static-assets | 172.66.44.186 | 200 OK | 37 kB |
URL User Request GET HTTP/2indloguass.pages.dev/cbol-pre-login-static-assets IP172.66.44.186:443
CertificateIssuerGoogle Trust Services LLC Subjectindloguass.pages.dev Fingerprint01:B9:59:CC:43:38:13:BB:DA:81:FB:23:6C:DF:3E:71:EB:AA:5A:D1 ValidityTue, 02 Apr 2024 09:27:49 GMT - Mon, 01 Jul 2024 09:27:48 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (57035) Hasha1e383d1905a304be577f70328439b66 e4452d5e3e955cb45cc21cd82f9646d9b6b28de1 e957134d2a178beb618c849e5ed3b27eabc4681de53c72d9cb46b25f44ad90f1
Analyzer | Verdict | Alert | OpenPhish | phishing | Citigroup Inc. | Quad9 DNS | malicious | Sinkholed |
GET /cbol-pre-login-static-assets HTTP/1.1
Host: indloguass.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 04:29:11 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"002e058f63983d06b82cb1fa8ce814a3"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FT0LsxDnv6vc8Tjzk1QVFaq1mhJiMhg259nwcWu%2Fy%2BIO3PhVqUz2uOLvsMw3rkRWBaa97DX%2BaGpcHOmFFB1z9thO%2FIp9dIzhtbrRvClZw0iKkqVLwwmTXIttdySy0kDSFIYs%2FGC3ug%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879359d3df605695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| indloguass.pages.dev/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf | 172.66.44.186 | 200 OK | 263 kB |
URL GET HTTP/3indloguass.pages.dev/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf IP172.66.44.186:443
Requested byhttps://indloguass.pages.dev/cbol-pre-login-static-assets CertificateIssuerGoogle Trust Services LLC Subjectindloguass.pages.dev Fingerprint01:B9:59:CC:43:38:13:BB:DA:81:FB:23:6C:DF:3E:71:EB:AA:5A:D1 ValidityTue, 02 Apr 2024 09:27:49 GMT - Mon, 01 Jul 2024 09:27:48 GMT
Size263 kB (262947 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Citigroup Inc. | Quad9 DNS | malicious | Sinkholed |
GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf HTTP/1.1
Host: indloguass.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://indloguass.pages.dev/cbol-pre-login-static-assets
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:29:12 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"002e058f63983d06b82cb1fa8ce814a3"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QBDgPm7IRC%2F8SxD%2BQRYgZ9%2FdPV%2BpAveEOYVOBrcBYInaK%2BzQRXZ9okxgdhex0YD3r2DPMHCZfNHhUyOLxFjnru5uezpL4Krr7nUws4VhLEJZqNFvvtbXwthCl%2FQGugmwC%2FriPQKysQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879359d9e8121c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| indloguass.pages.dev/images/Citi-Branding-Sprite.png | 172.66.44.186 | 200 OK | 5.0 kB |
URL GET HTTP/3indloguass.pages.dev/images/Citi-Branding-Sprite.png IP172.66.44.186:443
Requested byhttps://indloguass.pages.dev/cbol-pre-login-static-assets CertificateIssuerGoogle Trust Services LLC Subjectindloguass.pages.dev Fingerprint01:B9:59:CC:43:38:13:BB:DA:81:FB:23:6C:DF:3E:71:EB:AA:5A:D1 ValidityTue, 02 Apr 2024 09:27:49 GMT - Mon, 01 Jul 2024 09:27:48 GMT
File typePNG image data, 140 x 349, 8-bit colormap, non-interlaced Hasheec8cbc4608427f66f2c1e5a74911748 8cd18d8ece8c75fa4821cdbf1edcb8d15d785ad1 3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Citi | OpenPhish | phishing | Citigroup Inc. | Quad9 DNS | malicious | Sinkholed |
GET /images/Citi-Branding-Sprite.png HTTP/1.1
Host: indloguass.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://indloguass.pages.dev/cbol-pre-login-static-assets
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:29:12 GMT
content-type: image/png
content-length: 4952
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "75bacf103b80c0472b779ae5a58deb8e"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B5MWEQBO3NkaYAlBmLbBaxE5zwFGcX1DYOZrZJctJemkZG%2FOEpozf86WyJKA0gIznSF%2FXTZxblAXEsHRR%2F1IFF%2F5a2yamxZlQNllJPGasnN%2Bz5FEdVJj4LK8F1VR39ojnEa3MPKIJg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879359d89f7b1c0e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| indloguass.pages.dev/css/stylee.css | 172.66.44.186 | 200 OK | 1.2 MB |
URL GET HTTP/3indloguass.pages.dev/css/stylee.css IP172.66.44.186:443
Requested byhttps://indloguass.pages.dev/cbol-pre-login-static-assets CertificateIssuerGoogle Trust Services LLC Subjectindloguass.pages.dev Fingerprint01:B9:59:CC:43:38:13:BB:DA:81:FB:23:6C:DF:3E:71:EB:AA:5A:D1 ValidityTue, 02 Apr 2024 09:27:49 GMT - Mon, 01 Jul 2024 09:27:48 GMT
Size1.2 MB (1237551 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Citigroup Inc. | Quad9 DNS | malicious | Sinkholed |
GET /css/stylee.css HTTP/1.1
Host: indloguass.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://indloguass.pages.dev/cbol-pre-login-static-assets
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:29:12 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"45f43aeca08fecaefad4220a0611008c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pk%2FUuw8djImZMVFWdSmegsXokM4uXGfFybiEfk5Cz%2B97O5aROiYTDdiN%2BOJmVqI0wk8AcSRz%2BIDZudNyAj2%2Fd9Z41aPSUKAXOZxTekQLOBWYzj37E4HrWdWo5AKmYR8sAhoXRyoAOw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879359d5ee9b1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| indloguass.pages.dev/images/050-location%402x.svg | 172.66.44.186 | 200 OK | 1.8 kB |
URL GET HTTP/3indloguass.pages.dev/images/050-location%402x.svg IP172.66.44.186:443
Requested byhttps://indloguass.pages.dev/cbol-pre-login-static-assets CertificateIssuerGoogle Trust Services LLC Subjectindloguass.pages.dev Fingerprint01:B9:59:CC:43:38:13:BB:DA:81:FB:23:6C:DF:3E:71:EB:AA:5A:D1 ValidityTue, 02 Apr 2024 09:27:49 GMT - Mon, 01 Jul 2024 09:27:48 GMT
File typeSVG Scalable Vector Graphics image Hashae63a50f6936b1dd1eb285ce1aaa49b6 868912dfa53ec9ddf3076cc9f3145458eeab4118 7dc35fcbd00ea5aec17b73c626dd5b87f85111a73405d49674d3291b2ffc36dd
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Citi | OpenPhish | phishing | Citigroup Inc. | Quad9 DNS | malicious | Sinkholed |
GET /images/050-location%402x.svg HTTP/1.1
Host: indloguass.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://indloguass.pages.dev/cbol-pre-login-static-assets
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:29:12 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"30c8627087146681f5d9ccc8f54347a0"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8lBclwtyL3aLp88kVIJ%2B05r6VCQCYuJo0Z1hevGv48XDCXhSM%2BseExC%2BM7Jv6UbQfkLlL8CZ8EdWeeTSSwGyBY5hHTsvy%2B41%2BtgASGpLh66xiEkHa%2FJTG0ZCJDI6jacDILh7goiwbw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879359d5eea01c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| indloguass.pages.dev/favicon.ico | 172.66.44.186 | 200 OK | 8.7 kB |
URL GET HTTP/3indloguass.pages.dev/favicon.ico IP172.66.44.186:443
Requested byhttps://indloguass.pages.dev/cbol-pre-login-static-assets CertificateIssuerGoogle Trust Services LLC Subjectindloguass.pages.dev Fingerprint01:B9:59:CC:43:38:13:BB:DA:81:FB:23:6C:DF:3E:71:EB:AA:5A:D1 ValidityTue, 02 Apr 2024 09:27:49 GMT - Mon, 01 Jul 2024 09:27:48 GMT
File typePNG image data, 367 x 367, 8-bit/color RGBA, non-interlaced Hash5c529d13403aaef133f480514b0d7b3f 73b6a54f396770a92bd13f0af7b0530e7a68b546 2f6d73a312361b30f573d8f97bf9b345f2316c3d8b40723592b3145e360f8c32
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Citi | OpenPhish | phishing | Citigroup Inc. | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: indloguass.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://indloguass.pages.dev/cbol-pre-login-static-assets
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:29:12 GMT
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"2653d65e253b72dee64bd843b77ce8c4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FSDuFcD5QvJVB%2Bp9AwFI3FsMug8uIVZDGj1jOiQGtalXQ8d44I08e9%2FCP8v%2BBQB9dBrb6%2F7ovUYujWBRJpEsaUAgYhZZU7QLot1rLW1BaP8BvFR4BmVl5WgTm%2Fs%2BhTuFJXY2Iz3UCA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879359da783e1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| indloguass.pages.dev/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff | 172.66.44.186 | 200 OK | 263 kB |
URL GET HTTP/3indloguass.pages.dev/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff IP172.66.44.186:443
Requested byhttps://indloguass.pages.dev/cbol-pre-login-static-assets CertificateIssuerGoogle Trust Services LLC Subjectindloguass.pages.dev Fingerprint01:B9:59:CC:43:38:13:BB:DA:81:FB:23:6C:DF:3E:71:EB:AA:5A:D1 ValidityTue, 02 Apr 2024 09:27:49 GMT - Mon, 01 Jul 2024 09:27:48 GMT
Size263 kB (262947 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Citigroup Inc. | Quad9 DNS | malicious | Sinkholed |
GET /cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff HTTP/1.1
Host: indloguass.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://indloguass.pages.dev/cbol-pre-login-static-assets
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:29:12 GMT
content-type: text/html; charset=utf-8
content-length: 262947
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "002e058f63983d06b82cb1fa8ce814a3"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S6xAATgFgf9ZXjijlSkUN3oxaqI6U3F%2BGliM6FnaMp8qMbMZmUz9W1ZCnvWemrUAL1wim9Io4d00pNyHjxjmjxlUGD7jjvAmJvFBA2QwQqm5t%2FKCB%2FPIPDkk0PgNJPksOJQui5bNkg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879359d88f781c0e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| indloguass.pages.dev/fonts/Interstate-Bold.woff | 172.66.44.186 | 200 OK | 72 kB |
URL GET HTTP/3indloguass.pages.dev/fonts/Interstate-Bold.woff IP172.66.44.186:443
Requested byhttps://indloguass.pages.dev/cbol-pre-login-static-assets CertificateIssuerGoogle Trust Services LLC Subjectindloguass.pages.dev Fingerprint01:B9:59:CC:43:38:13:BB:DA:81:FB:23:6C:DF:3E:71:EB:AA:5A:D1 ValidityTue, 02 Apr 2024 09:27:49 GMT - Mon, 01 Jul 2024 09:27:48 GMT
File typeWeb Open Font Format, TrueType, length 71874, version 1.197 Hash9fd45584370dd1c58e1ed9050efb925f 7b41085678166c62e23e8cf3c8c9ab13e13c356d e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Citi | OpenPhish | phishing | Citigroup Inc. | Quad9 DNS | malicious | Sinkholed |
GET /fonts/Interstate-Bold.woff HTTP/1.1
Host: indloguass.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://indloguass.pages.dev/css/stylee.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:29:12 GMT
content-type: application/font-woff
content-length: 71874
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "6fa4501001e9c0428609f1db6db22820"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zgOsJ2kQ3ApmjthceUdPjnt4QI8B%2F5OeGuFpDF8Qq9tXKqB7QdS9qaNCxO2RCf3wRF8SLzZUFts3OKLQ8VxoaaLaQfMW2DNacOxellsQyDOWzG6y83Yv2f%2F0zFddiXVnAxzSe8PFKg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879359da48331c0e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| indloguass.pages.dev/assets/signin.css | 172.66.44.186 | 200 OK | 0 B |
URL GET HTTP/3indloguass.pages.dev/assets/signin.css IP172.66.44.186:443
Requested byhttps://indloguass.pages.dev/cbol-pre-login-static-assets CertificateIssuerGoogle Trust Services LLC Subjectindloguass.pages.dev Fingerprint01:B9:59:CC:43:38:13:BB:DA:81:FB:23:6C:DF:3E:71:EB:AA:5A:D1 ValidityTue, 02 Apr 2024 09:27:49 GMT - Mon, 01 Jul 2024 09:27:48 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Citigroup Inc. | Quad9 DNS | malicious | Sinkholed |
GET /assets/signin.css HTTP/1.1
Host: indloguass.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://indloguass.pages.dev/cbol-pre-login-static-assets
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:29:12 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"002e058f63983d06b82cb1fa8ce814a3"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FZJFT2HGUA0cwAsOh2sukcAcFUMNKB7%2B2vEjsPuUy%2FnLwwCFkbpAaLRH5%2FW%2FA3fGf7c5sVakzExo0LpjdKMiYCcrdgKS5Db0arYHTkM3V%2B94KEPRFmMhUA%2BX83ucKh5xxRqrqkwcyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879359d5ee9a1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|